Update the base of the orchestrator Swarm
This page describes the procedure to update the Cyberwatch stack configuration folder for setups without satellite.
Various checkpoints are present in this procedure. If any of these checkpoints are not met, contact Cyberwatch support.
Prerequisites
- Docker version is greater or equal to 20.10.10.
- HTTPS requests toward
dl.cyberwatch.fr
etharbor.cyberwatch.fr
are allowed.
Update Docker
For Debian based machines:
apt update
apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
For Red Hat based machines:
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
Link to Docker online documentation
Checkpoint: check the docker version with the command
docker version
Update Cyberwatch
-
Before any other operation, update the Cyberwatch application with the standard procedure.
-
Verify that packet
cyberwatch
is installed:sudo cyberwatch version
If the command does not exist, migrate cbw-on-premise to 5.X.
-
Else, update the package
For Debian-based distributions:
sudo apt update sudo apt install cyberwatch
For Red Hat based distributions:
sudo dnf install cyberwatch
Migrate from cbw-on-premise v2.X to cbw-on-premise v5.X
Starting from cbw-on-premise version 5.0, Cyberwatch is installed as a packet. This section describe how to migrate cbw-on-premise from v2.X to v5.X.
-
Before the migration, ensure cbw-on-premise version is at least 2.31:
sudo cat ~cyberwatch/cbw-on-premise/VERSION
-
If this is not the case, update cbw-on-premise 2.X:
-
Ensure user
cyberwatch
owns the files:sudo chown -R cyberwatch: /home/cyberwatch/cbw-on-premise
-
Connect to user
cyberwatch
, and go to cbw-on-premise folder:sudo su - cyberwatch cd /home/cyberwatch/cbw-on-premise/
-
Stop Cyberwatch:
./cyberwatch.sh stop
-
Save custom changes:
git diff > /home/cyberwatch/diff
-
Update git repository:
git fetch git checkout master git reset --hard origin/master
-
Reconfigure Cyberwatch:
La commande de configuration accepte les options
--master
,--satellite
,--no-db
et--offline
. Utiliser celles qui sont nécessaires pour le cas d’usage de la machine../cyberwatch.sh configure
-
Checkpoint: verify the version of
cbw-on-premise
.cat /home/cyberwatch/cbw-on-premise/VERSION
-
-
Install Cyberwatch:
For Debian-based distributions:
sudo install -m 0755 -d /usr/share/keyrings curl https://dl.cyberwatch.fr/apt/APT-CYBERWATCH-GPG-KEY | sudo gpg --dearmor -o /usr/share/keyrings/cyberwatch.gpg sudo chmod a+r /usr/share/keyrings/cyberwatch.gpg echo "deb [signed-by=/usr/share/keyrings/cyberwatch.gpg] https://dl.cyberwatch.fr/apt any main" | sudo tee /etc/apt/sources.list.d/cyberwatch.list > /dev/null sudo apt update sudo apt install cyberwatch
For Red Hat based distributions:
sudo yum-config-manager --add-repo https://dl.cyberwatch.fr/rpm/cyberwatch.repo sudo dnf install cyberwatch
-
Reconfigure Cyberwatch:
The following command accepts
--master
,--satellite
,--no-db
and--offline
flags. Specify required flags depending on your situation.sudo cyberwatch configure
-
Verify that the instance work correctly from the web interface.
-
Optional: missing Redis password
Following a v5 base orchestrator update the secret
REDIS_PASSWORD
is mandatory on any node. This variable is missing on any node deployed before its creation.Check for its presence:
grep REDIS_PASSWORD /etc/cyberwatch/secrets.env
When missing, an error is triggered during communication with the redis database.
This kind of logs will occur in this situation:
# cyberwatch logs sidekiq Redis::CommandError: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?
If the variable is missing, you need to perform the appropriate procedure on each Cyberwatch node:
-
For any node that is not a satellite.
Generate a redis password by running the command:
echo "REDIS_PASSWORD=$(openssl rand -hex 16)" >> /etc/cyberwatch/secrets.env
-
For satellite nodes.
The
REDIS_PASSWORD
field value previously generated on the master instance needs to be configured. This requires retrieving the value of this field from the/etc/cyberwatch/secrets.env
file of the master instance, then adding it to the end of the same name file on the satellite.
Then restart each node by running the command:
cyberwatch restart
-
-
Archive the folder
cbw-on-premise
:sudo tar cvf cbw-on-premise-v2.tar /home/cyberwatch/cbw-on-premise
-
Move the archive out of folder
/home/cyberwatch
. -
Delete user
cyberwatch
and all data from/home/cyberwatch
:sudo userdel cyberwatch -r