Upgrade Overview

Overview

This section provides details on the nuances for the CloudCenter platform and provides important tips on how to proceed with your upgrade.

After upgrading to CloudCenter Platform 4.10.0.x you must only use worker images that are specific to CloudCenter Platform 4.10.0.x. Additionally, you must upgrade the agent for existing deployments

For details on upgrading the agent on the CloudCenter platform, see VM Management > Upgrade Agent.

Core Upgrade to CloudCenter 4.10.0.6 and Later in Offline Mode

If using the local repo setup (also referred to as cloudrepo), you must perform the following two steps:

  1. Run the following command prior to starting the upgrade in the shell:

    export CUSTOM_REPO=http://<local_repo> 
  2. Set up a local CentOS mirror.

Using the Online Mode for Upgrades

If you are using internet access (online mode), you must disable the cloud repo.

If you prefer to use the online mode for upgrades (when using the core_upgrade file) using internet access, you must disable the cloud repo – you may have enabled this setting  during a previous installation and/or upgrade if you were using a local repository at that time.

To disable the cloud repo setting, follow this procedure.

  1. Check if the cloud repo is listed in response to the following command.

    yum repolist -> check if it lists cloudrepo
  2. For both cloudrepo and cloudrepo2, edit the file to ensure that enabled is set to zero (off).

    edit  /etc/yum.repos.d/cloudrepo.repo 
    
    #and set 
    
    enabled=0

The Core Upgrade File

In releases involving security patches, upgrade of software packages and addition or change of software packages to a component would require an additional step to run core upgrade binary file.

The core upgrade file is available for all releases.

The core_upgrade.bin command
./core_upgrade.bin <os> <cloud> <component>

When you run this file, the CloudCenter platform performs a version check and automatically exits if the core upgrade file is not required for your CloudCenter version. In these cases, when you run the core_upgrade.bin command – you will see the message that is highlighted in the following image.

Follow the upgrade procedure for each CloudCenter component (CCM, CCO, AMQP) and so forth. You will need to run the core_upgrade command multiple times first with the os_upgrade and later as specified in the documentation for each component. Finally update the appliance jar files.

Multiple options have been introduced in the core_upgrade file to upgrade various components:

  • Effective 4.10.0.6, a new option has been introduced to core_upgrade to upgrade OS on different components. 

  • Effective 4.10.0.7, a new option has been introduced to core_upgrade to upgrade Mongo on CCO.

Upgrading CentOS CloudCenter Components to CloudCenter 4.10.0.9
From

core_upgrade

Appliance Jar Files?Notes
 os_upgrade1?

MongoDB?

Component?
4.10.0.5 or earlier (from CloudCenter 4.7.3 to CloudCenter 4.9.1)YesYes (for CCO only)YesYes
4.10.0.6NoYes (for CCO only)YesYesYou should have already run os_upgrade when you upgraded to 4.10.0.6
4.10.0.7 or laterNoNoNoYesApplicable to CloudCenter 4.10.0.7 or later
Upgrading Non-CentOS CloudCenter Components (RHEL) to CloudCenter 4.10.0.9
4.10.0.9 or earlierNoYesYesYes

1 The os_upgrade command is not required when upgrading the REPO or Bundle store.

CentOS Linux Security Vulnerabilities Addressed in CloudCenter 4.10.0.6 and Later

You must only run the os_upgrade command ONCE, to upgrade to CloudCenter 4.10.0.6 or later.

CloudCenter 4.10.0.6 includes updates to the operating system to address some security vulnerabilities that were found in an older version of CentOS 7 Linux kernel (that are currently shipped for CloudCenter 4.10.0 releases). 

  • You must update these OS/kernels using the new core-upgrade binary files (downloadable from software.cisco.com) to address these vulnerabilities.

  • CloudCenter 4.10.0.6 includes a new os_upgrade option for the core_upgrade.bin file.

  • Use the os_upgrade option each time you upgrade to CloudCenter 4.10.0.6.

  • The core_upgrade file and the os_upgrade option only work for CentOS 7 operating systems and fetches the latest CentOS 7 version and kernel packages.

    The os_upgrade option is not available for any other operating systems.

  • You must run the following command (only once) to complete any upgrade to CloudCenter 4.10.0.x.

    ./core_upgrade.bin centos7 vmware os_upgrade
  • The core_upgrade.bin file now contains these new options. You must restart the host for the updates to take effect. Perform the upgrade in the following order:

    1. Upgrade the core_upgrade.bin file to use the new os_upgrade option.

    2. Restart the host.

    3. Upgrade to RabbitMQ Version 3.6.16 which is available in CloudCenter 4.10.0.6.

The Appliance Jar Files

Upgrading the CloudCenter version generally requires only one step – to run the latest appliance jar files on each component.

