To upgrade Release 22.9 or later NSP analytics servers

Purpose

The following steps describe how to upgrade the Release 22.9 or later analytics servers in an NSP system.

Note: You cannot selectively upgrade analytics servers; all analytics servers must be upgraded in one operation as described in the procedure.

Ensure that you record the information that you specify, for example, directory names, passwords, and IP addresses.

Note: Each running NSP analytics server and each running NFM-P auxiliary database in the NSP system must be at the same release.

Note: If you are replacing any analytics server stations, it is recommended that you commission the stations in advance of the upgrade to reduce the upgrade duration.

For information about deploying the RHEL OS using an NSP OEM disk image, see NSP disk-image deployment.

Note: After an analytics server upgrade:

  • Scheduled report creation continues, but uses the new report versions, which may differ from the former versions.

  • Saved reports remain available, but lack any new features of the upgraded report versions; it is recommended that you recreate and save the reports.

  • If a report changes significantly between releases, the report may no longer function. See the NSP Release Notice for limitations regarding specific reports.

Note: You require root and nsp user privileges on each analytics server station.

Note: The following RHEL CLI prompts in command lines denote the active user, and are not to be included in typed commands:

  • # —root user

  • bash$ —nsp user

Steps
Download installation files
 

Log in as the root user on a station that is reachable from each analytics server station.

Open a console window.

Download the following NSP installation files to an empty local directory:

  • nspos-jre-R.r.p-rel.v.rpm

  • nspos-tomcat-R.r.p-rel.v.rpm

  • nsp-analytics-server-R.r.p-rel.v.rpm

  • analyticsBackupForMigration.sh

where

R.r.p is the NSP release ID, in the form MAJOR.minor.patch

v is a version number

Back up analytics report repository, security files
 

Log in as the root user on any analytics server station in the data center..

Transfer the downloaded analyticsBackupForMigration.sh file to the /opt/nsp directory.

Enter the following:

chown nsp:nsp /opt/nsp/analyticsBackupForMigration.sh ↵

Enter the following:

chmod +x /opt/nsp/analyticsBackupForMigration.sh ↵

Enter the following to switch to the nsp user:

su - nsp ↵

Enter the following:

bash$ ./analyticsBackupForMigration.sh ↵

The server security keys and configuration file are backed up to the following file in the current directory, /opt/nsp:

analyticsBackup.tar.gz

10 

Enter the following:

bash$ tar -tzf analyticsBackup.tar.gz ↵

The backed-up files are listed.

11 

Verify that the output matches the following; if any file is not listed, contact technical support:

  • opt/nsp/.jrsks

  • opt/nsp/.jrsksp

  • opt/nsp/analytics/config/install.config

  • opt/nsp/analytics/backup/analytics_backup_version_timestamp.zip

    where

    version is the current analytics software version

    timestamp is the current timestamp

12 

Copy the /opt/nsp/analyticsBackup.tar.gz file to a secure location on a separate station that is not affected by the upgrade activity.

Stop analytics servers
 
13 

If any analytics server is running, perform the following steps on the analytics server station to stop the server.

Note: You must ensure that no analytics server is running.

  1. Log in as the nsp user on the station.

  2. Open a console window.

  3. Enter the following:

    bash$ /opt/nsp/analytics/bin/AnalyticsAdmin.sh stop ↵

    The following and other messages are displayed:

    Stopping Analytics Application

    When the analytics server is completely stopped, the following is displayed:

    Analytics Application is not running

Uninstall all analytics servers
 
14 

Perform Step 1 to Step 8 of To uninstall an NSP analytics server on each analytics server station.

Set SELinux mode
 
15 

If SELinux enforcing mode is enabled on the NSP Analytics servers, you must switch to permissive mode on each; otherwise, you can skip this step.

Perform “How do I switch between SELinux modes on NSP system components?” in the NSP System Administrator Guide on each NSP analytics server station.

Note: If SELinux enforcing mode is enabled during the upgrade, the upgrade fails.

Start PKI server
 
16 

Start the PKI server, regardless of whether you are using the automated or manual TLS configuration method; perform To configure and enable a PKI server.

Note: The PKI server is required for internal system configuration purposes, so must be running before you continue.

Note: All NSP components must use TLS artifacts that are signed by the same root CA. If the NSP or NFM-P to which the analytics server connects is using TLS artifacts from a previous deployment, you must ensure that the private key file and public certificate file from the previous deployment are copied to the PKI server, as described in To configure and enable a PKI server.

17 

Perform Step 19 to Step 35 on each analytics server station.

18 

Go to Step 36.

Upgrade individual analytics server
 
19 

If the analytics server is deployed in a VM created using an NSP RHEL OS disk image, perform To apply a RHEL update to an NSP image-based OS.

20 

Log in as the root user on the analytics server station.

21 

Open a console window.

22 

Transfer the installation files downloaded in Step 3 to an empty temporary directory on the station.

Note: You must ensure that the directory contains only the installation files.

23 

Navigate to the directory that contains the installation files.

