CMS
-
For upgrade from VSP CMS 2.4.x or previous versions, execute the commands:
-
rm -rf /home/virsec/kafkavolume
-
rm -rf /home/virsec/zookeepervolume
-
-
For upgrade from VSP CMS 2.5, execute the commands:
-
rm -rf /var/kafkavolume
-
rm -rf /var/zookeepervolume
-
-
For an EKS environment, execute the below commands to delete PV and PVC for jreports-content and jreports-database
-
Execute the commands below for upgrade from all VSP versions 2.2.x and below:
-
Delete PVC
kubectl -n virsec delete pvc jreports-content-claim
kubectl -n virsec delete pvc jreports-database-claim
-
Delete PV
kubectl -n virsec delete pv jreports-content
kubectl -n virsec delete pv jreports-database
kubectl get pv | grep virsec/jreports-database-claim | awk '{print $1}' | xargs -I {} kubectl delete pv {}
kubectl get pv | grep virsec/jreports-content-claim | awk '{print $1}' | xargs -I {} kubectl delete pv {}
-
Verification: Ensure that the command below does not give any output list
kubectl get pv,pvc,storageclass --all-namespaces
-
-
Execute the commands below for upgrade from VSP 2.2.3 only:
-
Delete PVC (SSL)
kubectl delete pvc ssl-certs-content-claim -n virsec
-
Delete PV (SSL)
kubectl delete pv ssl-certs-content
kubectl get pv | grep virsec/ssl-certs-content-claim | awk '{print $1}' | xargs -I {} kubectl delete pv {}
-
-
-
Download the file vsp_cleanup_cms.sh from the Artifactory directory vsp > releases > public > 2 > 2.9 > <Patch_Version> > Helm
-
To view the help menu, execute the below command:
./vsp_cleanup_cms.sh -h
-
Execute the same command using one of the below parameters to remove the previous version
-
-S (Optional): For clean CMS setup. This deletes all the services of the previous setup (if any)
-
-
-
In the Artifactory site, navigate to the directory vsp > releases > public > 2 > 2.9 > <Patch_Version> > Helm
-
Right-click on the file vsp_create_cert_configmap.sh, listed on the page and download it to the local system
-
Log in to the Management Node and copy the downloaded file: vsp_create_cert_configmap.sh
-
Modify the permissions using the command:
chmod +x vsp_create_cert_configmap.sh
-
Execute the command below:
./vsp_create_cert_configmap.sh
-
-
Create CMS certs config map using the command below:
-
kubectl create configmap cms-certs -n virsec
NOTE:
Refer Deploy Custom Certificates to CMS Client Service for more information for custom certificates configuration
-
-
Log in to the Artifactory site using Virsec-provided credentials from the local machine
-
Navigate to the directory vsp > releases > public > 2 > 2.9 > <Patch_Version> > Helm
-
Right-click on the file cms-<version>.tgz, listed on the page and download it to the local system
-
Upgrade VSP CMS by executing the below steps:
-
Log in to the Management Node
-
Copy the downloaded file cms-<version>.tgz
-
Execute the below command to display the configurable parameters:
helm inspect values ./cms-<version>.tgz
-
-
Create a custom value file to provide the Artifactory username and password
-
vi <CustomFileName>.yaml
NOTE:
Only Multi-pod CMS deployment is supported
-
Optional CMS Services Deployment: To deploy optional CMS services, configure the parameters as described below:
-
Indicate true or false for all the optional services installation - Ticketing (Zendesk), Syslog, Splunk, Centralized logging, MSSP Portal, VSP APIs, Reporting
-
-
Secure Kafka Options: The options are available for Kafka are:
1: For One-way SSL where the Client verifies the server
2: For Two-way SSL where both the Client and Server verify each other. By default, the value is set to 2 if not specified
-
Sample Usage: The example below depicts One-way SSL configuration:
