Patch Moogsoft AIOps Tarball

Ensure the patch tarball is available to each server being patched:

Download the patch tarball using the following command (SPEEDY_USERNAME and SPEEDY_PASSWORD need to be set as environment variables before running this):
```
curl -L -O "https://<SPEEDY_USERNAME>:<SPEEDY_PASSWORD>@speedy.moogsoft.com/installer/moogsoft-aiops-7.3.1.8.tgz"
```
Copy the tarball to all servers where the product is installed

Stop all processes on each host:

$MOOGSOFT_HOME/bin/utils/process_cntl moog_farmd stop;
$MOOGSOFT_HOME/bin/utils/process_cntl apache-tomcat stop;
kill -9 $(ps -ef | grep java | grep lam | awk '{print $2}') 2>/dev/null;
(crontab -l | sed -e 's/^\(.*events_analyser.*\)$/#\1/') | crontab -
(crontab -l | sed -e 's/^\(.*keepalive.*\)$/#\1/') | crontab -
ps -ef | grep java | egrep 'events_analyser|keepalive' | awk '{print $2}' | xargs kill 2>/dev/null;
$MOOGSOFT_HOME/bin/utils/process_cntl nginx stop;

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.6 OR EARLIER ONLY:: Perform the database upgrade procedure documented here: Percona Cluster 5.7 Tarball Minor Version Upgrade

Gather the required variables:

OLD_DIST_PATH=$(readlink -f $MOOGSOFT_HOME/bin|awk -F '/' 'sub(FS $NF,x)');
CERT_REAL_PATH_PEM=$(readlink -f $(grep -h 'ssl_certificate ' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf|awk '{print $2}'|tr -d ';'));
CERT_REAL_PATH_KEY=$(readlink -f $(grep -h 'ssl_certificate_key' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf|awk '{print $2}'|tr -d ';'));
CERT_PATH_PEM=$(grep -h 'ssl_certificate ' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf);
CERT_PATH_KEY=$(grep -h 'ssl_certificate_key' $OLD_DIST_PATH/cots/nginx/config/conf.d/moog-ssl.conf);

Place the downloaded tarball file into an empty directory called patch_directory and execute the following commands:

VERSION=7.3.1.8;
cd patch_directory
tar -xf moogsoft-aiops-${VERSION}.tgz
bash moogsoft-aiops-install-${VERSION}.sh

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.3 OR EARLIER ONLY: Upgrade the apache-tomcat:

$MOOGSOFT_HOME/bin/utils/moog_init_ui.sh -tfz $($MOOGSOFT_HOME/bin/utils/moog_config_reader -k mooms.zone)

Identify the config files that have changed between the previously installed version and upgraded version. For example:

$MOOGSOFT_HOME/config/security.conf (FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.1 OR EARLIER ONLY)

Run the following command to find files with differences:

diff -rq $OLD_DIST_PATH/config $MOOGSOFT_HOME/dist/7.3.1.8/config | grep -i 'differ'

Update files in $MOOGSOFT_HOME/config with any changes introduced in the upgraded version of these files.

There is a change in “controller.conf” and "security.conf". Identify the config file that has changed between the previously installed version and this version. For example:

diff -rq $OLD_DIST_PATH/config $MOOGSOFT_HOME/dist/7.3.1.8/config | grep -i 'differ'

Update files in $MOOGSOFT_HOME/config with any changes introduced in the v8.0.0.5 version of these files.

Identify the bot files that have changed between the previously installed version and upgraded version. For example:

$MOOGSOFT_HOME/bots/lambots/DynatraceNotificationLam.js (FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.3 OR EARLIER ONLY)

Run the following command to find files with differences:

diff -rq $OLD_DIST_PATH/bots $MOOGSOFT_HOME/dist/7.3.1.8/bots | grep -i 'differ'

Update files in $MOOGSOFT_HOME/bots with any changes introduced in the upgraded version of these files.

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.4 OR EARLIER ONLY: Execute following schema update; to enable auto-pruning of the process_logs table:

mysql -u root moogdb -e "UPDATE system_config SET properties = JSON_SET(properties, '$.aged_logs_period', 90) WHERE config_type = 'Splitter';"

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.4 OR EARLIER ONLY:

Execute the following schema change to add tables new in this version:

mysql -u root moogdb < $MOOGSOFT_HOME/etc/moog/moog_sigdb/tables/process_logs.sql
mysql -u root moogdb < $MOOGSOFT_HOME/etc/moog/moog_sigdb/tables/split_prc_alerts.sql

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.0 OR EARLIER ONLY: Confirm that the MySQL variable log_bin_trust_function_creators is enabled using the following command:

mysql -e "show variables like '%log_bin_trust_function_creators%';"

The 'log_bin_trust_function_creators' value needs to be ON or 1. If the value is OFF or 0, one of the following steps must be followed depending on how your database is deployed:

For a local MySQL/Percona instance where the database uses the local ~/my.cnf file:
- Edit the ~/my.cnf file then restart the database using the following commands:
```
sed -i 's/$innodb_autoinc_lock_mode.*$/\1\nlog_bin_trust_function_creators = 1\n/' ~/.my.cnf
$MOOGSOFT_HOME/bin/utils/process_cntl mysql restart
```
For a hosted database (RDS/Aurora etc):
- The property must be changed in the Web Admin Interface for the Database provider

Apply schema changes by running below command: Replace 'moogdb' and 'historic_moogdb' if the database names are different in the current deployment.

