3.3.1. ON Core update

The update of the ON Core component will depend on the network architecture and the role it takes. We can distinguish it by no cluster, and the cluster roles.

Note

Remember you must have the credentials to access to OpenNAC Enterprise repositories. Refer to the Basic Configuration section for repository credentials details.

3.3.1.1. No cluster

To update the ON Core node in a no cluster architecture, we must execute the following steps:

  1. Update all the packages:

dnf clean all && dnf -y update

  1. Check and update the database:

/usr/share/opennac/api/scripts/updatedb.php

  1. Check the configuration files.

As a consequence of updating packages, some of their configuration files may contain new directives or other changes. You need to apply these changes using the post-install_no-move.sh script:

sh /usr/share/opennac/utils/scripts/post-install_no-move.sh

  1. Restart the ON Core services:

sh /usr/share/opennac/utils/scripts/restartOpenNACServices.sh

Warning

If the kernel has been updated, it is necessary to make a reboot.

If we are in a large architecture, we may want to avoid restarting redis. If so, it is necessary to comment redis in the restartOpenNACServices.sh script.

3.3.1.2. Cluster

In a cluster, we have more than one ON Core with different roles and we need to execute the following steps:

  1. Go to ON Core as primary principal and stop the mysql and redis access for the other ON Core components:

We need to access the iptables file:

vi /etc/sysconfig/iptables

To stop the redis access, we need to comment the iptables that allow the different OpenNAC Enterprise components to connect to the redis on port 6379:

#-A INPUT -s <other_openNAC> -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT

To stop the mysql access, we need to comment the iptables that allow the different workers to connect to the mysql on port 3306

#-A INPUT -s <worker_ip> -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

Restart the iptables

systemctl restart iptables
systemctl restart php-fpm
systemctl restart mysql
systemctl restart redis

  1. We update the ON Core as primary principal:

Update all the packages:

dnf clean all && dnf -y update

We check and update the database:

/usr/share/opennac/api/scripts/updatedb.php

We check the configuration files. As a consequence of updating packages, some of their configuration files may contain new directives or other changes. You need to apply these changes using the post-install_no-move.sh script:

sh /usr/share/opennac/utils/scripts/post-install_no-move.sh

Restart the ON Core services:

sh /usr/share/opennac/utils/scripts/restartOpenNACServices.sh

Warning

If the kernel has been updated, it is necessary to make a reboot.

If we are in a large architecture, we may want to avoid restarting redis. If so, it is necessary to comment redis in the restartOpenNACServices.sh script.

  1. Stop data services in ON Cores as principal secondary and in ON Cores as worker.

systemctl stop dhcp-helper-reader
systemctl stop snmptrapd
systemctl stop radiusd

  1. Update the ON Cores as principal secondary and the ON Cores as worker

Update all the packages:

dnf clean all && dnf -y update

Check the configuration files. As a consequence of updating packages, some of their configuration files may contain new directives or other changes. You need to apply these changes using the post-install_no-move.sh script:

sh /usr/share/opennac/utils/scripts/post-install_no-move.sh

  1. Check that the database in ON Cores as worker is correct.

Connect to mysql database:

mysql -u admin -p opennac

Note

The default password is “opennac”. We recommended you to change it.

When we are connected, we need to execute:

show slave status\G

  1. Go to ON Core as primary principal and allow the mysql and redis access for the other ON Core components:

We need to access the iptables file:

vi /etc/sysconfig/iptables

To allow the redis access, we need to uncomment the iptables that allow the different OpenNAC Enterprise components to connect to the redis on port 6379:

-A INPUT -s <other_openNAC> -p tcp -m state --state NEW -m tcp --dport 6379 -j ACCEPT

To stop the mysql access, we need to uncomment the iptables that allow the different workers to connect to the mysql on port 3306

#-A INPUT -s <worker_ip> -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT

Restart the iptables

systemctl restart iptables
systemctl restart php-fpm
systemctl restart mysql
systemctl restart redis

  1. Finally, we need to restart the service in ON Cores as principal secondary and in ON Cores as worker:

sh /usr/share/opennac/utils/scripts/restartOpenNACServices.sh

Warning

If the kernel has been updated, it is necessary to make a reboot.

If we are in a large architecture, we may want to avoid restarting redis. So it is necessary to comment redis in the restartOpenNACServices.sh script.

  1. If we have an ON Core as proxy radius, we need to update it as follows:

Update all the packages:

dnf clean all && dnf -y update

Restart the radius service:

systemctl restart radiusd

Warning

If the kernel has been updated, it is necessary to make a reboot.