Document toolboxDocument toolbox

.Relay migration vv7.0.8

Owned by Juan Tomás Alonso Nieto (Unlicensed)
Jun 18, 2021
12 min read

Introduction

The steps described in this article will guide you through the migration process from an old relay version in your machine to the most recent version (v1.4.2)

The process is as follows:

  • Install the new relay in the same machine where the old relay is located with exactly the same relay name so the same rules are downloaded for the new one, and force the download of new certificates from the web app. At this point, both relays will be running at the same time.
  • Stop the old relay and wait until the new relay takes over and starts processing the data. This process should take a few seconds. If something goes wrong, start the old relay again and check for issues. Contact us if you need support.
  • Once the new relay is handling the traffic, remove the old relay from the machine.

Following these steps, data loss will be minimized as much as possible.

New paths

Take into account that the new relay is deployed on a different path. The files that were under /etc/logtrust and /opt/logtrust in previous versions are now under the /opt/devo folder.

New package name

Also, note that the new package name is devo-scoja-relay and the old one is devo-relay.

Getting ready

Before starting the migration process, you must get your relay name. To do it, connect to the relay via SSH and execute the following command:

# cat /etc/logtrust/relay/logtrust.conf
logtrust.services.url = "https://xxx.devo.com/domain/clientrelay.json"
logtrust.services.downloadHomeRelayConfig.url = "https://xxx.devo.com/domain/clientrelay/config"
api.key = "xxxx"
hardware.id = "ubuntu-xenial-migrationtest"
relay.address = "10.0.2.15"
proxy.host = ""
proxy.port = ""
proxy.user = ""
proxy.pass = ""
version = "1.0"

Your relay name is the value of the parameter hardware.id. Keep it handy as you will need it to configure the new relay.

Migration procedure

The migration procedure is made up of 4 different steps:

Step 1 - Install the new relay

Follow these steps to install the new relay in your machine:

  1. Execute the following command in the same machine where your old version is running to install the new version of the Devo relay:

    Ubuntu

    sudo apt-get install devo-scoja-relay

    CentOS / Red Hat

    sudo yum install devo-scoja-relay

  2. The relay configuration utility will be launched, where you must specify the relay configuration settings. Check the step-by-step process for configuring the new relay for Ubuntu here (step 4), and go here if you are installing it in Red Hat or CentOS (step 5).

    New relay name

    The name of the new relay must be exactly the same as the old one. Otherwise, the relay rules will not be downloaded automatically.

    New relay configuration

    The configuration settings of the new relay must be exactly the same as the old one

  3. Make sure that OpenJDK8 is being used after the package installation. In case several Java versions are installed, select openjdk8.

    # update-alternatives --config java
There are 2 choices for the alternative java (providing /usr/bin/java).

  Selection    Path                                            Priority   Status
------------------------------------------------------------
  0            /usr/lib/jvm/java-9-openjdk-amd64/bin/java       1091      auto mode
* 1            /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java   1081      manual mode
  2            /usr/lib/jvm/java-9-openjdk-amd64/bin/java       1091      manual mode

Press <enter> to keep the current choice[*], or type selection number:

    At this point, both relays are working at the same time and you will see two Java processes running. In the following example, PID 5313 is the old relay and PID 10932 is the new one:

    # ps aux | grep java | grep -v grep
root      5313  0.2  5.2 2786768 184964 ?      Sl   04:43   0:48 java -server -Xms200M -Xmx200M -XX:+UseConcMarkSweepGC -classpath :/opt/logtrust/scoja/scoja.jar:/opt/logtrust/scoja/scoja-cc.jar:/opt/logtrust/scoja/scoja-compression.jar:/opt/logtrust/scoja/scoja-rpc.jar:/opt/logtrust/scoja/scoja-beep.jar:/opt/logtrust/scoja/jython.jar -Djava.library.path=/opt/logtrust/scoja -Dorg.scoja.io.posix.provider=org.scoja.io.posix.PosixNative -Dscoja.home=/opt/logtrust/scoja -Dpython.import.site=false org.scoja.server.Scoja -r 5s -G /etc/logtrust/scoja/version1/all-me.conf -j /etc/logtrust/scoja/version1/all-var.conf
root     10932  1.3  9.4 4940144 332620 ?      Sl   10:50   0:09 java -XX:+UseConcMarkSweepGC -XX:MaxRAMPercentage=70.0 -XX:InitialRAMPercentage=70.0 -classpath /opt/devo/scoja-server/lib/scoja-server-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-client-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-beep-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-compression-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-xc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-cc-1.4.0.jar:/opt/devo/scoja-server/lib/jython-standalone-2.7.2b3.jar:/opt/devo/scoja-server/lib/log4j-1.2.17.jar org.scoja.server.Scoja -r 5s -G /opt/devo/scoja-server/conf/all-me.conf -j /opt/devo/scoja-server/conf/all-var.conf

  4. If you don’t see two Java processes running, check /var/log/scoja.log for errors. It may be necessary to stop and start the new relay if you have updated the Java version with update-alternatives --config java. Once you check that both Java processes are running, you can continue.

  5. In Devo, go to Administration → Relays. Click the ellipsis icon that appears at the right of your relay when you hover over it and click Edit.

  6. Then, check the Force Generate New Certificate check box and click Apply configuration to force the creation of the new certificates.

