This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Upgrading to DSG 3.3.0.0

Sequential order for upgrading DSG to 3.3.0.0.

The upgrade of DSG is performed by installing the v3.3.0.0 patch. It is pertinent to note that direct upgrade to v3.3.0.0 is possible only from v.3.2.0.0. The following versions must be upgraded to v3.2.0.0 before upgrading to v3.3.0.0.

  • 3.0.0.0
  • 3.1.0.1
  • 3.1.0.2
  • 3.1.0.3
  • 3.1.0.4
  • 3.1.0.5

Upgrading DSG and ESA

The DSG patch in ESA is added to extend the DSG functionality on ESA. It allows ESA to deploy configurations to other DSG nodes. The following figure illustrates DSG component upgrade on ESA.

Upgrade DSG component on ESA

The following figure illustrates the DSG upgrade.

Upgrade DSG

Upgrade process

Upgrading the DSG version involves a series of steps that must be performed on ESA and DSG. The following order illustrates the upgrade process.

Before you begin

  • Ensure that ESA is on v9.2.0.0.
    • If the ESA is on a version prior to 9.2.0.0, upgrade the ESA to v.9.2.0.0.
    • Extend the DSG on ESA by installing the v3.2.0.0 patch on ESA.
  • Ensure that DSGs is on v3.2.0.0. If the DSG is on a version prior to v3.2.0.0, upgrade the DSG to v3.2.0.0
  • Ensure that the 3.2.0.0 HF-1 patch is installed on all the DSGs and ESA.
  • Ensure that communication is established between the ESA and DSG.
  • Ensure that DSGs and ESA are in a cluster. All the DSGs in the cluster are healthy.
  • Ensure that ESAs and DSGs are accessible through their hostnames. If not, run the following steps to update the host details of the ESA and all the DSGs.

Upgrade Procedure

The following figure illustrates a sample setup that will be upgraded to v.3.3.0.0.

Before upgrade

  1. Run the following commands on any one DSG in the cluster. These commands gather and store the details of all DSGs in the cluster. The details are then used to create a cluster of DSGs.
    •   tar zxvfp DSG_PAP-ALL-64_x86-64_3.3.*UP.pty --strip-components=1 -C . installer/alliance_gateway_migration_scripts_v3.9.2.tgz
      
    •   tar zxvfp alliance_gateway_migration_scripts_v3.*.tgz  ./create_tac_nodes.pyc
      
    •   python create_tac_nodes.pyc --save-dsg-details -f FILE
      

In reference to the figure, run these commands on node A.

  1. Install the v3.3.0.0 patch sequentially on all the DSGs in the cluster.
  2. Run the following command on the DSG to create a cluster. This must be only run on a DSG where step 1 was performed.
    python create_tac_nodes.pyc --create-dsg-tac -f FILE
    
    In reference to the figure, run this command only on node A.
  3. Run the set communication process between an upgraded DSG and ESA. Ensure that only Upgrade host settings for DSG is selected. For more information about set ESA communcication, refer to set communication process
  4. Install v10.0.0 patch to upgrade the ESA.
  5. Install v3.3.0.0 patch on ESA to extend the DSG capabilities on ESA.

Canary Upgrade

In a canary upgrade, the DSG nodes are re-imaged to v.3.3.0.0. The DSG image is installed afresh on an existing or a new system.

Before proceeding with the upgrade, back up the PEP server configuration from the DSG nodes. Run the following steps.

  1. Login to the DSG Web UI.
  2. Navigate to Settings > System.
  3. Under the Files tab, download the pepserver.cfg file.
  4. Repeat step 1 to step 3 on each DSG node in the cluster.

Consider the following figure.

Before upgrade

  1. Run the following steps on ESA A.

    1. Remove the ESA A from the cluster.
    2. Upgrade the ESA A to v10.0.0.
    3. If the ESA is not accessible through host name, add the following host details:
      • Host details of ESA B.
      • Host details of node A, node B, node C, and node D.
    4. Create a cluster.
  2. Run the following steps on node A.

    1. Remove node A from the cluster.
    2. Re-image the node A to v3.3.0.0.
    3. If the ESA is not accessible through host name, add the following host details:
      • Host details of ESA A and B.
      • Host details of node B, node C, and node D.
    4. Run the set communication for node A to communicate with the upgraded ESA A.
    5. Restore the pepserver.cfg file that was backed up for node A.
    6. Create a cluster on the node.
  3. Run the following steps on node B.

    1. Remove node B from the cluster.
    2. Re-image node B to v 3.3.0.0.
    3. If the ESA is not accessible through host name, add the following host details:
      • Host details of ESA A and B.
      • Host details of node A, node C, and node D.
    4. Restore the pepserver.cfg file backed up for node B.
    5. Join node B to the cluster created on node A.
  4. Run the following steps on node C.

