This section provides details on the nuances for the CloudCenter platform and provides important tips on how to proceed with your upgrade.
After upgrading to CloudCenter Platform 4.10.0.x you must only use worker images that are specific to CloudCenter Platform 4.10.0.x. Additionally, you must upgrade the agent for existing deployments
For details on upgrading the agent on the CloudCenter platform, see VM Management > Upgrade Agent.
Core Upgrade to CloudCenter 188.8.131.52 and Later in Offline Mode
If using the local repo setup (also referred to as cloudrepo), you must perform the following steps:
Run the following command prior to starting the upgrade in the shell:
Set up a local CentOS mirror.
If you have been using CloudCenter 4.10.0.x components (CCO, CCM, Rabbit, Postgres, and so forth) in an environment that does not have internet access and you have correctly configured a local CloudCenter repo and a local CentOS 7 Mirror/Repo, then you must make the following changes in the CCO server before running the core_upgrade.bin file:
The following is a sample local-cco.repo file:
The following is a sample non-CCO local-component.repo file:
Using the Online Mode for Upgrades
If you are using internet access (online mode), you must disable the cloud repo.
If you prefer to use the online mode for upgrades (when using the core_upgrade file) using internet access, you must disable the cloud repo – you may have enabled this setting during a previous installation and/or upgrade if you were using a local repository at that time.
To disable the cloud repo setting, follow this procedure.
Check if the cloud repo is listed in response to the following command.
For both cloudrepo and cloudrepo2, edit the file to ensure that enabled is set to zero (off).
The Core Upgrade File
In releases involving security patches, upgrade of software packages and addition or change of software packages to a component would require an additional step to run core upgrade binary file.
The core upgrade file is available for all releases.
When you run this file, the CloudCenter platform performs a version check and automatically exits if the core upgrade file is not required for your CloudCenter version. In these cases, when you run the core_upgrade.bin command – you will see the message that is highlighted in the following image.
Follow the upgrade procedure for each CloudCenter component (CCM, CCO, AMQP) and so forth. You will need to run the core_upgrade command multiple times first with the os_upgrade and later as specified in the documentation for each component. Finally update the appliance jar files.
Multiple options have been introduced in the core_upgrade file to upgrade various components:
Effective 184.108.40.206, a new option has been introduced to core_upgrade to upgrade OS on different components.
Effective 220.127.116.11, a new option has been introduced to core_upgrade to upgrade Mongo on CCO.
|Upgrading CentOS CloudCenter Components to CloudCenter 18.104.22.168|
|Appliance Jar Files?||Notes|
|22.214.171.124 or earlier (from CloudCenter 4.7.3 to CloudCenter 4.9.1)||Yes||Yes (for CCO only)||Yes||Yes|
|126.96.36.199||No||Yes (for CCO only)||Yes||Yes||You should have already run os_upgrade when you upgraded to 188.8.131.52|
|184.108.40.206 or later||No||No||No||Yes||Applicable to CloudCenter 220.127.116.11 or later|
|Upgrading Non-CentOS CloudCenter Components (RHEL) to CloudCenter 18.104.22.168|
|22.214.171.124 or earlier||No||Yes||Yes||Yes|
1 The os_upgrade command is not required when upgrading the REPO or Bundle store.
CentOS Linux Security Vulnerabilities Addressed in CloudCenter 126.96.36.199 and Later
You must only run the os_upgrade command ONCE, to upgrade to CloudCenter 188.8.131.52 or later.
CloudCenter 184.108.40.206 includes updates to the operating system to address some security vulnerabilities that were found in an older version of CentOS 7 Linux kernel (that are currently shipped for CloudCenter 4.10.0 releases).
You must update these OS/kernels using the new core-upgrade binary files (downloadable from software.cisco.com) to address these vulnerabilities.
CloudCenter 220.127.116.11 includes a new os_upgrade option for the core_upgrade.bin file.
Use the os_upgrade option each time you upgrade to CloudCenter 18.104.22.168.