24 

Enter the following:

chmod +x * ↵

25 

Enter the following:

dnf install *.rpm ↵

For each package, the dnf utility resolves any package dependencies and displays the following prompt:

Total size: nn G

Installed size: nn G 

Is this ok [y/d/N]: 

26 

Enter y. The following and the installation status are displayed as each package is installed:

Downloading Packages:

Running transaction check

Transaction check succeeded.

Running transaction test

Transaction test succeeded.

Running transaction check

The package installation is complete when the following is displayed:

Complete!

27 

Perform one of the following.

  1. If the analytics server is the first analytics server to be upgraded, perform the following steps.

    1. Copy the /opt/nsp/analyticsBackup.tar.gz saved in Step 13 to the /opt/nsp directory.

    2. Enter the following to switch to the nsp user:

      su - nsp ↵

    3. Enter the following:

      bash$ cd /opt/nsp/analytics/bin ↵

    4. Enter the following:

      bash$ ./preInstallWithBackup.sh /opt/nsp/analyticsBackup.tar.gz ↵

      The configuration is restored.

  2. If the analytics server is not the first analytics server to be upgraded, perform the following steps.

    1. Transfer the following files from the first upgraded analytics server to the /opt/nsp directory on the analytics server that you are currently upgrading:

      • /opt/nsp/.jrsks

      • /opt/nsp/.jrsksp

    2. Enter the following:

      chown nsp:nsp /opt/nsp/.jrsks ↵

    3. Enter the following:

      chown nsp:nsp /opt/nsp/.jrsksp ↵

    4. Enter the following to switch to the nsp user:

      su - nsp ↵

28 

Enter the following:

bash$ /opt/nsp/analytics/bin/AnalyticsAdmin.sh updateConfig ↵

The script displays the following message and prompt:

THIS ACTION UPDATES /opt/nsp/analytics/config/install.config

Please type 'YES' to continue

29 

Enter YES.

The script displays a series of prompts.

30 

At each prompt, enter a parameter value; to accept a default in brackets, press ↵.

Note: Accept all the previous values unless they have changed.

The following table lists and describes each parameter.

Table 16-1: NSP analytics server parameters

Parameter

Description

Analytics Server Hostname or IP Address

The analytics server hostname or IP address that is reachable by the NSP cluster and the client browsers

Default: —

Enter IP address or hostname for internal network

The analytics server internal IP address, if configured

Default: —

Is NSPOS secure

Whether the internal NSP system communication is secured using TLS

In a shared-mode NSP system, the value must match the “nspos secure” parameter value; otherwise, the value must match the “secure” value in the nspos section of the NFM-P main server configuration.

Use internal certificates

Whether internal service communication between NSP components is secured using internally generated TLS certificates

You can set the parameter to true only if the “Is NSPOS secure” parameter is set to true.

Primary PostgreSQL Repository Database Host

The primary report results repository, which is the IP address or hostname of one of the following:

  • if the NSP system includes only the NFM-P, the primary or standalone NFM-P main server

  • the internalAdvertisedAddress value in the primary or standalone NSP configuration file, if configured; otherwise, the advertisedAddress value

Secondary PostgreSQL Repository Database Host

In a redundant system, the standby report results repository, which is the IP address or hostname of one of the following:

  • if the NSP system includes only the NFM-P, the standby NFM-P main server

  • the internalAdvertisedAddress value in the standby NSP configuration file, if configured; otherwise, the advertisedAddress value

Primary Oracle Data Source DB Host

The primary or standalone main database IP address or hostname

Primary Oracle Data Source DB Name

The primary or standalone main database instance name

Primary Oracle Data Source DB Port

The TCP port on the primary or standalone main database station that receives database requests

Secondary Oracle Data Source DB Host

In a redundant system, the standby main database IP address or hostname

Secondary Oracle Data Source DB Name

In a redundant system, the standby main database instance name

Secondary Oracle Data Source DB Port

In a redundant system, the TCP port on the standby main database station that receives database requests

PKI Server IP Address or Hostname

The PKI server IP address or hostname

Regardless of whether you are using the manual or automated TLS configuration method, you must specify the PKI server address.

PKI Server Port

The PKI server port

Zookeeper Connection String

The IP address or hostname, and port of each ZooKeeper host, in the following format:

server1_address:port;server2_address:port

where

server1_address and server2_address are the IP addresses or hostnames of the ZooKeeper hosts

port is a port number based on the Is NSPOS secure setting:

  • 2181, if false

  • 2281, if true

The ZooKeeper hosts that you specify are one of the following:

  • if the NSP system includes only the NFM-P, the NFM-P main servers

  • the advertisedAddress of each cluster from the NSP configuration file

Use NFM-P-only mode? (true/false)

Specifies how the Analytics server communicates with the NSP system

The parameter must be set to true if the deployment includes only the NFM-P and has no NSP cluster.

31 

If you are upgrading the first analytics server, and either of the following is true, you must purge the Analytics data from the NSP PostgreSQL database, and restore critical files from the backup; otherwise, you can skip this step.

