VSP Upgrade

CMS

For upgrade from VSP CMS 2.4.x or previous versions, execute the commands:
1. rm -rf /home/virsec/kafkavolume
2. rm -rf /home/virsec/zookeepervolume
For upgrade from VSP CMS 2.5, execute the commands:
1. rm -rf /var/kafkavolume
2. rm -rf /var/zookeepervolume
For an EKS environment, execute the below commands to delete PV and PVC for jreports-content and jreports-database
1. Execute the commands below for upgrade from all VSP versions 2.2.x and below:
  1. Delete PVC
    
    kubectl -n virsec delete pvc jreports-content-claim
    
    kubectl -n virsec delete pvc jreports-database-claim
  2. Delete PV
    
    kubectl -n virsec delete pv jreports-content
    
    kubectl -n virsec delete pv jreports-database
    
    kubectl get pv | grep virsec/jreports-database-claim | awk '{print $1}' | xargs -I {} kubectl delete pv {}
    
    kubectl get pv | grep virsec/jreports-content-claim | awk '{print $1}' | xargs -I {} kubectl delete pv {}
  3. Verification: Ensure that the command below does not give any output list
    
    kubectl get pv,pvc,storageclass --all-namespaces
2. Execute the commands below for upgrade from VSP 2.2.3 only:
  1. Delete PVC (SSL)
    
    kubectl delete pvc ssl-certs-content-claim -n virsec
  2. Delete PV (SSL)
    
    kubectl delete pv ssl-certs-content
    
    kubectl get pv | grep virsec/ssl-certs-content-claim | awk '{print $1}' | xargs -I {} kubectl delete pv {}
Download the file vsp_cleanup_cms.sh from the Artifactory directory vsp > ReleaseNumber > Helm
1. To view the help menu, execute the below command:
  
  ./vsp_cleanup_cms.sh -h
2. Execute the same command using one of the below parameters to remove the previous version
  1. -S (Optional): For clean CMS setup. This deletes all the services of the previous setup (if any)
Log in to the Artifactory site using Virsec-provided credentials from the local machine
Navigate to the directory vsp > ReleaseNumber > Helm
Right-click on the file cms-<version>.tgz, listed on the page and download it to the local system
Upgrade VSP CMS by executing the below steps:
1. Log in to the Management Node
2. Copy the downloaded file cms-<version>.tgz
3. Execute the below command to display the configurable parameters:
  
  helm inspect values ./cms-<version>.tgz
Create a custom value file to provide the Artifactory username and password
1. vi <CustomFileName>.yaml
  
  NOTE:
  
  Only Multi-pod CMS deployment is supported
  
  ‎
2. Optional CMS Services Deployment: To deploy optional CMS services, configure the parameters as described below:
  1. Indicate true or false for all the optional services installation - Ticketing (Zendesk), Syslog, Splunk, Centralized logging, MSSP Portal, VSP APIs, Reporting
3. Secure Kafka Options: The options are available for Kafka are:
  
  0: For Unsecure Kafka connection. By default, the value is set to 0 if not specified
  
  1: For One-way SSL where the Client verifies the server
  
  2: For Two-way SSL where both the Client and Server verify each other
  
  NOTE:
  
  If the Probes are of version 2.4.x and below, ensure that only option 0 is used for Kafka. Do not use options 1 or 2. as they are not supported
  1. Sample Usage: The example below depicts One-way SSL configuration:
    
    helm install vsp-cms ./cms-<RELEASE_VERSION>.tgz --set cloudProvider=eks --set kafka.secureKafkaMode="1" --namespace virsec
4. Method 1: Using helm upgrade command
  
  NOTE:
  
  Provide the parameter “-f <CustomFileName>.yaml” in the below commands if selective optional CMS services need to be installed
  
  ‎
  1. For On-Premise environments:
    1. Helm 3:
      
      helm upgrade vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec
    2. Helm 2:
      
      helm upgrade --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec
  2. For AWS EKS/ GOOGLE GKE environments:
    1. Helm 3:
      
      helm upgrade vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec
    2. Helm 2:
      
      helm upgrade --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec
  3. Verification: Execute the below command to verify the upgrade:
    
    helm status vsp-cms
  4. Execute the Provided commands to retrieve CMS URL:
    
    $ export SERVICE_IP=$(kubectl get svc --namespace virsec vsp-cms --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
    
    $ echo https://$SERVICE_IP:443
5. Method 2: Using kubectl command
  
  NOTE:
  
  Provide the parameter “-f <CustomFileName>.yaml” in the below commands if selective optional CMS services need to be installed
  
  ‎
  1. For On-Premise environments:
    1. Helm 3:
      
      helm template vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec > vsp-cms.yaml
    2. Helm 2:
      
      helm template --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec > vsp-cms.yaml
  2. For AWS EKS/ GOOGLE GKE environments:
    1. Helm 3:
      
      helm template vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec > vsp-cms.yaml
    2. Helm 2:
      
      helm template --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec > vsp-cms.yaml
  3. Execute the below command to deploy VSP CMS:
    
    kubectl apply -f vsp-cms.yaml
  4. Execute the below commands to retrieve CMS URL:
    
    $ export SERVICE_IP=$(kubectl get svc --namespace virsec vsp-cms --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}")
    
    $ echo https://$SERVICE_IP:443

NOTE:

If a proxy server with SSL (for internet access) OR LDAP server with SSL (for user management) is configured, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificates topic of the Maintenance Section

<< PREVIOUS