1.5.1. Migrating from 1.2.2 to 1.2.3

This section explains how to carry out the update process of the OpenNAC nodes from version 1.2.2 to 1.2.3.

Note

Users can upgrade to version 1.2.3 from any 1.2.2 release series.

Make sure you follow the instructions in the established order:

1. Prerequisites

2. Update infrastructure

3. Post-Update steps

1.5.1.1. Prerequisites

Before proceeding with the update process, make sure you have completed the following configurations:

1.5.1.1.1. Add repository and activate PHP 8

1. In the following path:

/etc/yum.repos.d/opennac.repo

Add the following repository (you might need to introduce user and password for the repository):

[OPENNAC-OS-PHP8]
name=OpenNAC dependant packages for Rocky Linux $releasever - $basearch
baseurl=https://user:password@repo-opennac.opencloudfactory.com/$releasever/$basearch/os_php80/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OCF

2. If you are updating the VPNGW component, you have two extra steps to execute:

• Remove the following extensions:

dnf -y remove php-pecl-memcache php-pecl-pam php-sodium

• Disable the remi repository:

sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/remi*

3. Activate PHP 8:

dnf -y module switch-to php:8.0

4. Update the packages:

dnf -y update

1.5.1.1.2. Unlink the Captive Portal reference

This section only applies to the ON Core and ON Captive nodes.

To avoid potential errors with the opennac-captive-portal package, unlink the following directory:

test -L /usr/share/opennac/captive-portal/vendor/simplesamlphp/simplesamlphp/locales/no && unlink /usr/share/opennac/captive-portal/vendor/simplesamlphp/simplesamlphp/locales/no

1.5.1.2. Updating steps

At this point, we can proceed to update the infrastructure using the regular update steps defined it the Update Infraestructure section:

• ON Core Update

• On Analytics Update

• ON Aggregator Update

• ON Sensor Update

• ON Captive Update

• ON VPNGW Update

• ON Agent Update

Note

The update process applies to all nodes of your infrastructure.

1.5.1.3. Post-Update steps

After updating the OpenNAC nodes, it is necessary to take some additional steps to avoid potential errors.

1.5.1.3.1. Healthcheck configuration

To identify any new healthchecks that may be useful in version 1.2.3, you can run a vimdiff and check whether there’s a need to include them:

vimdiff /usr/share/opennac/healthcheck/healthcheck.ini /usr/share/opennac/healthcheck/healthcheck.ini.<nodeType>

FIREWALLS

If you are currently utilizing the “FIREWALLS” healthcheck, when updating to version 1.2.3, you may encounter an error. The “FIREWALLS” check is obsolete in version 1.2.3 and should be replaced with the “VPN_NODES” check.

To make this change, in the file:

/usr/share/opennac/healthcheck/healthcheck.ini**

Remove the following lines:

    [FIREWALLS]
127.0.0.1[] = "Firewalls;Firewalls check;/usr/share/opennac/healthcheck/libexec/checkFirewalls.php"

Replace them with:

    [VPN_NODES]
127.0.0.1[] = "VPNNodes;VPN nodes check;/usr/share/opennac/healthcheck/libexec/checkVpngwNodes.php"

1.5.1.3.2. Build VPNGW ACLs

Once the VPNGW packets are installed, manually execute the following command:

/usr/share/opennac/api/scripts/build-acl.php

This command will build the VPNGW ACLs, allowing you to see its menu rendered in the Administration Portal.