  • The software version from which you are upgrading is still installed on one or more analytics servers.

    OR

  • One or more analytics servers were still installed when the NSP PostgreSQL database backup was created for the NSP system upgrade.

  1. Enter the following:

    bash$ ./AnalyticsAdmin.sh genCertificate ↵

    Note: The command may generate the following error message that you can safely ignore:

    /opt/nsp/analytics/bin/vault.sh: line 46: ./eap-vault-update.sh: No such file or directory

  2. Enter the following:

    bash$ ./AnalyticsAdmin.sh force_uninstall ↵

    The NSP PostgreSQL database is purged of analytics-server information.

  3. Enter the following:

    bash$ tar -xzf /opt/nsp/analyticsBackup.tar.gz --directory /opt/nsp './.jrsks*' ↵

32 

Perform one of the following to install the analytics server software on the station.

  1. If the analytics server is the first analytics server to be upgraded, enter the following:

    bash$ /opt/nsp/analytics/bin/AnalyticsAdmin.sh installWithBackup ↵

  2. If the analytics server is not the first analytics server to be upgraded, enter the following:

    bash$ /opt/nsp/analytics/bin/AnalyticsAdmin.sh install ↵

Note: The analytics server starts automatically after the installation.

The following prompt is displayed if the Use NFM-P-only mode parameter in Step 30 is set to false.

Enter NSP user name:

33 

If the prompt is displayed, perform the following steps.

  1. Enter admin ↵.

    The following prompt is displayed:

    Enter NSP user password (hidden):

  2. Enter the password of the NSP admin user.

34 

The following messages and prompt are displayed:

Access token retrieved successfully

date time Analytics App is UP and Running

Version check passed. NSP version = RR.r; Analytics server version = RR.r

date time Installing Analytics Server...

Do you have existing TLS certificates?(yes/no)

35 

Perform one of the following.

  1. If you have TLS keystore and truststore files, perform the following steps.

    1. Enter yes ↵.

      The following prompt is displayed:

      Enter TLS keystore Path,including filename:

    2. Enter the absolute path of the keystore file.

      The following message and prompt are displayed:

      path/keystore_file found.

      Enter TLS truststore Path,including filename:

    3. Enter the absolute path of the truststore file.

      The following message and prompt are displayed:

      path/truststore_file found.

      Enter TLS Keystore Password:

    4. Enter the keystore password.

      The following message and prompt are displayed:

      Verifying TLS Keystore...

      Certificate loading...

      Verified TLS Certificate

      Enter TLS Truststore Password:

    5. Enter the truststore password.

      The following is displayed as the configuration is updated:

      Verifying TLS Truststore...

      Certificate loading...

      Verified TLS Certificate

      TLS Config has been updated

  2. If you do not have TLS keystore and truststore files, perform the following steps.

    1. Enter no ↵.

      The following prompt is displayed:

      Enter the Path where the TLS Certificate should be created:

    2. Enter the absolute path of a directory that is owned by the nsp user, for example, /opt/nsp.

      The following message and prompt are displayed:

      The path that will contain the keystore and the truststore is:

      path

      Set the keystore password:

    3. Enter the keystore password.

      The following prompt is displayed:

      Set the truststore password:

    4. Enter the truststore password.

      The following messages are displayed:

      The files nsp.keystore and nsp.truststore have been created

      TLS Config has been updated

The upgrade proceeds, and messages like the following are displayed:

Creating Analytics Repository Schema

Analytics Repository Schema creation is complete

Modified JIRoles Table

Please wait while Analytics Server is being installed...This may take a few minutes

Restoring backup

Retrieving AUXDB Connection Configurations

AUXDB Connection Configuration successfully retrieved

date time Deploying customization zip file

date time  Analytics server upgrade is complete. Starting analytics server

date time Starting Analytics Application

Waiting for Analytics Server to come up

date time Analytics Server is UP and Running

Oracle Redundancy Configuration Detected

Analytics Server successfully started

Importing reports for upgrade

Deploying Reports After Upgrade

Start Deploying /opt/nsp/analytics/analytics-report/domains.zip

Tracking nn reports...

Inserted nn reports into Tracker Table

All reports successfully tracked

Start Deploying /opt/nsp/analytics/analytics-report/reports.zip

Tracking nnn reports...

All reports successfully tracked

Waiting for upgrading reports...

Moving resources under Results folder to Shared folder

Updating scheduled jobs

Transferred roles to user

Deleting Analytics resources metadata...

Analytics resources metadata deleted

Updating Analytics resources metadata...

Analytics resources metadata updated

date time Analytics server upgraded successfully

Restore SELinux enforcing mode
 
36 

If you switched from SELinux enforcing mode to permissive mode before the upgrade, and want to restore the use of enforcing mode, perform “How do I switch between SELinux modes on NSP system components?” in the NSP System Administrator Guide on each analytics server.

Stop PKI server
 
37 

If no other components are to be deployed, stop the PKI server by entering Ctrl+C in the console window.

38 

Close the open console windows.

End of steps