3 Replies Latest reply on Apr 29, 2015 2:18 PM by egonzales

    Questions about upgrading server 5.0.0 to 5.8.4

    kf1981 Lurker

      Hello all,

       

      I have 8 environments that are running hyperic 5.0.0 and one that is running 5.8.0. The 5.8.0 was upgraded before my time from a 5.0.0 These are all Vapps with SUSE and postgres.

       

      I am trying to access the pros and cons of simply putting an upgrade package into an existing 5.0 or migrating to an entirely new Vapp.

       

      My main concern are security fixes, and if escalations and defaults will move over to a migrated Vapp. I have never done an upgrade before. I need to do this as a first step because then I will have to upgrade the agents (being a 5.0 agent and talk to a 5.8 server that is not an immediate problem). I will also have to rip out each agent installed because they use embedded JREs which security is not fond of!!

       

      I am doing this solely on a test bed right now.

       

      Thanks!!

        • 1. Re: Questions about upgrading server 5.0.0 to 5.8.4
          Hot Shot

          I would go for the new vApp.  You can run a migration export from the 5.0.0 system and import it into the new vApp.

           

           

           

          Reasons:

          1. You will have a newer SuSe release.  5.0.0 (SuSE 11 SP1) 5.8.4 (SuSE 11 SP3)

          2. You will have a newer version of vPostgres. 5.0.0 (vPostgres 9.1.3), 5.8.4 (vPostgres 9.1.9)

          3. Since you inherited the system, you can make sure any previous user accounts or other unauthorized settings are gone.

           

           

           

          Just one caveat.

          There is an issue with older agents not being able to initiate communications with the server due to using older protocols.

          You should consider upgrading the agents as soon as possible. Upgrading the agents can be done in the UI using the "Agent Commands" feature.  You can upgrade many of them at once by using the agent commands feature on a "compatible" group of agents.

           

          I hope this helps.

          1 person found this helpful
          • 2. Re: Questions about upgrading server 5.0.0 to 5.8.4
            kf1981 Lurker

            Thank a lot!!

             

            I agree upgraded postgres etc is a very good idea. We have had issues of the DBs overloading the pipe to VcOPS in the past.

             

            The issue with upgrading the agents via the console (we have one 5.8.0 server I have done this on 5.0.0 agents). Is that I have approximately 800 VMs across different domains and data centers. The protocols issue is in regards to the POODLE exploit correct? To mitigate this in our current environment I did modify a server.xml and replaced:

            sslProtocol = "TLS"

            With:

            sslProtocol="TLS"

            protocols="TLSv1.2,TLSv1.1,TLSv1"

             

            That bombed out all our agents (likely due to the fact of us using wildcard certs and not self signed).

             

            I then tried that with protocols="SSLv2Hello,TLSv1.2,TLSv1.1,TLSv1". and restarted the server, but then the front end webpage went down.

             

            I also have an issue where I need to not use the current 5.0 agent dirs since I will be upgrading to 5.8.4 I know it can likely be done that way except I have to rip out those embedded JREs per our security team and i also have to update several hard coded file paths.

             

            Anyway, thanks for the advise!! I am the only Hyperic guy here and this is my first exposure to it so I greatly appreciate the help.

            • 3. Re: Questions about upgrading server 5.0.0 to 5.8.4
              Hot Shot

              These lines should have worked.

                       sslProtocol="TLS"

                       protocols="SSLv2Hello,TLSv1.2,TLSv1.1,TLSv1"

               

              Not sure why the UI would not come up.  I don't think these would be related.

              You would probably need to post the server.log or open a SR to find out what happened.