Skip to main content

Patch Moogsoft Onprem Tarball for v9.0.1.x

This topic describes how to patch a tarball-based distribution of Moogsoft Onprem to v9.1.0 from v9.0.0 or v9.0.0.x

Warning

  • For deployments upgrading from v9.0.0 or v9.0.0.1

    The upgrade path from v9.0.0/v9.0.0.1 to v9.0.1 onwards (any pre v9.0.0.2 release going to any post v9.0.1 release) requires a 'full stop' upgrade of any running RabbitMQ clusters. All rabbit nodes will need to be stopped before their binaries are upgraded. This means there will be a window of time during the upgrade where RabbitMQ cannot be used to store events. Further upgrade details are in the relevant step below.

  • For deployments upgrading from v9.0.0.2

    The RabbitMQ upgrade as part of this process requires all feature flags to be enabled.

    The following command must be run on all RabbitMQ server nodes before the following steps are performed:

    export PATH=$MOOGSOFT_HOME/cots/erlang/bin/:$PATH;
${MOOGSOFT_HOME}/cots/rabbitmq-server/sbin/rabbitmqctl enable_feature_flag all

  1. Ensure the patch tarball is available to each server being patched:

    • Download the patch tarball using the following command (SPEEDY_USERNAME and SPEEDY_PASSWORD need to be set as environment variables before running this):

      curl -L -O "https://${SPEEDY_USERNAME}:${SPEEDY_PASSWORD}@speedy.moogsoft.com/v9/installer/moogsoft-enterprise-9.1.0.tgz"

      Copy the tarball to all servers where the product is installed.

  2. Optional GPG key validation of the tarball to validate the installation file.

    • For servers without internet access (if server has internet access go to the next step):

      1. Download the key from this site:

        https://keys.openpgp.org/vks/v1/by-fingerprint/0A8FD9AB6F1693A1967B3B8CB919E617EC6946C2

      2. Copy the key to the server onto which the tarball will be installed (it will be an .asc file).

      3. Import the key:

        gpg --import 0A8FD9AB6F1693A1967B3B8CB919E617EC6946C2

    • For servers with internet access, run the following command:

      curl https://keys.openpgp.org/vks/v1/by-fingerprint/0A8FD9AB6F1693A1967B3B8CB919E617EC6946C2 | gpg —-import

      1. Download the patch tarball and matching '.sig' file from the 'speedy' yum repository using a browser, providing speedy credentials when asked by the browser:

        https://speedy.moogsoft.com/v9/installer/

    • Copy the patch tgz and matching '.sig' file into the same folder.

    • Copy the following code into a bash terminal and run it to perform the validation:

      gpg --verify moogsoft-enterprise-9.1.0.tgz.sig moogsoft-enterprise-9.1.0.tgz

    • Confirm that the command reports:

      Good signature from "Moogsoft <security@moogsoft.com>"

  3. Stop all processes on each host:

    $MOOGSOFT_HOME/bin/utils/process_cntl moog_farmd stop;
$MOOGSOFT_HOME/bin/utils/process_cntl apache-tomcat stop;
kill -9 $(ps -ef | grep java | grep lam | awk '{print $2}') 2>/dev/null;
(crontab -l | sed -e 's/^\(.*events_analyser.*\)$/#\1/') | crontab -
(crontab -l | sed -e 's/^\(.*keepalive.*\)$/#\1/') | crontab -
ps -ef | grep java | egrep 'events_analyser|keepalive' | awk '{print $2}' | xargs kill 2>/dev/null;
$MOOGSOFT_HOME/bin/utils/process_cntl nginx stop;

  4. Gather the required variables (do not close the terminal these commands are run in, otherwise they will be lost):

    export OLD_DIST_PATH=$(readlink -f $MOOGSOFT_HOME/bin|awk -F '/' 'sub(FS $NF,x)');
export CERT_REAL_PATH_PEM=$(readlink -f $(grep -h 'ssl_certificate ' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf|awk '{print $2}'|tr -d ';'));
export CERT_REAL_PATH_KEY=$(readlink -f $(grep -h 'ssl_certificate_key' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf|awk '{print $2}'|tr -d ';'));
export CERT_PATH_PEM=$(grep -h 'ssl_certificate ' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf);
export CERT_PATH_KEY=$(grep -h 'ssl_certificate_key' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf);

  5. FOR ALL VERSIONS

    Update Percona to the latest version using the instructions here: Percona Cluster 8.0 Tarball Minor Version Upgrade

  6. FOR DEPLOYMENTS BEING UPGRADED FROM v9.0.0 OR v9.0.0.1 OR EARLIER ONLY

    RabbitMQ will be upgraded as part of this process and all nodes need to be stopped.

    Use the following command to stop RabbitMQ on each server:

    $MOOGSOFT_HOME/bin/utils/process_cntl rabbitmq stop

  7. Place the downloaded tarball file into an empty directory called patch_directory9.1.0 and execute the following commands to start the patch installation:

    cd patch_directory9.1.0;
tar -xf moogsoft-enterprise-9.1.0.tgz;
bash moogsoft-enterprise-install-9.1.0.sh;

  8. RabbitMQ Upgrade

    • FOR DEPLOYMENTS BEING UPGRADED FROM v9.0.0 OR v9.0.0.1 OR EARLIER ONLY

      Now the RabbitMQ binaries have been upgraded, the RabbitMQ nodes need to be restarted. On each node perform the following steps.

