Document toolboxDocument toolbox

Relay migration

Owned by Juan Tomás Alonso Nieto (Deactivated)
Last updated: May 12, 2023
13 min read
[ 1 Introduction ] [ 2 Getting ready ] [ 3 Migration procedure ]

Introduction

The steps described in this article will guide you through the migration process to the most recent version of Devo Relay in an Ubuntu or CentOS machine.

The process is as follows:

  • Install the new relay in the same machine where the old relay is located with exactly the same relay name so the same rules are downloaded for the new one. At this point, both relays will be running at the same time.

  • Stop the old relay and wait until the new relay takes over and starts processing the data. This process should take a few seconds. If something goes wrong, start the old relay again and check for issues. Contact us if you need support.

  • Once the new relay is handling the traffic, remove the old relay from the machine.

Following these steps, data loss will be minimized as much as possible.

New package name

Note that the new package name is devo-ng-relay and is managed by the system manager systemd. The old relay package name is devo-scoja-relay and it’s managed by System-V (init) system manager.

New installation path

Keep in mind that the new relay is deployed on a different path. The new installation path is:

/opt/devo/ng-relay

New network requirements

Check the Network row in the Requirements section of the Planning Devo Relay deployment article, as we have added two additional endpoints that may require the creation of new firewall rules.

Getting ready

Make sure there is enough memory left for the new relay to start. In the beginning, both relays will be running at the same time. If the relay is configured to start with 70% of the available RAM, it won’t be possible to start the new relay at the same time. Edit /etc/init.d/devo-scoja-relay and set either a fixed amount of RAM of 30% or below to allow the new relay to run. 

Once you have updated the startup file, restart the old relay with the following commands:

sudo /etc/init.d/devo-scoja-relay stop 
sudo /etc/init.d/devo-scoja-relay start

Migration procedure

Phase 1 - Install the new relay

  1. In the same machine where the old relay is installed, install the devo-ng-relay and devo-ng-relay-cli packages.

  2. Set up the memory for the new relay in case it is needed by editing the following file: /opt/devo/ng-relay/conf/relay/devo-ng-relay.jvmoptions. In this example, we are setting 400 MB for the new relay.

    ## JVM Options File ## The options are expressed as a list of new-line-separated JVM flags -Xms400M -Xmx400M

    If changes in the file are performed, you must restart the service.

  3. Check both Java processes are running.

    Note that PID 5953 is the old relay and PID 7214 is the new one. 

  4. Open a new terminal to the machine and check ng-relay logs with the command sudo journalctl -u devo-ng-relay -f. You should see these logs:

  5. Check for ports where the old relay is listening using sudo netstat -atunp | grep <old_relay_PID>

  6. Run the Devo Relay CLI with the required command for your system (learn how to do it here) and then run the setup command using the exact same name for the relay. The exact same name can be taken from the file opt/devo/relay/conf/relay.conf in the hardware.id field.

  7. You will see a message like this asking if you want to override the existing relay. Type Y.

    After setup is completed, you will see these messages in the relay logs.

  8. If there is not enough memory for the syslog engine inside the relay (Scoja) to start, you will see the following error and Scoja will not start. To fix it, increase the heap size for the new relay process by editing the file /opt/devo/ng-relay/conf/relay/devo-ng-relay.jvmoptions

    Otherwise, you will see scoja starting normally but the second scoja won’t be able to listen in the ports until the old relay is stopped. Please notice the “cannot listen!“ messages. They are normal.

Phase 2 - Stop the old relay and make sure the new one is handling the data

  1. Stop the old relay using the following command.

  2. Check that the new relay has started to listen to the ports that were being used by the old relay using the following command:

    In case the connections don’t show up and the new relay process is not listening in all configured ports or events stop being ingested in Devo, start again the old relay:

    Please make sure data is still reaching Devo before moving to the next phase.

  3. Once the traffic is being handled by the new relay, adjust the memory allocation of the new relay process. We recommend allocating at least 2GB. Edit the file /opt/devo/ng-relay/conf/relay/devo-ng-relay.jvmoptions in case it's needed and restart the service.

  4. A test command from the Devo Relay CLI can also be executed to double-check that the sending from the new relay is working.

Phase 3 - Uninstall the old relay

To uninstall the old relay, execute the required command according to your OS:

Ubuntu

Red Hat / CentOS

Â