  7. Wait for 2 minutes and check that the following file exists: /opt/devo/scoja-server/conf/keys/client.jks

    # ll /opt/devo/scoja-server/conf/keys/client.jks
-rw-r--r-- 1 root root 8075 Oct 13 11:10 /opt/devo/scoja-server/conf/keys/client.jks

  8. You can also check that the rules have been downloaded and are available in /opt/devo/scoja-server/conf/rules

    # ll /opt/devo/scoja-server/conf/rules
total 28
drwxr-xr-x 2 root root 4096 Oct 13 11:10 ./
drwxr-xr-x 4 root root 4096 Oct 13 11:10 ../
-rw-r--r-- 1 root root  147 Oct 13 11:10 rule-13000.pconf
-rw-r--r-- 1 root root  176 Oct 13 11:10 rule-13001.pconf
-rw-r--r-- 1 root root  175 Oct 13 11:10 rule-13002.pconf
-rw-r--r-- 1 root root  227 Oct 13 11:10 rule-13003.pconf
-rw-r--r-- 1 root root  107 Oct 13 11:10 target.pconf

  9. After this step, the Devo Scoja Relay will be installed and ready to be used. The relay rules and certificates will be automatically downloaded from the Devo app.

    At this point, the ports are still being used by the old version of the relay (PID 5313 in the example below)

    # netstat -atunp | grep java
tcp6       0      0 :::13000                :::*                    LISTEN      5313/java
tcp6       0      0 :::13001                :::*                    LISTEN      5313/java
tcp6       0      0 :::13002                :::*                    LISTEN      5313/java
tcp6       0      0 :::13003                :::*                    LISTEN      5313/java
tcp6       0      0 127.0.0.1:5140          :::*                    LISTEN      5313/java
tcp6       0      0 10.0.2.15:42188         54.75.255.25:443        ESTABLISHED 5313/java
tcp6       0      0 10.0.2.15:42352         54.75.255.25:443        ESTABLISHED 11231/java
tcp6       0      0 127.0.0.1:5140          127.0.0.1:48974         ESTABLISHED 5313/java
tcp6       0      0 127.0.0.1:5140          127.0.0.1:48978         ESTABLISHED 5313/java
tcp6       0      0 127.0.0.1:5140          127.0.0.1:48976         ESTABLISHED 5313/java
udp6       0      0 :::12999                :::*                                5313/java
udp6       0      0 :::13000                :::*                                5313/java
udp6       0      0 :::13001                :::*                                5313/java
udp6       0      0 :::13002                :::*                                5313/java
udp6       0      0 :::13003                :::*                                5313/java
udp6       0      0 127.0.0.1:5140          :::*                                5313/java
udp6       0      0 127.0.0.1:5141          :::*                                5313/java

  10. Lastly, if you have installed the logtrust-system utility in your machine, you must uninstall it using the following command (it will be reinstalled later)

    Ubuntu

    sudo apt-get purge logtrust-system

    CentOS / Red Hat

    sudo yum remove logrust-system

    devo-system

    Note that the most recent version of the logtrust-system package is called devo-system. This new package will be installed at the end of this process.

    Updating devo-monitor

    If you have already installed the devo-monitor package, you don't need to uninstall it.

Step 2 - Stop the old relay and make sure the new one is handling the data

Follow these steps to stop your old relay and check that the new one works properly:

  1. Execute the following command to stop the old relay:

    sudo service devo-relay stop

  2. Check that the process stopped and there is only a single Java process running now:

    # ps aux | grep scoja | grep -v grep
root     11231  1.7  9.6 4963516 339012 ?      Sl   11:14   0:08 java -XX:+UseConcMarkSweepGC -XX:MaxRAMPercentage=70.0 -XX:InitialRAMPercentage=70.0 -classpath /opt/devo/scoja-server/lib/scoja-server-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-client-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-beep-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-compression-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-xc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-cc-1.4.0.jar:/opt/devo/scoja-server/lib/jython-standalone-2.7.2b3.jar:/opt/devo/scoja-server/lib/log4j-1.2.17.jar org.scoja.server.Scoja -r 5s -G /opt/devo/scoja-server/conf/all-me.conf -j /opt/devo/scoja-server/conf/all-var.conf

  3. Wait for one minute and check that the connections to the ports have changed to the new relay (PID 11231 in the example below)

    # netstat -atunp | grep java
tcp6       0      0 :::13000                :::*                    LISTEN      11231/java
tcp6       0      0 :::13001                :::*                    LISTEN      11231/java
tcp6       0      0 :::13002                :::*                    LISTEN      11231/java
tcp6       0      0 :::13003                :::*                    LISTEN      11231/java
tcp6       0      0 127.0.0.1:5140          :::*                    LISTEN      11231/java
tcp6       0      0 10.0.2.15:42352         54.75.255.25:443        ESTABLISHED 11231/java
udp6       0      0 :::12999                :::*                                11231/java
udp6       0      0 :::13000                :::*                                11231/java
udp6       0      0 :::13001                :::*                                11231/java
udp6       0      0 :::13002                :::*                                11231/java
udp6       0      0 :::13003                :::*                                11231/java
udp6       0      0 127.0.0.1:5140          :::*                                11231/java
udp6       0      0 127.0.0.1:5141          :::*                                11231/java

    If the connections don’t show up and data stops arriving to Devo, start the old relay again with the following command and contact us.

    sudo service devo-relay start

    Make sure data is still reaching Devo before moving to the next step.

Step 3 - Uninstall the old relay

Execute the following command to uninstall the old relay:

Ubuntu

sudo apt-get purge devo-relay

CentOS / Red Hat 

sudo yum remove devo-relay

Step 4 - Install Devo packages for *nix

It is important to monitor the relay machine by sending system and stats data to Devo.

In order to do that, you must install the most recent versions of the devo-system and devo-monitor packages following the steps explained in Installing Devo packages for *nix.