Tarball - Upgrade UI components
Follow these steps to perform a Tarball upgrade on the Moogsoft Enterprise UI components to v8.2.0 from v7.0.x, v7.1.x, 7.2.x, or 7.3x:
Nginx
Apache Tomcat
UI integrations
These components should always reside on the same server.
Refer to Upgrade Moogsoft Enterprise for general information and upgrade instructions for other components and versions.
Stop services and processes
Run the following command to stop Apache Tomcat:
$MOOGSOFT_HOME/bin/utils/process_cntl apache-tomcat stop
Obtain the following path variables before re-linking the directories. Replace 7.0.1.7 in the first line with the version being upgraded from (for example 7.2.0.8, 7.3.0.1, etc). From this step onwards, use the same terminal session to keep the variables.
VERSION_UPGRADING_FROM=7.0.1.7;
CERT_REAL_PATH_PEM=$(readlink -f $(grep -h 'ssl_certificate ' $MOOGSOFT_HOME/dist/${VERSION_UPGRADING_FROM}/cots/nginx/config/conf.d/moog-ssl.conf|head -1|awk '{print $2}'|tr -d ';'));
CERT_REAL_PATH_KEY=$(readlink -f $(grep -h 'ssl_certificate_key' $MOOGSOFT_HOME/dist/${VERSION_UPGRADING_FROM}/cots/nginx/config/conf.d/moog-ssl.conf|head -1|awk '{print $2}'|tr -d ';'));
CERT_PATH_PEM=$(grep -h 'ssl_certificate ' $MOOGSOFT_HOME/dist/${VERSION_UPGRADING_FROM}/cots/nginx/config/conf.d/moog-ssl.conf|head -1);
CERT_PATH_KEY=$(grep -h 'ssl_certificate_key' $MOOGSOFT_HOME/dist/${VERSION_UPGRADING_FROM}/cots/nginx/config/conf.d/moog-ssl.conf|head -1);
To stop LAMs and integrations, you can either use the Process Control utility:
$MOOGSOFT_HOME/bin/utils/process_cntl <lam_name> stop
Or the kill command:
kill -9 $(ps -ef | grep java | grep CLamMain | awk '{print $2}') 2>/dev/nullNote
Complete the Opensearch/Elasticsearch steps below if you have installed Opensearch/Elasticsearch on the same server as your UI components. Moogsoft Enterprise recommends that you move Opensearch/Elasticsearch to your Core server (the server running Moogfarmd) to optimize index performance.
Delete the Elasticsearch indexes
Run this command on the moogsoft-search/Opensearch/Elasticsearch server to remove the old Opensearch/Elasticsearch indexes:
curl -XDELETE 'http://localhost:9200/alerts/' && curl -XDELETE 'http://localhost:9200/situations/'
Important
If authentication has been enabled for the Opensearch/Elasticsearch service, you will need to supply admin credentials to both curl commands as follows: curl -u <username>:<password> -XDELETE ...
If the command completes successfully, the following message is displayed:
{"acknowledged":true}{"acknowledged":true}Upgrade Moogsoft Enterprise
To upgrade Moogsoft Enterprise, run the following commands.
If you have already run this step on the current host as part of this upgrade (for single-host upgrade for example), you can skip this step.
tar -xf moogsoft-enterprise-8.2.0.tgz bash moogsoft-enterprise-install-8.2.0.sh
Follow the instructions that appear. The upgrade process detects the existing installation and performs the upgrade.
Important
If any of the checks performed by the install script are reported as a failure on the initial screen, please contact Moogsoft support as this could impact functionality.
Merge the latest configuration file changes
Note
In Moogsoft Enterprise v7.3.x and 8.0.x, the Cookbooks, Tempus, and merge groups (default and custom) are imported into the database by default, enabling you to to access and configure them via the UI and API. The migration occurs once when Moogfarmd is restarted.
A file_only_config=true flag has been added to the 7.3.x and 8.0.x versions of moog_farmd.conf that you can use to prevent the migration from taking place. If this flag is missing or is set to false, Moogfarmd attempts to perform the import when it starts.
Note
If the file_only_config flag is set to true, UI-based Cookbooks will not run.
