.Relay migration vv7.0.8
Introduction
The steps described in this article will guide you through the migration process from an old relay version in your machine to the most recent version (v1.4.2)
The process is as follows:
- Install the new relay in the same machine where the old relay is located with exactly the same relay name so the same rules are downloaded for the new one, and force the download of new certificates from the web app. At this point, both relays will be running at the same time.
- Stop the old relay and wait until the new relay takes over and starts processing the data. This process should take a few seconds. If something goes wrong, start the old relay again and check for issues. Contact us if you need support.
- Once the new relay is handling the traffic, remove the old relay from the machine.
Following these steps, data loss will be minimized as much as possible.
New paths
Take into account that the new relay is deployed on a different path. The files that were under /etc/logtrust
and /opt/logtrust
in previous versions are now under the /opt/devo
folder.
New package name
Also, note that the new package name is devo-scoja-relay and the old one is devo-relay.
Getting ready
Before starting the migration process, you must get your relay name. To do it, connect to the relay via SSH and execute the following command:
# cat /etc/logtrust/relay/logtrust.conf logtrust.services.url = "https://xxx.devo.com/domain/clientrelay.json" logtrust.services.downloadHomeRelayConfig.url = "https://xxx.devo.com/domain/clientrelay/config" api.key = "xxxx" hardware.id = "ubuntu-xenial-migrationtest" relay.address = "10.0.2.15" proxy.host = "" proxy.port = "" proxy.user = "" proxy.pass = "" version = "1.0"
Your relay name is the value of the parameter hardware.id
. Keep it handy as you will need it to configure the new relay.
Migration procedure
The migration procedure is made up of 4 different steps:
- Step 1 - Install the new relay
- Step 2 - Stop the old relay and make sure the new one is handling the data
- Step 3 - Uninstall the old relay
- Step 4 - Install packages for *nix
Step 1 - Install the new relay
Follow these steps to install the new relay in your machine:
Execute the following command in the same machine where your old version is running to install the new version of the Devo relay:
Ubuntu
sudo apt-get install devo-scoja-relay
CentOS / Red Hat
sudo yum install devo-scoja-relay
The relay configuration utility will be launched, where you must specify the relay configuration settings. Check the step-by-step process for configuring the new relay for Ubuntu here (step 4), and go here if you are installing it in Red Hat or CentOS (step 5).
New relay name
The name of the new relay must be exactly the same as the old one. Otherwise, the relay rules will not be downloaded automatically.
New relay configuration
The configuration settings of the new relay must be exactly the same as the old one
Make sure that OpenJDK8 is being used after the package installation. In case several Java versions are installed, select openjdk8.
# update-alternatives --config java There are 2 choices for the alternative java (providing /usr/bin/java). Selection Path Priority Status ------------------------------------------------------------ 0 /usr/lib/jvm/java-9-openjdk-amd64/bin/java 1091 auto mode * 1 /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java 1081 manual mode 2 /usr/lib/jvm/java-9-openjdk-amd64/bin/java 1091 manual mode Press <enter> to keep the current choice[*], or type selection number:
At this point, both relays are working at the same time and you will see two Java processes running. In the following example, PID 5313 is the old relay and PID 10932 is the new one:
# ps aux | grep java | grep -v grep root 5313 0.2 5.2 2786768 184964 ? Sl 04:43 0:48 java -server -Xms200M -Xmx200M -XX:+UseConcMarkSweepGC -classpath :/opt/logtrust/scoja/scoja.jar:/opt/logtrust/scoja/scoja-cc.jar:/opt/logtrust/scoja/scoja-compression.jar:/opt/logtrust/scoja/scoja-rpc.jar:/opt/logtrust/scoja/scoja-beep.jar:/opt/logtrust/scoja/jython.jar -Djava.library.path=/opt/logtrust/scoja -Dorg.scoja.io.posix.provider=org.scoja.io.posix.PosixNative -Dscoja.home=/opt/logtrust/scoja -Dpython.import.site=false org.scoja.server.Scoja -r 5s -G /etc/logtrust/scoja/version1/all-me.conf -j /etc/logtrust/scoja/version1/all-var.conf root 10932 1.3 9.4 4940144 332620 ? Sl 10:50 0:09 java -XX:+UseConcMarkSweepGC -XX:MaxRAMPercentage=70.0 -XX:InitialRAMPercentage=70.0 -classpath /opt/devo/scoja-server/lib/scoja-server-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-client-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-beep-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-compression-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-xc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-cc-1.4.0.jar:/opt/devo/scoja-server/lib/jython-standalone-2.7.2b3.jar:/opt/devo/scoja-server/lib/log4j-1.2.17.jar org.scoja.server.Scoja -r 5s -G /opt/devo/scoja-server/conf/all-me.conf -j /opt/devo/scoja-server/conf/all-var.conf
If you don’t see two Java processes running, check
/var/log/scoja.log
for errors. It may be necessary to stop and start the new relay if you have updated the Java version withupdate-alternatives --config java
. Once you check that both Java processes are running, you can continue.- In Devo, go to Administration → Relays. Click the ellipsis icon that appears at the right of your relay when you hover over it and click Edit.
- Then, check the Force Generate New Certificate check box and click Apply configuration to force the creation of the new certificates.