    1. Remove node C from the cluster.
    2. Re-image node C to v 3.3.0.0.
    3. If the ESA is not accessible through host name, add the following host details.
      • Host details of ESA A and B.
      • Host details of node A, node B, and node D.
    4. Restore the pepserver.cfg file backed up for node C.
    5. Join node C to the cluster created on node A.
  5. Run the following steps on node D.

    1. Remove node D from the cluster.
    2. Re-image node D to v 3.3.0.0.
    3. If the ESA is not accessible through host name, add the following host details.
      • Host details of ESA A and B
      • Host details of node A, node B, and node C.
    4. Restore the pepserver.cfg file that was backed up for node D.
    5. Join node D to the cluster created on node A.
  6. Run the following steps on ESA B.

    1. Remove node D from the cluster.
    2. Upgrade ESA B to v10.0.0.
    3. If the ESA is not accessible through host name, add the following host details:
      • Host details of ESA A.
      • Host details of node A, node B, node C, and node D.
    4. Join ESA B to the cluster created on ESA A.

The following figure illustrates the upgraded setup.

After upgrade

1 - Post installation/upgrade steps

After the DSG installed or upgraded certain steps must be performed.

Running Docker commands

Run the following commands after installing or upgrading the DSG to 3.3.0.0.

  1. On the ESA CLI Manager, navigate to Administration > OS Console.
  2. Run the docker ps command. A list of all the available docker containers is displayed. For example,
CONTAINER ID   IMAGE                                            COMMAND                  CREATED       STATUS       PORTS     NAMES
018a569bd7a6   gpg-agent:3.3.0.0.5                              "gpg-agent --server …"   9 days ago    Up 2 hours             gpg-agent-3.3.0.0.5-1
5a30bd37e576   dsg-ui:3.3.0.0.5                                "/opt/start-httpd.sh"    9 days ago    Up 3 hours             dsg-ui-3.3.0.0.5-1
  1. Run the below commands to update the container configuration.

    docker update --restart=unless-stopped --cpus 2 --memory 1g --memory-swap 1.5g dsg-ui-3.3.0.0.5-1
    docker update --restart=always --cpus 1 --memory .5g --memory-swap .6g gpg-agent-3.3.0.0.5-1
    The values of --cpus, --memory, and --memory-swap can be changed as per the requirements.

Updating the evasive configuration file

Run the following commands only if ESA is upgraded from 9.1.0.x to 10.0.0.

  1. On the ESA CLI Manager, navigate to Administration > OS Console.
  2. Add new mod evasive configuration file using the following command.
    nano /etc/apache2/mods-enabled/whitelist_evasive.conf
  3. Add the following parameters to the mod evasive configuration file.
<IfModule mod_evasive20.c>  
DOSWhitelist 127.0.0.1
</IfModule>
  1. Save the changes.
  2. Set the required permissions for evasive configuration file using the following command.
    chmod 644 /etc/apache2/mods-enabled/whitelist_evasive.conf
  3. Reload the apache service using the following command.
    /etc/init.d/apache2 reload

Verifying the DSG installation

This section describes the steps to verify the version details of the DSG instance.

To verify the version details of the DSG instance:

  1. Login to the DSG Web UI.

  2. Click the (Information) icon, and then click About.

  3. Verify that the DSG version is reflected as DSG 3.3.0.0.

The DSG version details appear on the DSG Web UI successfully.

Pushing the DSG rulesets

This section describes the steps to push the DSG Rulesets in a cluster.

To push the DSG Rulesets:

  1. Login to the ESA Web UI using the administrator credentials.

  2. Navigate to Cloud Gateway > 3.3.0.0 {build number} > Cluster.

  3. Go to Actions and click Deploy or Deploy to Node Groups to push the DSG Ruleset configurations to the DSG nodes. For more information about deploying the configurations, refer to the sections Deploying the Configurations to Entire Cluster or Deploying the Configurations to Node Groups.

The DSG Rulesets are pushed to the DSG nodes in a cluster or node groups.

Verifying the Startup Logs

This section describes the steps to verify the startup logs.

To verify the DSG startup logs:

  1. Login to the DSG Web UI using the administrator credentials.

  2. Navigate to Logs > Appliance.

  3. Click Cloud Gateway - Event Logs, and select gateway.

    Verify that the startup logs do not display any errors.

The DSG startup logs are displayed on the DSG Web UI.

Enabling Scheduled Tasks on Insight

The DSG metrics logs that are generated over time can be scheduled for cleanup regularly. You can click Audit Store > Analytics > Scheduler, select the Delete DSG Error Indices, Delete DSG Usage Indices, or Delete DSG Transaction Indices, and then click Edit to modify the scheduled task that initiates the Indices file cleanup at regular intervals. The scheduled task can be set to n days based on your preference.

For more information about the audit indexes, refer to Understanding the index field values.

For more information about scheduled tasks, refer to Using the scheduler.