To upgrade Release 22.9 or later NSP Flow Collectors and Flow Collector Controllers

Purpose

Use this procedure to upgrade the standalone or redundant Release 22.9 or later NSP Flow Collector Controllers and NSP Flow Collectors in an NSP data center.

Note: You cannot upgrade an NSP Flow Collector or Flow Collector Controller to a collocated deployment that has both on one station.

Note: The install.sh utility requires SSH access to a target station. To enable SSH access, you must do one of the following.

  • Configure the required SSH keys on the stations.

  • If each remote station has the same root user password, add the --ask-pass argument to the install.sh command; for example:

    ./install.sh --ask-pass --target remote_station

Steps
Stop NSP Flow Collector Controllers
 

Perform the following steps on each NSP Flow Collector Controller station to stop the NSP Flow Collector Controller.

Note: If an NSP Flow Collector is also installed on the station, the Flow Collector stops automatically.

  1. Log in to the station as the nsp user.

  2. Enter the following:

    bash$ /opt/nsp/flow/fcc/bin/flowCollectorController.bash stop ↵

    The NSP Flow Collector Controller stops.

Stop NSP Flow Collectors
 

Stop each NSP Flow Collector that is not collocated with an NSP Flow Collector Controller.

Note: Any NSP Flow Collector that is collocated with a Flow Collector Controller is automatically stopped earlier in the procedure.

  1. Log in to the NSP Flow Collector station as the nsp user.

  2. Enter the following:

    bash$ /opt/nsp/flow/fc/bin/flowCollector.bash stop ↵

    The NSP Flow Collector stops.

Set SELinux mode
 

If SELinux enforcing mode is enabled on the NSP Flow Collector or Flow Collector Controller, you must switch to permissive mode on each; otherwise, you can skip this step.

Perform “How do I switch between SELinux modes on NSP system components?” in the NSP System Administrator Guide on the Flow Collector or Flow Collector Controller.

Note: If SELinux enforcing mode is enabled during the upgrade, the upgrade fails.

Apply OS update
 

If the NSP Flow Collector or Flow Collector Controller is deployed in a VM created using an NSP RHEL OS disk image, perform To apply a RHEL update to an NSP image-based OS.

Start PKI server
 

Start the PKI server, regardless of whether you are using the automated or manual TLS configuration method; perform To configure and enable a PKI server.

Note: The PKI server is required for internal system configuration purposes.

Upgrade software
 

Download the NSP component installer package (NSP_NSD_NRC_R_r.tar.gz) from OLCS and extract it on any station running a supported version of RHEL. This does not have to be the station on which the NSP Flow Collector Controller or an NSP Flow Collector is installed; the installer can perform remote upgrades.

An NSD_NRC_R_r directory is created in the current directory, where R_r is the release identifier in the form MAJOR_minor.

Note: In subsequent steps, the directory is called the NSP installer directory or NSP_installer_directory.

Log in as the root user on the station that has the downloaded NSP software bundle.

Enter the following:

cd NSP_installer_directory/NSD_NRC_R_r/bin ↵

Create a hosts file in the current directory that contains the required entries in the following sections:

  • [nspos]—one entry for each ZooKeeper host; the ZooKeeper hosts are one of the following:

    • if the NSP system includes only the NFM-P, the NFM-P main servers

    • otherwise, the VIP address of each NSP cluster

  • [fcc]—one line entry for each Flow Collector Controller

  • [fc]—one line entry for each Flow Collector

Note: If an NSP Flow Collector Controller and Flow Collector are to be collocated on one station, specify the same address for in the [fc] and [fcc] sections; for example:

[fcc] 203.0.113.3 advertised_address=198.51.100.3 ansible_host=198.51.100.3

[fc] 203.0.113.3 ansible_host=198.51.100.3 fc_mode=AA

See NSP hosts file for configuration information.

Note: A sample hosts file is in the following directory; you must use a modified copy of the file for installation:

  • NSP_installer_directory/NSD_NRC_R_r/examples

    where R_r is the NSP software release

10 

Create a config.yml file in the NSP installer directory that includes the following sections; see NSP RPM-based configuration file for information.