The following moolets are no longer supported in v8.0.x and should be removed from the moog_farmd.conf file as part of the upgrade:
Sigaliser Classic
Nexus
Speedbird
AlertRootCause
Version specific config file differences:
v7.1.x-v7.2.x
$MOOGSOFT_HOME/config/system.conf
message_persistence is now enabled by default
$MOOGSOFT_HOME/config/security.conf
The 'Google' realm has been deprecated and removed
$MOOGSOFT_HOME/config/servlets.conf
The toolrunner servlet now optionally supports ssh key authentication as well as username/password-based authentication
$MOOGSOFT_HOME/config/moog_farmd.conf
alert_workflows.conf moolet has been added
enrichment_workflows.conf moolet has been added
event_workflows.conf moolet has been added
situations_workflows.conf moolet has been added
v7.2.x-v7.3.x
$MOOGSOFT_HOME/config/system.conf
New integration database property has been added: intdb_database_name
$MOOGSOFT_HOME/config/moog_farmd.conf
The entire sig_resolution block containing merge groups, retention_period etc has been removed but is still supported as long as file_only_config is true
alert_root_cause.conf moolet has been removed and is no longer supported
nexus.conf moolet has been removed and is no longer supported
speedbird.conf moolet has been removed and is no longer supported
sigaliser.conf moolet has been removed and is no longer supported
cookbook.conf has been removed but is still supported as long as file_only_config is set to true
tempus.conf has been removed but is still supported as long as file_only_config is set to true
v7.3.x-v8.0.x
$MOOGSOFT_HOME/config/system.conf
ElasticSearch now supports basic authentication
$MOOGSOFT_HOME/config/security.conf
There is a new global_settings block which allows control of the CSRF protection feature
$MOOGSOFT_HOME/config/servlets.conf
It is now possible to configure the toolrunner to run on a port other than 22 using toolrunnerport property
$MOOGSOFT_HOME/config/moog_farmd.conf
alert_inform_workflows.conf moolet has been added
situation_inform_workflows.conf moolet has been added
The 'modules' block has been removed as it only contained Topology-related functionality and this has been deprecated in the v8.0.x release - the Topology feature works differently.
The top-level $MOOGSOFT_HOME/config and $MOOGSOFT_HOME/bots folders are the master folder locations for configuration and bot files.
Note
If you have already completed this step previously (as part of this upgrade process) on the current host, you can skip this step.
The new 'default' v8.0.x versions of the config and bot files are stored in $MOOGSOFT_HOME/dist/8.0.0.4/config/ and $MOOGSOFT_HOME/dist/8.0.0.4/bots/ respectively.
Do not copy the config and bot files from the previous version on top of the new versions of those files in $MOOGSOFT_HOME/bots/ or $MOOGSOFT_HOME/contrib/ in 8.0.x. These files are not always forward-compatible, and some config and bot files require additional lines for the new version to work.
Important
The Workflow Engine requires the right version of the 'bot' and 'contrib' files to be in place before moog_farmd is restarted later in the upgrade process:
The v8.0.x version of $MOOGSOFT_HOME/dist/8.0.*/bots/moobots/WorkflowEngine.js should be copied into $MOOGSOFT_HOME/bots/moobots/
The v8.0.x versions of files under $MOOGSOFT_HOME/dist/8.0.*/contrib/ should be copied into $MOOGSOFT_HOME/contrib/
Identify the config files that have changed between the previously installed version and v8.0.x. Replace <previous_version> with the version installed previously, for example 7.3.1.1.
diff -rq $MOOGSOFT_HOME/dist/<previous_version>/config $MOOGSOFT_HOME/dist/8.0.*/config | grep -i 'differ'
Update files in
$MOOGSOFT_HOME/configwith any changes introduced in the v8.0.x versions of these files.Identify the contrib files that have changed between the previously installed version and v8.0.x. Replace <previous_version> with the version installed previously for example 7.3.1.1.
diff -rq $MOOGSOFT_HOME/dist/<previous_version>/contrib $MOOGSOFT_HOME/dist/8.0.*/contrib | grep -i 'differ'
Update files in
$MOOGSOFT_HOME/contribwith any changes introduced in the v8.0.x versions of these files.Identify the bot files that have changed between the previously installed version and v8.0.x. Replace <previous_version> with the version installed previously, for example 7.3.1.1.
diff -rq $MOOGSOFT_HOME/dist/<previous_version>/bots $MOOGSOFT_HOME/dist/8.0.*/bots | grep -i 'differ'
Update files in
$MOOGSOFT_HOME/botswith any changes introduced in the v8.0.x versions of these files.
