This topic describes how to use the ASMS automated system upgrade on single appliances, HA/DR clusters, and distributed systems.
Note: Before you start, review the upgrade prerequisites and ensure that your system complies. For more details, see Upgrade prerequisites.
System optimizations in version A30.10 require additional CPU and memory specifications than were required in earlier systems.
If you are upgrading, we highly recommend increasing your system specifications to match the updated requirements as needed. Systems that remain with legacy minimum specifications may have unexpected results. For details, see System requirements and Re-enable the AlgoSec Reporting Tool after upgrading.
Note: If your system specifications are already larger than the updated CPU and memory requirements, your system specifications can stay as they are. In such cases, there is no need to resize your entire system.
Perform an automated ASMS upgrade
Automated ASMS upgrades are supported for standalone hardware or VM appliances, HA/DR clusters, and distributed systems.
Warning: CTRL + C is not supported during the upgrade process, and upgrades cannot be aborted.
Make sure to reserve time for your system upgrade to complete. For more details, see Downtime requirements for upgrades.
Do the following:
-
Determine the builds that you need to upgrade, and download the relevant software packages from the AlgoSec portal. For details, see Download ASMS software packages.
-
Access your appliance as user: root
Note: If you are working on clusters or distributed nodes, access the primary node on the master / Central Manager appliance.
The upgrade is performed across all nodes in the entire system, starting with the Central Manager.
-
Copy the downloaded software packages to the following directory: /root/AlgoSec_Upgrade/
-
Optional/Recommended: In addition, copy the downloaded software packages to the /root/AlgoSec_Upgrade/ directory of remote agents and HA/DRs for which communication is slow. For details see Pre-provisioning of upgrade files on remote nodes.
-
If you aren't already connected to the ASMS Administration interface (algosec_conf), connect now. For details, see Connect to the Administration Interface.
-
In the administration interface main menu, enter 8 to select Upgrade software.
Note: The system checks your prerequisites to verify that your system is ready for the upgrade. If any of the prerequisite checks fail, relevant errors are displayed to notify you. In such cases, we recommend making changes so that your system complies with the required prerequisites, and then starting the upgrade process again.
The system lists the available builds from the files you saved in step 4, and prompts you to select the build you want to install. For example:
************************************
*** Software upgrade is starting ***
************************************
Select an AlgoSec build to install:
1. algosec-appliance-3000.0.0-529-el6.x86_64.run
2. fa-3000.0.0-891.x86_64.run
3. Run All
Note: The option numbering may differ depending on your system configuration.
-
Do one of the following:
The system displays details about the upgrade it is about to perform, and prompts you to approve.
For example:
The following AlgoSec packages are going to be upgraded:
* algosec-appliance-3000.0.0-529.noarch TO
algosec-appliance-3000.0.0-529-el6.x86_64* fa-3000.0.0-891.x86_64 TO fa-3000.0.0-891.x86_64
********************
*** Upgrade plan ***
********************
Local node : 10.23.0.41
Remote Agent nodes: 10.23.0.40
Runtime Estimation: Up to 80 minutes
Review the upgrade plan detailed above. Approve plan? (y/n):
-
Enter y to confirm and start the upgrade. The upgrade starts.
If you are working on a distributed system, the upgrade first starts on the local node and then continues with the distributed nodes. The system displays confirmation details as the downloaded packages are copied to the distribution nodes and installed.
When the upgrade is complete, any clusters are resumed if relevant, and the following message appears:
*** Software upgrade finished successfully ***
-
In case of a kernel upgrade on an appliance build, the system also prompts you to reboot. Reboot your system as prompted.
Warning: Not rebooting at this stage leaves you with a legacy kernel, which may present security issues.
If you have upgraded to A30.10, but your system does not comply with the updated system requirements, the AlgoSec Reporting Tool (ART) is automatically disabled.
To enable ART again after updating your system specifications, do the following:
- Log in to the AFA machine as user root.
- Run: /usr/share/fa/bin/toggle_art.sh on
The system will verify that the specifications comply and then re-enable ART.
Troubleshoot your automated upgrade
If your automated upgrade fails for any reason, the system displays an error, as well as the location of specific log files. The central upgrade log file is located at: /var/log/algosec-software-upgrade.log
The system also prompts you with options to start the upgrade again.
If you have a distributed system and only some nodes failed, you can select the nodes you want to reinstall, or rerun the entire upgrade from scratch. Select the option that works best for you and run through the CLI process as prompted and described above.
For more details, see the AlgoPedia article at: https://knowledge.algosec.com/skn/c6/AlgoPedia/e14320
Yes 
No 