  • sso

  • tls

  • section for each component to install

Note: The PKI server parameter values in the tls section must match the values in the NSP configuration file and the NFM-P samconfig utility. You can use the samconfig “show” command on a main server to display the tls parameters. See NFM-P samconfig utility for information about using the samconfig utility.

Note: A sample config.yml file is in the following directory; you must use a modified copy of the file for installation:

  • NSP_installer_directory/NSD_NRC_R_r/examples

    where R_r is the NSP software release

11 

Enter the following:

Note: Include the --ask-pass option only if each target station has the same root user password.

./install.sh --ask-pass --target target_list

where target_list is a comma-separated list of the NSP Flow Collector Controller and NSP Flow Collector IP addresses

The NSP Flow Collector Controller or NSP Flow Collector software is upgraded on each station.

Configure NFM-P in DR deployment
 
12 

If the NSP cluster and NSP Flow Collector Controllers are not in a DR deployment, go to Step 19.

13 

Log in as the root user on the NFM-P main server in the same data center as the NSP Flow Collector Controller.

14 

Open a console window.

15 

Stop the main server.

  1. Enter the following to switch to the nsp user:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash stop ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully stopped if the status is the following:

    Application Server is stopped

    If the server is not fully stopped, wait five minutes and then repeat this step. Do not perform the next step until the server is fully stopped.

  5. Enter the following to switch back to the root user:

    bash$ su - ↵

16 

You must create an association between the local NSP Flow Controller and the local NFM-P main server to ensure that the Flow Collector and Controller remain in communication with the local NFM-P during NSP DR activity.

Add the local data center name to the main-server configuration.

Note: The data center name must be a name other than “default”.

  1. Enter the following:

    samconfig -m main ↵

    The samconfig utility opens, and the following is displayed:

    Start processing command line inputs...

    <main>

  2. Enter the following:

    <main> configure nspos dc-name data_center

    where data_center is the data center name, which must match the dcName value for the local NSP cluster in the NSP configuration file

    The prompt changes to <main configure nspos>.

  3. Enter the following:

    <main configure nspos> exit ↵

    The prompt changes to <main>.

  4. Enter the following:

    <main> apply ↵

    The configuration is applied.

  5. Enter the following:

    <main> exit ↵

    The samconfig utility closes.

17 

Start the main server.

  1. Enter the following to switch to the nsp user:

    su - nsp ↵

  2. Enter the following:

    bash$ cd /opt/nsp/nfmp/server/nms/bin ↵

  3. Enter the following:

    bash$ ./nmsserver.bash start ↵

  4. Enter the following:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Restore SELinux enforcing mode
 
18 

If you switched from SELinux enforcing mode to permissive mode before the upgrade, and want to restore the use of enforcing mode, perform “How do I switch between SELinux modes on NSP system components?” in the NSP System Administrator Guide on the NSP Flow Collector or Flow Collector Controller.

Start NSP Flow Collector Controllers
 
19 

Perform the following steps on each NSP Flow Collector Controller station.

Note: If an NSP Flow Collector is also installed on the station, the Flow Collector starts automatically.

  1. Log in to the station as the nsp user.

  2. Enter the following:

    bash$ /opt/nsp/flow/fcc/bin/flowCollectorController.bash start ↵

    The NSP Flow Collector Controller starts.

  3. Close the console window.

Start NSP Flow Collectors
 
20 

Start each NSP Flow Collector that is not collocated with an NSP Flow Collector Controller.

Note: Any NSP Flow Collector that is collocated with a Flow Collector Controller is automatically started earlier in the procedure.

  1. Log in to the NSP Flow Collector station as the nsp user.

  2. Enter the following:

    bash$ /opt/nsp/flow/fc/bin/flowCollector.bash start ↵

    The NSP Flow Collector starts.

  3. Close the console window.

21 

Perform the following steps for each NSP Flow Collector.

  1. Use a browser to open the web UI at the following URL:

    https://server:8443/fc/admin

    where server is the NSP Flow Collector IP address or hostname

    The Collection Policy configuration page opens.

  2. Verify the settings on each configuration page to ensure that the settings from before the upgrade are preserved.

22 

If no other components are to be deployed, stop the PKI server by entering Ctrl+C in the console window.

23 

Close the open console windows.

End of steps