OpenNAC Core Update

One of the recommended steps that should be carried out when the system has been just deployed is to update it to the latest version available. It’s necesary use compatible versions (lastest ovas version avaiable).

The system can be updated using two different ways:

Using an external Repository

Be sure that your ON device reach the directory that contains the update packets, Yum command allow you to update all files out of date and checks if it was well. For start the update use the following command

OpenNAC repository is located in https://repo-opennac.opencloudfactory.com/x86_64/

Edit OpenNac yum config file and modify repository link:

vim /etc/yum.repos.d/opennac.repo

[OPENNAC]
name=Opennac repo
baseurl=http://repo-opennac.opencloudfactory.com/x86_64
enabled=1
gpgcheck=0

yum clean all
yum update
../../../../_images/yum_update.png

To enable GPG check in packages provided by openNAC repository, follow steps in this section.

Check and update the database if an update is available:

/usr/share/opennac/api/scripts/updatedb.php
../../../../_images/update_db.PNG

Check execute pending scripts if available:

/usr/share/opennac/api/scripts/updatescripts.php
../../../../_images/update_scripts.PNG

After update continue the process in this section.

Using local host as repository

Import the files to the Core, for this example we use WinSCP.

../../../../_images/WinSCP.png

Or if you are on linux system send files using scp command. Is more easy if you compress all packages in a tar.gz file and send this file.

tar -czvf file-name.tar.gz /path/to/directory/*.rpm           [to compress all rpms in origin]

scp [options] username1@source_host:directory1/filename1 username2@destination_host:directory2/filename2

Go to the directory with the all packages sended via scp.

cd /path/directory #default is cd /root

If you sended a compressed file with all packages descompress that with the following command.

tar -xzvf file-name.tar.gz

Be careful not to install packages that correspond to other servers, such as Analytics, Sensor or Oauth. Attached table with information about the packages:

Core Packages Package Name
Admon Portal opennac-admonportal
Api opennac-api
DHCP Reader opennac-dhcpreader
DHCP Helper Reader opennac-dhacp-helper-reader
Free Radius freeradius-openNAC
Free Radius Module opennac-freeradius-module
Google Authenticator opennac-gauth
User Portal opennac-userportal
Captive Portal opennac-captive-portal
Utils opennac-utils

Delete unnecessary packages depending on the server role, also remove an older packages versions that can be in folder.

rm package-name.rpm

Make the update with the follow command:

Is strongly recommended to use the option –Uvh because the system advice us when a file is different and its location as shown.

cd /path/to/directory
    rpm -Uvh *.rpm
../../../../_images/Update_packages.png ../../../../_images/phantomjs_needed.png

After update

After run the command wait for complete the update. Once the update is completed look for all changes in files located in in /usr/share/opennac/ and if there was some modification on files, you will need to located and merge both, this means that (.ini) and (.ini.sample) has to be joined keeping configuration.

Using the command diff allows to manage configuration files and avoid problems when the update process is taken place.

A part of this configuration files, there are .ini files (application information files) that also are updated adding new values, parameters for application information.

When this happens the updatest files are saved as .ini.sample to avoid overwrite configuration files.

In order to find all the ini files and its associated ini.sample is possible to use the following command:

find /usr/share/opennac/ -name *.ini.sample

If you find differences between files for example in application.ini file; you should reemplace the .sample file for original file as following:

diff application.ini application.ini.sample

mv application.ini application.ini.bkp
mv application.ini.sample application.ini

Restart all services.

service mysqld restart
service redis restart
service dhcp-helper-reader restart
service gearmand restart
service radiusd restart
service httpd restart
service opennac restart
service slapd restart
service snmptrapd restart
service collectd restart
service filebeat restart

Sometimes the updates can do changes over internal ON Core database, for that case when you sign in to the web console portal, you will see a message like: - Current database schema is outdate, you should click on Accept option for update to lastest version.

../../../../_images/dbupdate.png

Adding GPG check in packages provided by openNAC repository

In order to provide a mechanism to verify the integrity of software downloaded from openNAC repository, all packages published by openNAC repository are signed with a GPG key, so they can be verified with the public GPG key provided by openNAC.

To enable this GPG check, we need to follow 2 simple steps:

  1. Install or download the openNAC public GPG key.
  2. Enable “gpgcheck” in openNAC repository, specifying the public GPG key to use.

These steps are done installing the “opennac-gpg-key” package:

yum -y install opennac-gpg-key

And once it’s installed you can check it as follows:

# ls /etc/pki/rpm-gpg/RPM-GPG-KEY-OCF
/etc/pki/rpm-gpg/RPM-GPG-KEY-OCF

# cat /etc/yum.repos.d/opennac.repo
[OPENNAC]
name=Opennac repo
baseurl=https://repo-opennac.opencloudfactory.com/x86_64
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OCF