Upgrade Apache Tomcat and Nginx
Follow these steps to upgrade Apache Tomcat and the Nginx web server.
Upgrade Tomcat and Nginx using the command below. The script will ask for a hostname. This hostname or IP must be the same as what is used to access the instance via a browser:
$MOOGSOFT_HOME/bin/utils/moog_init_ui.sh -tnfz $($MOOGSOFT_HOME/bin/utils/moog_config_reader -k mooms.zone)
If the Xmx setting for apache-tomcat had been changed in the $MOOGSOFT_HOME/bin/utils/process_cntl script before the upgrade, ensure the updated setting is re-applied to the script after the upgrade, and then restart apache-tomcat using process_cntl
Migrate the Nginx certificates from the previous deployment to the new. Use the following commands as an example where SSL terminates in Nginx (default configuration):
cp -f $CERT_REAL_PATH_PEM $MOOGSOFT_HOME/cots/nginx/ssl/ cp -f $CERT_REAL_PATH_KEY $MOOGSOFT_HOME/cots/nginx/ssl/ sed -i "s|.*ssl_certificate .*|${CERT_PATH_PEM}|" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ssl.conf sed -i "s|.*ssl_certificate_key.*|${CERT_PATH_KEY}|" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ssl.confIf you previously customized the
moog-ssl.conf/moog-default.conffile (including references to certificates, etc), make the same changes to the new version of the file.Restart Nginx:
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart
Disable the enhanced Content Security Policy (optional)
Moogsoft has provided an optional enhanced Content Security Policy (CSP) as part of this release. CSP is a security standard introduced to prevent Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and other data injection attacks. For more information, see the Mozilla document on Content Security Policy.
The CSP is controlled by Nginx and is enabled by default. You can optionally disable it:
Edit the following file:
$MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
Comment the line that starts with
add_header Content-Security-Policyand save the file.Restart Nginx:
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart
Note
If you enable the enhanced CSP you must follow the steps below to allow access to external domains. If you want to access the UI with the Safari web browser, you must follow the steps below to configure Moogsoft Enterprise for use with Safari.
Allow access to external domains
If you enable the enhanced CSP, the following features require additional configuration to allow access to external domains:
Situation Room plugins to external domains
Situation client tools to external URLs
To allow access to required external domains:
Edit the following file:
$MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
Add a
frame-srcdirective to theContent-Security-Policyheader for the required domain. For example, run the following command to allow Google domains:sed -i "s/add_header Content-Security-Policy\(.*\)\" always/add_header Content-Security-Policy\1; frame-src 'self' *.google.com\" always/" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
Restart Nginx:
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart
Note
Moogsoft Enterprise allows access to Pendo and WalkMe domains by default.
Configure Moogsoft Enterprise for use with Safari
Due to a known issue in the Safari web browser, you must take additional steps if you've enabled the enhanced CSP and you want to access the UI with Safari:
Edit the following file:
$MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
Add the following websocket URLs to the
Content-Security-Policysection of the file. Substitute your hostname for<webhost>:wss://<webhost>/moogpoller/ws wss://<webhost>/integrations/ws/v1
You can update the configuration using a command similar to the following. Substitute your hostname for
<webhost>:sed -i.bak "s;connect-src 'self' app;connect-src 'self' wss://<webhost>/moogpoller/ws wss://<webhost>/integrations/ws/v1 app;g" $MOOGSOFT_HOME/cots/nginx/config/conf.d/moog-ui-headers.conf
Restart Nginx:
$MOOGSOFT_HOME/bin/utils/process_cntl nginx restart
To continue with the upgrade, see Tarball - Upgrade Core components.