Installer Jars
java -jar <component>-installer.jar <component>-response.xml

Security Hardening Requirements

As a one-time task for all OS configurations, you must tighten the security configuration for all components used by the CloudCenter platform to ensure security compliance. When a component uses the *.jar, file, this security requirement is already handled by the component upgrade file. The following components do not use the *.jar file at upgrade time:

  • Log Monitor

  • PostgreSQL

  • Load Balancer

In these cases, you must follow this one-time procedure before upgrading:

  1. Update /etc/sysctl.conf with the following values:

    net.ipv4.ipfrag_low_thresh=196608
    net.ipv4.ipfrag_high_thresh=262144
    net.ipv6.ip6frag_low_thresh=196608
    net.ipv6.ip6frag_high_thresh=262144
  2. To persist the settings, execute the following command.

    sysctl -p

HA Upgrade Tips

You must reconfigure the IP address for each load balancer after each HA upgrade. See High Availability Best Practices > Load Balancer Requirements for additional details.

Upgrading to CloudCenter 4.10 in HA Mode

When upgrading CCOs in HA mode, you MUST stop all the CCOs and then start them again. See Upgrade CCO for additional context.

Component Upgrade Order

Upgrade each CloudCenter component in the following order.

See Virtual Appliance Overview to understand components, modes, and roles.

  1. REPO

    Skip this section if:

    1. You do not use custom REPO servers in your CloudCenter setup.

    2. You are only using the Bundle Store (Conditional)

  2. Bundle Store

    Skip this section, if you do not use a custom Bundle Store in your CloudCenter setup.

    In all other cases, you must upgrade the Bundle Store as this component is not automatically updated by the CloudCenter platform – EVEN IF the bundle store and the REPO appliance were configured on the same server. This upgrade must be performed manually.

  3. MGMTPOSTGRES/MGMTPOSTGRES_SLAVE/STOP_SLAVE/MGMTPOSTGRES_MASTER

    If you are upgrading from CloudCenter 4.8.2x or 4.9.x, you do not need to upgrade the PostgreSQL database VMs.

  4. CCM/CCM_SA/CCM_SA_PRIMARY/CCM_SA_SECONDARY

    If you are upgrading from CloudCenter 4.8.2x or 4.9.x, you do not need to exchange the SSH keys for CCM HA environments.

    As a one-time task for all OS configurations, you must tighten the security configuration for the PostgreSQL database and the load balancer to ensure security compliance. See the Security Hardening Requirements section above for additional context.

    If you are migrating your environment to ensure tagless governance, you must use the CloudCenter 4.10.0 ccm-response.xml file to upgrade to CloudCenter 4.10.0. See Migrate to Tagless Governance for additional context.

  5. AMQP/AMQP_PRIMARY/AMQP_SECONDARY

  6. CCO/CCO_PRIMARY/CCO_SECONDARY/CCO_TERTIARY

    As a one-time task for all OS configurations, you must tighten the security configuration for the load balancer to ensure security compliance. See the Security Hardening Requirements section above for additional context.

    If your environment uses a Docker image, be sure to upgrade the Docker image on the CCO server by running the following command (not required for CloudCenter 4.10.0.7 and later):

    ./core_upgrade.bin <os> <cloud> docker
  7. MONITOR/LOG_COLLECTOR

    As a one-time task for all OS configurations, you must tighten the security configuration for the log monitor to ensure security compliance. See the Security Hardening Requirements section above for additional context.

    The CloudCenter platform converts the Monitor component to the LOG_COLLECTOR as part of the upgrade process – you do not need to delete the monitor instance and set up a new log collector.

    You do not need to upgrade the log collector. In CloudCenter 4.10.0.7, use the following command to upgrade the log collector:

    ./core_upgrade.bin <os> <cloud> logcollector
  • Appliance jars are only applicable to the CCM, CCO, and AMQP components.

  • See Virtual Appliance Overview to understand roles and modes.

  • The CCM server requires additional memory for the changes in the underlying architecture – See Hardware Requirements for details.

If you upgrade from 4.9 to 4.10, you must upgrade CCM, MGMTPOSTGRES, CCO, and AMQP in the same maintenance window. If you upgrade from a 4.10 maintenance release and if you plan to upgrade in different maintenance windows, upgrade the following components in the same maintenance window:

  • MGMTPOSTGRES and CCM

  • AMQP and CCO for a region

To upgrade CloudCenter deployments from CloudCenter 4.6x or 4.7.x, contact the CloudCenter Support team.

  • No labels
Terms & Conditions Privacy Statement Cookies Trademarks