      The mnesia directory needs to be deleted using the following command:

      rm -rf $MOOGSOFT_HOME/var/lib/rabbitmq/mnesia/*

      The RabbitMQ node now needs to be re-initialised:

      $MOOGSOFT_HOME/bin/utils/moog_init_mooms.sh -pz <YOUR_ZONE_NAME>

      Then, re-initialize the other nodes in the same way using the same command.

      Now create a cluster of all the RabbitMQ nodes: https://www.rabbitmq.com/clustering.html

      Perform some health checks (for example as documented here: https://www.rabbitmq.com/monitoring.html#health-checks) to ensure the cluster is operating as expected

    • FOR DEPLOYMENTS BEING UPGRADED FROM v9.0.0.2 ONLY

      Now the RabbitMQ binaries have been upgraded, the RabbitMQ nodes need to be restarted:

      $MOOGSOFT_HOME/bin/utils/process_cntl rabbitmq restart

      Perform some health checks (for example as documented here: https://www.rabbitmq.com/monitoring.html#health-checks) to ensure the cluster is operating as expected

  9. There are changes in controller.conf, system.conf, and security.conf in this release (depending on the version being upgraded from). Identify the config files that have changed between the previously installed version and this version. For example:

    diff -rq $OLD_DIST_PATH/config $MOOGSOFT_HOME/dist/9.1.0/config | grep -i 'differ'

    Update files in $MOOGSOFT_HOME/config with any changes introduced in the 9.1.0 version of these files (if appropriate/needed).

  10. FOR ALL VERSIONS

    Refresh all stored procedures (provide the 'ermintrude' DB user password when prompted):

    $MOOGSOFT_HOME/bin/utils/moog_db_auto_upgrader -t 9.0.1 -u ermintrude

  11. FOR ALL VERSIONS

    New security enhancements in v9.0.1 require enabling the Sign Response As Required option on the IDP side, if configurable. We kindly request your SAML team to do this for the <PROD/UAT> environment before the upgrade. If you are unsure after communicating with your SAML team whether this option applies to your setup, please contact Moogsoft support.

    If a new IDP is generated after this change, SAML team should provide its metadata file to the team taking care of the upgrade. During the upgrade, the existing IDP file will be replaced with the one provided. In all cases, the SP metadata file will be regenerated and should be shared with SAML team. They may need to import the new SP metadata or configure the relevant fields with the information supplied in the file to complete the trust configuration.

  12. FOR ALL VERSIONS

    Re-deploy Apache Tomcat and reconfigure Nginx. IMPORTANT: If the Xmx value for apache-tomcat has been changed from the default in the $MOOGSOFT_HOME/bin/utils/process_cntl script, ensure the customised value is replaced after the upgrade, then restart the apache-tomcat process. Run these commands in the same terminal as the one where the variables were saved previously. Then restart nginx:

    VERSION=9.1.0;
$MOOGSOFT_HOME/bin/utils/moog_init_ui.sh -tnfwz $($MOOGSOFT_HOME/bin/utils/moog_config_reader -k mooms.zone) --accept-eula
cp -f $CERT_REAL_PATH_PEM $MOOGSOFT_HOME/cots/nginx/ssl/;
cp -f $CERT_REAL_PATH_KEY $MOOGSOFT_HOME/cots/nginx/ssl/;
sed -i "s|.*ssl_certificate .*|${CERT_PATH_PEM}|" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ssl.conf;
sed -i "s|.*ssl_certificate_key.*|${CERT_PATH_KEY}|" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ssl.conf;
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart;

  13. Verify the remaining processes are working properly and update the crontab:

    $MOOGSOFT_HOME/bin/utils/process_cntl apache-tomcat status;
$MOOGSOFT_HOME/bin/utils/process_cntl nginx status;
$MOOGSOFT_HOME/bin/utils/process_cntl opensearch status;
(crontab -l | sed -e 's/^\#\+\(.*events_analyser.*\)/\1/') | crontab -
(crontab -l | sed -e 's/^\#\+\(.*keepalive.*\)/\1/') | crontab -

  14. Validate the patch:

    $MOOGSOFT_HOME/bin/utils/moog_install_validator.sh
$MOOGSOFT_HOME/bin/utils/tomcat_install_validator.sh
$MOOGSOFT_HOME/bin/utils/moog_db_validator.sh

    If there are any errors from the above validators, please contact Moogsoft Support.

  15. Re-start non-UI integrations or LAMs

  16. Re-install the latest Add-ons pack: Install Moogsoft Add-ons

  17. Restart moogfarmd:

    $MOOGSOFT_HOME/bin/utils/process_cntl moog_farmd restart;

  18. Wait for MoogFarmd to start - about two minutes, then trigger a re-index of OpenSearch:

    $MOOGSOFT_HOME/bin/utils/moog_indexer -f -n

  19. Restart any event feeds if they were stopped.

  20. Clear the browser cache and log in to the UI.

In this section: