7 Steps to Migrate an Appliance

Overview

This article is a step-by-step guide to migrate CentOS 6 to CentOS 7 Appliance. This is not an automated migration, please read carefully and follow the instructions to avoid any issues on the migration. Swivel Secure highly recommend customers to perform a side-by-side migration with SOC team. Please request details about this support to your sales representative.

Requirements

Minimum for Stand-Alone and/or High Availability:

  • CPU: 2-Core
  • RAM: 4 GB
  • Free disk space: 80GB
  • AuthControl Sentry 4.1.1 or higher

Recommended for Stand-Alone and/or High Availability:

  • CPU: 4-Core
  • RAM: 8 GB
  • Free disk space: 100GB
  • AuthControl Sentry 4.1.1 or higher

Command Line Interface access is required to perform the migration. Please contact to your sales representative relating this subject.

Swivel Secure highly recommend customers and partners to upgrade appliances with the typical product release cycle which includes specific stage and/or release process environments: Testing Environment, UAT (User Acceptance Testing), Staging Environment (Pre Production), etc before migrating Production environments.

Migration Steps

Step 1 - Backup Options

Keep in mind that this is step is related to backups performed in CentOS 6 Appliance. There are a few backup options and below are the requirements for each option.

Backup of Applications Option

This option requires no further actions apart from moving the 2021XXXXXXXXXX-APP file from CentOS 6 appliance to CentOS 7 appliance.

Backup of System Option

Please follow all below steps.

Backup Full Option

Please follow all below steps.

This backup migration process occurs only once when migrating CentOS 6 appliances to CentOS 7 appliances.

Step 2 - Backup MySQL certificates

Before restoring backup from CentOS 6 Appliance, zip my.cnf.d folder in CentOS 7 Appliance. This folder contains SSL certificates. Keep this zipped file in the path it is.

_images/bkpmycnfd.gif

Step 3 - Services Status

In CentOS 7 Appliance, check for all running services. Stop and then start all in the following order:

  1. Tomcat stop
  2. Database stop
  3. Heartbeat stop (if HA appliance)
  4. Mon stop (if HA appliance)
  5. SNMPD stop
  6. Webmin stop
  7. Sendmail stop
_images/StopServices.gif

If any of the above running services does not stop, kill the process via command line. Below command will display Tomcat PID, then use kill command to stop the process.

_images/killtomcat.gif

Start services back in the below order.

  1. Database start
  2. Tomcat start
  3. Heartbeat start (if HA appliance)
  4. Mon start (if HA appliance)
  5. SNMPD start
  6. Webmin start
  7. Sendmail start
_images/restartservices.gif

If any process had to be killed manually, stop it and start again in CMI to ensure consistency. Killing process:

Note: Do not use service nor systemctl command in CLI to start/stop services. Doing so will change permissions on files and it can crash the products causing a lot of headache. These services state must always be managed in CMI (specially Tomcat). There’s one exception in the steps below.

Step 4 - Logs Monitoring

Keep an eye on catalina.out log during the next steps to identify any errors that could be raised. Command:

_images/tailtomcat.gif

Also, command journalctl -f can be used to keep an eye in system logs.

_images/jounralctl.gif

Step 5 - Restore CentOS 6 Backup

In CentOS 7 Appliance proceed to restore option in CMI Menu and restore the required CentOS 6 backup.

_images/restorebkp.gif

The error message for the file drdb.conf in the process can be ignored. Do not enter Yes for the last message to restart network. Just press Enter key with no input.

Step 6 - Restore MySQL Certificates

Stop Tomcat in CMI menu. In CLI, access etc folder and remove my.cnf.d generated with the restore. Then unzip my.cnf.d_backup.zip instructed on Step 1 in this article. Restart Database and run command mysql_upgrade –force in CLI. This command looks for incompatibilities with the upgraded MySQL server:

  • It upgrades the system tables in the mysql schema so that you can take advantage of new privileges or capabilities that might have been added.
  • It upgrades the Performance Schema and sys schema.
  • It examines user schemas.
_images/mycndrestore.gif

If mysql_upgrade finds a table with incompatibilities, it performs a table check and, if problems are found, attempts a table repair. If the table cannot be repaired, please refer to the official MariaDB document here. If the rebuild / repair does not work properly, do not insist and recreate CentOS 7. If the issue is persistent, please contact your sales representative for further assistance.

Step 7 - Functional Review

Go to User Administration and push User Sync in all repositories to ensure all users are brought up. Test and ensure all Swivel Secure products are properly deployed and Sentry users are able to login and logout.

Additional Information

Swivel Secure respositories are updated to be compatible with CentOS 7. Also, new repositories have been created to ensure Operating System level updates and patches.

The full list of repositories are available here.

Any warnings in the update process can be ignored.

Known Issues

Hostname change

Hostname can happen to revert to the original when rebooting the appliance. This is a legacy issue present in CentOS 6 appliances. In the mean time that this issue is not resolved, run the below command in the command line:

hostnamectl set-hostname <hostname>

If the case is for HA, run the above in both Primary and Standby. Restart the machine(s) and check for the hostname.