mysql -u root moogdb -e "ALTER TABLE alerts ADD KEY idx_max_severity(alert_id, severity);"
mysql -u root historic_moogdb -e "ALTER TABLE alerts ADD KEY idx_max_severity(alert_id, severity);"

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.1 OR EARLIER ONLY:

Run the following command in a bash terminal to ensure apache-tomcat is running with the correct session-handling behavior ($APPSERVER_HOME is the apache-tomcat install folder):

[ -z "$(grep discardFacades $MOOGSOFT_HOME/cots/apache-tomcat/conf/server.xml)" ] && sed -i '/Connector port=\"8085\"/a \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ discardFacades=\"true\"' $MOOGSOFT_HOME/cots/apache-tomcat/conf/server.xml

Removes addition of commas from image IDs when the number was 1000 or higher. For example, if an image ID was previously 2_1,088, now it is 2_1088:
```
bash $MOOGSOFT_HOME/etc/moog/schema_upgrades/6.5.0-7.0.0/700_data_migrator
```

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.1.7 OR EARLIER ONLY:

Execute the following schema change to add tables new in this version:

mysql -u root moogdb < $MOOGSOFT_HOME/etc/moog/moog_sigdb/tables/active_splitter.sql

FOR ALL DEPLOYMENTS:

Refresh all stored procedures (provide database password when prompted):

DB_VERSION=$($MOOGSOFT_HOME/bin/utils/moog_mysql_client -e "select moog_version from schema_version" -B --skip-column-names 2>/dev/null | sed 's/\(.....\).*/\1/' | sed '/^7.3.*/! s/.*/7.3.0/');
$MOOGSOFT_HOME/bin/utils/moog_db_auto_upgrader -t ${DB_VERSION} -u root

Rebuild Apache Tomcat and update the Nginx configuration:

$MOOGSOFT_HOME/bin/utils/moog_init_ui.sh -tnfwz $($MOOGSOFT_HOME/bin/utils/moog_config_reader -k mooms.zone) --accept-eula
cp -f $CERT_REAL_PATH_PEM $MOOGSOFT_HOME/dist/7.3.1.8/cots/nginx/ssl/
cp -f $CERT_REAL_PATH_KEY $MOOGSOFT_HOME/dist/7.3.1.8/cots/nginx/ssl/
sed -i "s|.*ssl_certificate .*|${CERT_PATH_PEM}|" $MOOGSOFT_HOME/dist/7.3.1.8/cots/nginx/config/conf.d/moog-ssl.conf
sed -i "s|.*ssl_certificate_key.*|${CERT_PATH_KEY}|" $MOOGSOFT_HOME/dist/7.3.1.8/cots/nginx/config/conf.d/moog-ssl.conf
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart

FOR DEPLOYMENTS BEING UPGRADED FROM 7.3.0.1 OR EARLIER ONLY:

Deployments requiring the UI to use a 'Content-Security-Policy' can optionally enable this by editing the following file:
```
$MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
```
Uncomment the line that starts with 'add_header Content-Security-Policy' to add the Content-Security-Policy (CSP) header. For more details on the CSP header see https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
If CSP security is enabled, the following two sections must be followed:
1. The following features require additional configuration to allow access to external domains:
  1. Situation Room plugins to external domains
  2. Situation client tools to external URLs
  To allow access to required external domains, add a frame-src directive to the Content-Security-Policy header in the $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf file. For example, run the following command to allow google domains:
```
sed -i "s/add_header Content-Security-Policy$.*$\" always/add_header Content-Security-Policy\1; frame-src 'self' *.google.com\" always/" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
```
  Then restart nginx:
```
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart
```
2. Due to a known issue in the Safari web browser, you must take additional steps to access the UI with Safari. Add the websocket URLs wss://<webhost>/moogpoller/ws and wss://<webhost>/integrations/ws/v1 to the Content-Security-Policy section of the following file:
```
$MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
```
  You can update the configuration using a command similar to the following. Substitute your hostname for <webhost>:
```
sed -i.bak "s;connect-src 'self' app;connect-src 'self' wss://<webhost>/moogpoller/ws wss://<webhost>:8443/integrations/ws/v1 app;g" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
```
  Then restart nginx:
```
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart
```

Re-start non-UI integrations or LAMs

Verify the remaining processes are working properly and update the crontab:

$MOOGSOFT_HOME/bin/utils/process_cntl apache-tomcat status;
$MOOGSOFT_HOME/bin/utils/process_cntl nginx status;
$MOOGSOFT_HOME/bin/utils/process_cntl elasticsearch status;
(crontab -l | sed -e 's/^\#\+\(.*events_analyser.*\)/\1/') | crontab -
(crontab -l | sed -e 's/^\#\+\(.*keepalive.*\)/\1/') | crontab -

Validate the patch:

$MOOGSOFT_HOME/bin/utils/moog_install_validator.sh
$MOOGSOFT_HOME/bin/utils/tomcat_install_validator.sh
$MOOGSOFT_HOME/bin/utils/moog_db_validator.sh

Re-install the latest 'Addons' pack: /AIOps.7.3.0/install-moogsoft-add-ons.html

If no errors from the validation, restart moogfarmd:

$MOOGSOFT_HOME/bin/utils/process_cntl moog_farmd start;

Clear the browser cache and log in to the UI.

Restart any event feeds if they were stopped.

Patch Moogsoft AIOps Tarball

Search results