Update the base of the orchestrator Swarm

This page describes the procedure to update the Cyberwatch stack configuration folder for setups without satellite.

Various checkpoints are present in this procedure. If any of these checkpoints are not met, contact Cyberwatch support.

Prerequisites

  • Docker version is greater or equal to 20.10.10.
  • HTTPS requests toward dl.cyberwatch.fr et harbor.cyberwatch.fr are allowed.

Update Docker

For Debian based machines:

apt update
apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin

For Red Hat based machines:

yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin

Link to Docker online documentation

Checkpoint: check the docker version with the command

docker version

Update the orchestrator base

  1. Before any other operation, update the Cyberwatch application with the standard procedure.

  2. Verify that packet cyberwatch is installed:

    sudo cyberwatch version
    

    If the command does not exist, migrate cbw-on-premise to 5.X.

  3. Else, update the package

    For Debian-based distributions:

    sudo apt update
    sudo apt install cyberwatch
    

    For Red Hat based distributions:

    sudo dnf install cyberwatch
    

Migrate from orchestrator base v2.X to v5.X

Starting from orchestrator base version 5.0, Cyberwatch is installed as a packet. This section describe how to migrate the orchestrator base from v2.X to v5.X.

  1. Before the migration, ensure the orchestrator base version is at least 2.31:

    sudo cat ~cyberwatch/cbw-on-premise/VERSION
    
  2. If this is not the case, update the orchestrator base 2.X:

    1. Ensure user cyberwatch owns the files:

      sudo chown -R cyberwatch: /home/cyberwatch/cbw-on-premise
      
    2. Connect to user cyberwatch, and go to cbw-on-premise folder:

      sudo su - cyberwatch
      cd /home/cyberwatch/cbw-on-premise/
      
    3. Stop Cyberwatch:

      ./cyberwatch.sh stop
      
    4. Save custom changes:

      git diff > /home/cyberwatch/diff
      
    5. Update git repository:

      git fetch
      git checkout master
      git reset --hard origin/master
      
    6. Reconfigure Cyberwatch:

      La commande de configuration accepte les options --master, --satellite, --no-db et --offline. Utiliser celles qui sont nécessaires pour le cas d’usage de la machine.

      ./cyberwatch.sh configure
      
    7. Checkpoint: verify the version of cbw-on-premise.

      cat /home/cyberwatch/cbw-on-premise/VERSION
      
  3. Install Cyberwatch:

    For Debian-based distributions:

    sudo install -m 0755 -d /usr/share/keyrings
    curl https://dl.cyberwatch.fr/apt/APT-CYBERWATCH-GPG-KEY | sudo gpg --dearmor -o /usr/share/keyrings/cyberwatch.gpg
    sudo chmod a+r /usr/share/keyrings/cyberwatch.gpg
    echo "deb [signed-by=/usr/share/keyrings/cyberwatch.gpg] https://dl.cyberwatch.fr/apt any main" | sudo tee /etc/apt/sources.list.d/cyberwatch.list > /dev/null
    sudo apt update
    sudo apt install cyberwatch
    

    For Red Hat based distributions:

    sudo yum-config-manager --add-repo https://dl.cyberwatch.fr/rpm/cyberwatch.repo
    sudo dnf install cyberwatch
    
  4. Reconfigure Cyberwatch:

    The following command accepts --master, --satellite, --no-db and --offline flags. Specify required flags depending on your situation.

    sudo cyberwatch configure
    
  5. Verify that the instance work correctly from the web interface.

  6. Optional: missing Redis password

    Following a v5 orchestrator base update the secret REDIS_PASSWORDis mandatory on any node. This variable is missing on any node deployed before its creation.

    Check for its presence:

    grep REDIS_PASSWORD /etc/cyberwatch/secrets.env
    

    When missing, an error is triggered during communication with the redis database.

    This kind of logs will occur in this situation:

    # cyberwatch logs sidekiq
    Redis::CommandError: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?
    

    If the variable is missing, you need to perform the appropriate procedure on each Cyberwatch node:

    1. For any node that is not a satellite.

      Generate a redis password by running the command:

      echo "REDIS_PASSWORD=$(openssl rand -hex 16)" >> /etc/cyberwatch/secrets.env
      
    2. For satellite nodes.

      The REDIS_PASSWORD field value previously generated on the master instance needs to be configured. This requires retrieving the value of this field from the /etc/cyberwatch/secrets.env file of the master instance, then adding it to the end of the same name file on the satellite.

    Then restart each node by running the command:

    cyberwatch restart
    
  7. Archive the foldercbw-on-premise:

    sudo tar cvf cbw-on-premise-v2.tar /home/cyberwatch/cbw-on-premise
    
  8. Move the archive out of folder /home/cyberwatch.

  9. Delete user cyberwatch and all data from /home/cyberwatch:

    sudo userdel cyberwatch -r