The core_upgrade file and the os_upgrade option only work for CentOS 7 operating systems and fetches the latest CentOS 7 version and kernel packages.
The os_upgrade option is not available for any other operating systems.
You must run the following command (only once) to complete any upgrade to CloudCenter 4.10.0.x.
The core_upgrade.bin file now contains these new options. You must restart the host for the updates to take effect. Perform the upgrade in the following order:
Upgrade the core_upgrade.bin file to use the new os_upgrade option.
Restart the host.
Upgrade to RabbitMQ Version 3.6.16 which is available in CloudCenter 22.214.171.124.
The Appliance Jar Files
Upgrading the CloudCenter version generally requires only one step – to run the latest appliance jar files on each component.
Security Hardening Requirements
As a one-time task for all OS configurations, you must tighten the security configuration for all components used by the CloudCenter platform to ensure security compliance. When a component uses the *.jar, file, this security requirement is already handled by the component upgrade file. The following components do not use the *.jar file at upgrade time:
In these cases, you must follow this one-time procedure before upgrading:
Update /etc/sysctl.conf with the following values:
To persist the settings, execute the following command.
HA Upgrade Tips
You must reconfigure the IP address for each load balancer after each HA upgrade. See High Availability Best Practices > Load Balancer Requirements for additional details.
Upgrading to CloudCenter 4.10 in HA Mode
When upgrading CCOs in HA mode, you MUST stop all the CCOs and then start them again. See Upgrade CCO for additional context.
Component Upgrade Order
Upgrade each CloudCenter component in the following order.
See Virtual Appliance Overview to understand components, modes, and roles.
Skip this section if:
You do not use custom REPO servers in your CloudCenter setup.
You are only using the Bundle Store (Conditional)
Skip this section, if you do not use a custom Bundle Store in your CloudCenter setup.
In all other cases, you must upgrade the Bundle Store as this component is not automatically updated by the CloudCenter platform – EVEN IF the bundle store and the REPO appliance were configured on the same server. This upgrade must be performed manually.
If you are upgrading from CloudCenter 4.8.2x or 4.9.x, you do not need to upgrade the PostgreSQL database VMs.
If you are upgrading from CloudCenter 4.8.2x or 4.9.x, you do not need to exchange the SSH keys for CCM HA environments.
As a one-time task for all OS configurations, you must tighten the security configuration for the PostgreSQL database and the load balancer to ensure security compliance. See the Security Hardening Requirements section above for additional context.
If you are migrating your environment to ensure tagless governance, you must use the CloudCenter 4.10.0 ccm-response.xml file to upgrade to CloudCenter 4.10.0. See Migrate to Tagless Governance for additional context.
As a one-time task for all OS configurations, you must tighten the security configuration for the load balancer to ensure security compliance. See the Security Hardening Requirements section above for additional context.
If your environment uses a Docker image, be sure to upgrade the Docker image on the CCO server by running the following command (not required for CloudCenter 126.96.36.199 and later):
./core_upgrade.bin <os> <cloud> docker
As a one-time task for all OS configurations, you must tighten the security configuration for the log monitor to ensure security compliance. See the Security Hardening Requirements section above for additional context.
The CloudCenter platform converts the Monitor component to the LOG_COLLECTOR as part of the upgrade process – you do not need to delete the monitor instance and set up a new log collector.
You do not need to upgrade the log collector. In CloudCenter 188.8.131.52, use the following command to upgrade the log collector:
If you upgrade from 4.9 to 4.10, you must upgrade CCM, MGMTPOSTGRES, CCO, and AMQP in the same maintenance window. If you upgrade from a 4.10 maintenance release and if you plan to upgrade in different maintenance windows, upgrade the following components in the same maintenance window:
MGMTPOSTGRES and CCM
AMQP and CCO for a region
To upgrade CloudCenter deployments from CloudCenter 4.6x or 4.7.x, contact the CloudCenter Support team.
See Upgrade Issues for additional details.
- No labels