LFR and CMS Upgrade

LFR AND CMS UPGRADE

Install the new version of VSP CMS using the below process:

NOTE:

If the required CMS deployment type is "large" ensure that the VM has 64GB RAM

Ensure that Maintenance Mode is not active during CMS upgrade

CMS INSTALLATION

The procedures in this section refresh the LFR and install the required CMS version. To refresh only the required files, follow the steps in Section Incremental LFR Refresh

Execute the below steps to add the required environmental variables
1. sudo bash
2. vi /etc/environment
3. Add the below variables
  
  COMPOSE_HTTP_TIMEOUT=400
  
  DOCKER_CLIENT_TIMEOUT=400
Execute the below commands to stop and clean previous CMS instance:
1. sudo su
2. cd /var/cms/docker-compose-files
3. ./stop.sh
  1. Execute the below command to view the help menu:
    
    ./stop.sh -h
4. ./cleanup.sh
  1. Execute the below command to view the help menu:
    
    ./cleanup.sh -h
5. service docker restart
For upgrade from VSP CMS 2.4.x or lower versions, execute the commands:
1. rm -rf /var/lib/kafkavolume
2. rm -rf /var/lib/zookeepervolume
For upgrade from VSP CMS 2.5 or higher versions, execute the commands:
1. rm -rf /var/kafkavolume
2. rm -rf /var/zookeepervolume
Remove the files of the previous version
1. cd /var/cms
2. rm *
Download the tar file vsp-cms-lfr.tar.gz from the Artifactory directory: vsp > releases > public > 2 > 2.9 > <Patch_Version> > tar_package > cms_lfr
Alternatively, use the wget command as described below:
1. Log in to the Artifactory and navigate to the directory:vsp > releases > public > 2 > 2.9 > <Patch_Version> > tar_package > cms_lfr.Click on the tar file and click URL to File
2. Execute the below command to download the tar file
  
  wget <Copied_URL> --user=<Artifactory Username> --ask-password
Extract the downloaded tar file using the below command. This command may take approximately 10 minutes
1. tar -xvzf vsp-cms-lfr.tar.gz
The below files are extracted
Execute the below commands to install and configure CMS:
1. ./vsp_cms_installer.sh
2. echo 1 > /proc/sys/vm/drop_caches
3. service docker restart
4. Execute the below command to view the help menu:
  
  ./setup.sh -h
  
  NOTE:
  
  Ensure that the script setup.sh is NOT executed with "sudo"
5. ./setup.sh [Optional Arguments] <IP_ADDRESS> <SSL_VERIFY>
  1. IP_ADDRESS – IP Address of the VM where CMS package is installed
  2. (Optional) SSL_VERIFY – Provide 0 to disable SSL hostname verification between CMS and Probe. This is useful when a customized domain name is desired for CMS (Default Domain Name: int.cms.virsec.com). Ensure that the option is disabled for ECS Fargate. Provide 1 to enable SSL hostname verification. The option is enabled by default
  3. (Optional) -f : Defines the CMS Deployment type. Allowed Values:
    
    small: Only the core CMS services are installed. Recommended for POVs only.
    
    NOTE:
    - jreports-service – Reports are scheduled and generated in this service
    - licenseserver – This service is the on-prem license server
    - organization-service – Provides communication with the VSP MSSP instance
    - report-service – Provides CMS Reporting functionality
    - ticket-zendesk-service – Provides the ability to configure the ticketing service Zendesk
    - virsec-api-snap-service – Provides the capability to access CMS information through SNAP API
    - vsp-log-manager-service – Responsible for the logging functionality
    large: The Core and optional CMS services are installed. If not specified, the default option is large
  4. (Optional) -x : Custom advertised listener for Kafka
  5. (Optional) -k : Ensure that CMS is not running during usage. Allowed Kafka options:
    
    1: For One-way SSL where the Client verifies the server
    
    2: For Two-way SSL where both the Client and Server verify each other. By default, the value is set to 2 if not specified
    
    NOTE:
    
    If there is a Custom DNS for Kafka listener, then use the option 1 for Kafka. Do not use the option 2
  6. (Optional) -P : Provide this parameter to select the optional services that need to be started in case of CMS Deployment Type - large. If this option is not provided, all the optional services are started by default. A snippet of the log with the option -P is provided below. When prompted, provide y/n for optional services [Ticketing Service (Zendesk), Centralized Logging System, MSSP, VSP APIs, Reporting Feature, On-premise License Server]
    
    NOTE:
    
    If a proxy server with SSL (for internet access) OR LDAP server with SSL (for user management) is configured, ensure that the root certificate information is added to the property file, as described in the Deploy Custom SSL Certificates topic of the Maintenance Section
In cases where RAM settings for small and large CMS deployment types need modifications, follow the steps before CMS deployment:

NOTE:

The file contains VSP-recommended RAM values for the available CMS deployment types. Any change in these values may affect CMS functioning
1. sudo bash
2. cd /var/cms/form-factors
3. vi ff-ram-size.csv
4. Modify the values as required. The specified value is in GBs. Save the file

VERIFICATION

To verify whether LFR is up and running, execute the below command:
1. docker ps | grep lfr
After a couple of minutes, access the URL: https://<VM_IP_Address>:8443 to view the refreshed LFR

NOTE:

Post upgrade, if the probe upgrade is NOT planned, ensure that the Application is un-provisioned and re-provisioned on CMS. Restart the business application
When CMS is upgraded from VSP 2.3.2 or previous versions to 2.5.0 or above, probes do not auto-connect to CMS. In such cases, restart the probe service manually

<< PREVIOUS NEXT >>