Update the base of the orchestrator Swarm
This page describes the procedure to update the Cyberwatch stack configuration folder for setups without satellite.
Various checkpoints are present in this procedure. If any of these checkpoints are not met, contact Cyberwatch support.
Prerequisites
- Docker with version is greater or equal to 23.0.6. It is recommended to have the latest version of docker.
- HTTPS requests toward
dl.cyberwatch.fr
andharbor.cyberwatch.fr
are allowed.
Update Docker
For Debian based machines:
apt update
apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
For Red Hat based machines:
yum install docker-ce docker-ce-cli containerd.io docker-compose-plugin
Link to Docker online documentation
Checkpoint: check the docker version with the command
docker version
Update the orchestrator base
Before any other operation, update the Cyberwatch application with the standard procedure.
Verify that packet
cyberwatch
is installed:sudo cyberwatch version
If the command does not exist, migrate cbw-on-premise to 5.X.
Else, update the package
For Debian-based distributions:
sudo apt update sudo apt install cyberwatch
For Red Hat based distributions:
sudo dnf install cyberwatch
Migrate from orchestrator base v2.X to v5.X
Starting from orchestrator base version 5.0, Cyberwatch is installed as a packet. This section describe how to migrate the orchestrator base from v2.X to v5.X.
Before the migration, ensure the orchestrator base version is at least 2.31:
sudo cat ~cyberwatch/cbw-on-premise/VERSION
If this is not the case, update the orchestrator base 2.X:
Ensure user
cyberwatch
owns the files:sudo chown -R cyberwatch: /home/cyberwatch/cbw-on-premise
Connect to user
cyberwatch
, and go to cbw-on-premise folder:sudo su - cyberwatch cd /home/cyberwatch/cbw-on-premise/
Stop Cyberwatch:
./cyberwatch.sh stop
Save custom changes:
git diff > /home/cyberwatch/diff
Update git repository:
git fetch git checkout master git reset --hard origin/master
Reconfigure Cyberwatch:
La commande de configuration accepte les options
--master
,--satellite
,--no-db
et--offline
. Utiliser celles qui sont nécessaires pour le cas d’usage de la machine../cyberwatch.sh configure
Checkpoint: verify the version of
cbw-on-premise
.cat /home/cyberwatch/cbw-on-premise/VERSION
Install Cyberwatch:
For Debian-based distributions:
sudo install -m 0755 -d /etc/apt/keyrings curl https://dl.cyberwatch.fr/apt/APT-CYBERWATCH-GPG-KEY | sudo gpg --dearmor -o /etc/apt/keyrings/cyberwatch.gpg sudo chmod a+r /etc/apt/keyrings/cyberwatch.gpg echo "deb [signed-by=/etc/apt/keyrings/cyberwatch.gpg] https://dl.cyberwatch.fr/apt any main" | sudo tee /etc/apt/sources.list.d/cyberwatch.list > /dev/null sudo apt update sudo apt install cyberwatch
For Red Hat based distributions:
sudo dnf config-manager --add-repo https://dl.cyberwatch.fr/rpm/cyberwatch.repo sudo dnf install cyberwatch
Reconfigure Cyberwatch:
The following command accepts
--master
,--satellite
,--no-db
and--offline
flags. Specify required flags depending on your situation.sudo cyberwatch configure
Verify that the instance work correctly from the web interface.
Optional: missing Redis password
Following a v5 orchestrator base update the secret
REDIS_PASSWORD
is mandatory on any node. This variable is missing on any node deployed before its creation.Check for its presence:
grep REDIS_PASSWORD /etc/cyberwatch/secrets.env
When missing, an error is triggered during communication with the redis database.
This kind of logs will occur in this situation:
# cyberwatch logs sidekiq Redis::CommandError: ERR AUTH <password> called without any password configured for the default user. Are you sure your configuration is correct?
If the variable is missing, you need to perform the appropriate procedure on each Cyberwatch node:
For any node that is not a satellite.
Generate a redis password by running the command:
echo "REDIS_PASSWORD=$(openssl rand -hex 16)" >> /etc/cyberwatch/secrets.env
For satellite nodes.
The
REDIS_PASSWORD
field value previously generated on the master instance needs to be configured. This requires retrieving the value of this field from the/etc/cyberwatch/secrets.env
file of the master instance, then adding it to the end of the same name file on the satellite.
Then restart each node by running the command:
cyberwatch restart
Archive the folder
cbw-on-premise
:sudo tar cvf cbw-on-premise-v2.tar /home/cyberwatch/cbw-on-premise
Move the archive out of folder
/home/cyberwatch
.Delete user
cyberwatch
and all data from/home/cyberwatch
:sudo userdel cyberwatch -r