Wait for 2 minutes and check that the following file exists:Â
/opt/devo/scoja-server/conf/keys/client.jks
# ll /opt/devo/scoja-server/conf/keys/client.jks -rw-r--r-- 1 root root 8075 Oct 13 11:10 /opt/devo/scoja-server/conf/keys/client.jks
You can also check that the rules have been downloaded and are available in
/opt/devo/scoja-server/conf/rules
# ll /opt/devo/scoja-server/conf/rules total 28 drwxr-xr-x 2 root root 4096 Oct 13 11:10 ./ drwxr-xr-x 4 root root 4096 Oct 13 11:10 ../ -rw-r--r-- 1 root root 147 Oct 13 11:10 rule-13000.pconf -rw-r--r-- 1 root root 176 Oct 13 11:10 rule-13001.pconf -rw-r--r-- 1 root root 175 Oct 13 11:10 rule-13002.pconf -rw-r--r-- 1 root root 227 Oct 13 11:10 rule-13003.pconf -rw-r--r-- 1 root root 107 Oct 13 11:10 target.pconf
After this step, the Devo Scoja Relay will be installed and ready to be used. The relay rules and certificates will be automatically downloaded from the Devo app.
At this point, the ports are still being used by the old version of the relay (PID 5313 in the example below)
# netstat -atunp | grep java tcp6 0 0 :::13000 :::* LISTEN 5313/java tcp6 0 0 :::13001 :::* LISTEN 5313/java tcp6 0 0 :::13002 :::* LISTEN 5313/java tcp6 0 0 :::13003 :::* LISTEN 5313/java tcp6 0 0 127.0.0.1:5140 :::* LISTEN 5313/java tcp6 0 0 10.0.2.15:42188 54.75.255.25:443 ESTABLISHED 5313/java tcp6 0 0 10.0.2.15:42352 54.75.255.25:443 ESTABLISHED 11231/java tcp6 0 0 127.0.0.1:5140 127.0.0.1:48974 ESTABLISHED 5313/java tcp6 0 0 127.0.0.1:5140 127.0.0.1:48978 ESTABLISHED 5313/java tcp6 0 0 127.0.0.1:5140 127.0.0.1:48976 ESTABLISHED 5313/java udp6 0 0 :::12999 :::* 5313/java udp6 0 0 :::13000 :::* 5313/java udp6 0 0 :::13001 :::* 5313/java udp6 0 0 :::13002 :::* 5313/java udp6 0 0 :::13003 :::* 5313/java udp6 0 0 127.0.0.1:5140 :::* 5313/java udp6 0 0 127.0.0.1:5141 :::* 5313/java
Lastly, if you have installed the logtrust-system utility in your machine, you must uninstall it using the following command (it will be reinstalled later)
Ubuntu
sudo apt-get purge logtrust-system
CentOS / Red Hat
sudo yum remove logrust-system
devo-system
Note that the most recent version of the logtrust-system package is called devo-system. This new package will be installed at the end of this process.
Updating devo-monitor
If you have already installed the devo-monitor package, you don't need to uninstall it.
Step 2 - Stop the old relay and make sure the new one is handling the data
Follow these steps to stop your old relay and check that the new one works properly:
Execute the following command to stop the old relay:
sudo service devo-relay stop
Check that the process stopped and there is only a single Java process running now:
# ps aux | grep scoja | grep -v grep root 11231 1.7 9.6 4963516 339012 ? Sl 11:14 0:08 java -XX:+UseConcMarkSweepGC -XX:MaxRAMPercentage=70.0 -XX:InitialRAMPercentage=70.0 -classpath /opt/devo/scoja-server/lib/scoja-server-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-client-1.5.1.jar:/opt/devo/scoja-server/lib/scoja-beep-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-compression-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-rpc-xc-1.4.0.jar:/opt/devo/scoja-server/lib/scoja-cc-1.4.0.jar:/opt/devo/scoja-server/lib/jython-standalone-2.7.2b3.jar:/opt/devo/scoja-server/lib/log4j-1.2.17.jar org.scoja.server.Scoja -r 5s -G /opt/devo/scoja-server/conf/all-me.conf -j /opt/devo/scoja-server/conf/all-var.conf
Wait for one minute and check that the connections to the ports have changed to the new relay (PID 11231 in the example below)
# netstat -atunp | grep java tcp6 0 0 :::13000 :::* LISTEN 11231/java tcp6 0 0 :::13001 :::* LISTEN 11231/java tcp6 0 0 :::13002 :::* LISTEN 11231/java tcp6 0 0 :::13003 :::* LISTEN 11231/java tcp6 0 0 127.0.0.1:5140 :::* LISTEN 11231/java tcp6 0 0 10.0.2.15:42352 54.75.255.25:443 ESTABLISHED 11231/java udp6 0 0 :::12999 :::* 11231/java udp6 0 0 :::13000 :::* 11231/java udp6 0 0 :::13001 :::* 11231/java udp6 0 0 :::13002 :::* 11231/java udp6 0 0 :::13003 :::* 11231/java udp6 0 0 127.0.0.1:5140 :::* 11231/java udp6 0 0 127.0.0.1:5141 :::* 11231/java
If the connections don’t show up and data stops arriving to Devo, start the old relay again with the following command and contact us.
sudo service devo-relay start
Make sure data is still reaching Devo before moving to the next step.
Step 3 - Uninstall the old relay
Execute the following command to uninstall the old relay:
Ubuntu
sudo apt-get purge devo-relay
CentOS / Red HatÂ
sudo yum remove devo-relay
Step 4 - Install Devo packages for *nix
It is important to monitor the relay machine by sending system and stats data to Devo.
In order to do that, you must install the most recent versions of the devo-system and devo-monitor packages following the steps explained in Installing Devo packages for *nix.