helm install vsp-cms ./cms-<RELEASE_VERSION>.tgz --set cloudProvider=eks --set kafka.secureKafkaMode="1" --namespace virsec
-
-
Method 1: Using helm upgrade command
NOTE:
Provide the parameter “-f <CustomFileName>.yaml” in the below commands if selective optional CMS services need to be installed
-
For On-Premise environments:
-
Helm 3:
helm upgrade vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec
-
Helm 2:
helm upgrade --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec
-
-
For AWS EKS/ GOOGLE GKE environments:
-
Helm 3:
helm upgrade vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec
-
Helm 2:
helm upgrade --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec
-
-
Verification: Execute the below command to verify the upgrade:
helm status vsp-cms
-
Execute the Provided commands to retrieve CMS URL:
(kubectl -n virsec get pods -l app=vsp-cms-client -o wide | grep vsp-cms | awk '{print $7}' | xargs -I {} kubectl -n virsec get node -o wide {} | tail -n 1 | awk '{print $6}' )| xargs -I {} kubectl patch service vsp-cms -n virsec -p '{"spec":{"externalIPs": [ "{}" ]}}'
export LB_URL_IP=$(kubectl get svc -n virsec | grep vsp-cms | awk '{print $4}' | awk -F ',' '{print $1}')
echo -e " -Setting Server IP envrioment variable. $LB_URL_IP"
kubectl -n virsec set env deployment/vsp-cms-zuul-api-gateway SERVER_IP=$LB_URL_IP
kubectl -n virsec set env deployment/vsp-cms-utility HOST_IP_LOCAL=$LB_URL_IP
export SERVICE_IP=$(kubectl get svc --namespace virsec vsp-cms -o jsonpath='{.spec.externalIPs[0]}')
$ echo https://$SERVICE_IP:443
-
-
Method 2: Using kubectl command
NOTE:
Provide the parameter “-f <CustomFileName>.yaml” in the below commands if selective optional CMS services need to be installed
-
For On-Premise environments:
-
Helm 3:
helm template vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec > vsp-cms.yaml
-
Helm 2:
helm template --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --namespace virsec > vsp-cms.yaml
-
-
For AWS EKS/ GOOGLE GKE environments:
-
Helm 3:
helm template vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec > vsp-cms.yaml
-
Helm 2:
helm template --name vsp-cms ./cms-<RELEASE_VERSION>.tgz --set upgrade=true --set cloudProvider=eks --namespace virsec > vsp-cms.yaml
-
-
Execute the below command to deploy VSP CMS:
kubectl apply -f vsp-cms.yaml
-
Execute the below commands to retrieve CMS URL:
(kubectl -n virsec get pods -l app=vsp-cms-client -o wide | grep vsp-cms | awk '{print $7}' | xargs -I {} kubectl -n virsec get node -o wide {} | tail -n 1 | awk '{print $6}' )| xargs -I {} kubectl patch service vsp-cms -n virsec -p '{"spec":{"externalIPs": [ "{}" ]}}'
export LB_URL_IP=$(kubectl get svc -n virsec | grep vsp-cms | awk '{print $4}' | awk -F ',' '{print $1}')
echo -e " -Setting Server IP envrioment variable. $LB_URL_IP"
kubectl -n virsec set env deployment/vsp-cms-zuul-api-gateway SERVER_IP=$LB_URL_IP
kubectl -n virsec set env deployment/vsp-cms-utility HOST_IP_LOCAL=$LB_URL_IP
export SERVICE_IP=$(kubectl get svc --namespace virsec vsp-cms -o jsonpath='{.spec.externalIPs[0]}')
$ echo https://$SERVICE_IP:443
NOTE:
If a proxy server with SSL (for internet access) OR LDAP server with SSL (for user management) is configured, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificates topic of the Maintenance Section
-
-
-
In the Artifactory site, navigate to the directory vsp > releases > public > 2 > 2.9 > <Patch_Version> > Helm
-
Right-click on the file vsp_patch_cpm_service.sh, listed on the page and download it to the local system
-
Log in to the Management Node and copy the downloaded file: vsp_patch_cpm_service.sh
-
Modify the permissions using the command:
chmod +x vsp_patch_cpm_service.sh
-
Execute the command below:
./vsp_patch_cpm_service.sh
-