Relay migration
Introduction
The steps described in this article will guide you through the migration process to the most recent version of Devo Relay in an Ubuntu or CentOS machine.
The process is as follows:
Install the new relay in the same machine where the old relay is located with exactly the same relay name so the same rules are downloaded for the new one. At this point, both relays will be running at the same time.
Stop the old relay and wait until the new relay takes over and starts processing the data. This process should take a few seconds. If something goes wrong, start the old relay again and check for issues. Visit support site if you need support.
Once the new relay is handling the traffic, remove the old relay from the machine.
Following these steps, data loss will be minimized as much as possible.
New package name
Note that the new package name is devo-ng-relay and is managed by the system manager systemd
. The old relay package name is devo-scoja-relay and it’s managed by System-V (init)
 system manager.
New installation path
Keep in mind that the new relay is deployed on a different path. The new installation path is:
/opt/devo/ng-relay
New network requirements
Check the Network row in the Requirements section of the Planning Devo Relay deployment article, as we have added two additional endpoints that may require the creation of new firewall rules.
Getting ready
Make sure there is enough memory left for the new relay to start. In the beginning, both relays will be running at the same time. If the relay is configured to start with 70% of the available RAM, it won’t be possible to start the new relay at the same time. Edit /etc/init.d/devo-scoja-relay
and set either a fixed amount of RAM of 30% or below to allow the new relay to run.Â
Once you have updated the startup file, restart the old relay with the following commands:
sudo /etc/init.d/devo-scoja-relay stopÂ
sudo /etc/init.d/devo-scoja-relay start
Migration procedure
Phase 1 - Install the new relay
In the same machine where the old relay is installed, install the
devo-ng-relay
anddevo-ng-relay-cli
packages.Set up the memory for the new relay in case it is needed by editing the following file:
/opt/devo/ng-relay/conf/relay/devo-ng-relay.jvmoptions
. In this example, we are setting 400 MB for the new relay.## JVM Options File ## The options are expressed as a list of new-line-separated JVM flags -Xms400M -Xmx400M
If changes in the file are performed, you must restart the service.
Check both Java processes are running.
Note that
PID 5953
is the old relay andPID 7214
is the new one.ÂOpen a new terminal to the machine and check ng-relay logs with the command
sudo journalctl -u devo-ng-relay -f
. You should see these logs:Check for ports where the old relay is listening using
sudo netstat -atunp | grep <old_relay_PID>
Run the Devo Relay CLI with the required command for your system (learn how to do it here) and then run the
setup
command using the exact same name for the relay. The exact same name can be taken from the fileopt/devo/relay/conf/relay.conf
in thehardware.id
field.You will see a message like this asking if you want to override the existing relay. Type Y.
After setup is completed, you will see these messages in the relay logs.
If there is not enough memory for the syslog engine inside the relay (Scoja) to start, you will see the following error and Scoja will not start. To fix it, increase the heap size for the new relay process by editing the file
/opt/devo/ng-relay/conf/relay/devo-ng-relay.jvmoptions
Otherwise, you will see scoja starting normally but the second scoja won’t be able to listen in the ports until the old relay is stopped. Please notice the “cannot listen!“ messages. They are normal.
Phase 2 - Stop the old relay and make sure the new one is handling the data
Stop the old relay using the following command.
Check that the new relay has started to listen to the ports that were being used by the old relay using the following command:
In case the connections don’t show up and the new relay process is not listening in all configured ports or events stop being ingested in Devo, start again the old relay:
Please make sure data is still reaching Devo before moving to the next phase.
Once the traffic is being handled by the new relay, adjust the memory allocation of the new relay process. We recommend allocating at least 2GB. Edit the file
/opt/devo/ng-relay/conf/relay/devo-ng-relay.jvmoptions
in case it's needed and restart the service.A test command from the Devo Relay CLI can also be executed to double-check that the sending from the new relay is working.
Phase 3 - Uninstall the old relay
To uninstall the old relay, execute the required command according to your OS:
Ubuntu | |
---|---|
Red Hat / CentOS |
Â