Follow

Migration Strategy to version 2.5

Applies to platform: UTM 2.4
Updated on: 10th of June 2013

This lesson guides you through the process of upgrading your Endian UTM Appliance from the 2.4.1 to the 2.5 version directly from Endian Network.

The migration strategy to version 2.5 of Endian UTM requires careful planning.

Warning: NEVER FORCE A REBOOT during the upgrade process!

If for any reason the upgrade process does not finish successfully or it seems to be stuck, DO NOT forcibly reboot your Endian UTM Appliance, but read the troubleshooting guide and apply the solutions provided therein.

Introduction

Endian supplies now the possibility to upgrade your Endian UTM Appliance from the Endian Network, without the need to open a ticket and require Endian team's support and interaction.

Near to your system serial number on Endian Network appears a button labelled Update to 2.5: by clicking on it, the upgrade process will automatically start. However, before clicking on that button, read carefully the remainder of lesson.

Requirements

  • The system must be an Endian UTM version 2.4
  • The system must be up-to-date
  • The system must be registered
  • The system must have a valid maintenance
  • The system must be online on Endian Network
  • You should have both Web (admin) and SSH (root) passwords to access your device to follow the upgrade process. In particular, you need console access (SSH, serial console, or WebConsole from the Web interface) in case there is some particular check or some fix to do.
  • A recent, complete backup of your Endian UTM Appliance.
To speed up the upgrade process a bit, you can temporarily disable some resource-intensive service like snort and ntop, before the upgrade, then reactivate them right after the upgrade has completed.

Note

Schedule your migration carefully and be prepared for an automatic reboot at the end of the upgrade procedure as this is mandatory!

Before starting the process

Make sure to read carefully the following notes about critical areas, namely High Availability (HA), Hotspot, RAID devices, disk space, and Endian Network, that must be cheked before starting the upgrade process!

Frequently Asked Questions (FAQ)

  • My system has custom modifications?
    If your system has modifications that have been authorized or made by Endian, please open a support ticket with Endian and let us know about your customization so we can help you to get your system upgraded.
  • How to handle a system with a version older than 2.4?
    Please note that systems older than version 2.3 are not supported anymore. Systems running version 2.3 can be upgraded to version 2.4 (so can the unsupported version 2.2). Previous versions should be re-installed using the Disaster Recovery USB Key or the 2.5 ISO CD-ROM.

Warning: HA & Hotspot

If you have a pair of Endian devices configured in High Availability (HA), please do NOT perform the upgrade yourself and instead open a ticket with Endian support for assistance in migrating your appliances.
 
If you have hotspots configured as Master and Satellites, it is mandatory that all the systems run the same software version and therefore be migrated at the same time. If you have such a setup, it is suggested to open a ticket with Endian support for directions.

RAID Devices

For those appliances having RAID arrays, it is mandatory to check the integrity of the RAID array  and repair it if damaged. The status of the RAID array can be checked from the console: Look the content of the file /proc/mdstat, whose output looks like:

root@endian:~# cat /proc/mdstat
Personalities : [raid1]
md2 : active raid1 sdb2[1] sda2[0]
205760448 blocks [2/2] [UU]

md1 : active raid1 sdb1[1] sda1[0]
38435392 blocks [2/2] [UU]
unused devices: <none>

What is important is the [UU] string: Whenever you see the [UU] string, the array is correctly working, while the [_U] strings suggests that the array device is in a degraded state. In the later case, do not start the upgrade process, but follow this lesson and (if possible) repair the RAID array.

Disk space

Check that your appliance has enough space on all partitions. Use the following command (a sample output is also provided):
root@endian:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
ubi0:rootfs           463M  192M  271M  42% /
/dev/mmcblk0p4        5.8G  250M  5.2G   5% /var
/dev/mmcblk0p2         97M  6.6M   86M   8% /var/efw
/dev/mmcblk0p1        650M  100M  518M  17% /var/log
tmpfs                 252M     0  252M   0% /dev/shm
tmpfs                 252M   17M  236M   7% /tmp

It is important that all partitions (except /dev/shm) have enough space for the upgrade process to take place. The percentage displayed in the 4th column (Use%) of the output, should be less than 80%. For example, if the /var/log/ partition has only a small amount of space left, the upgrade process might not be logged in its entirety and daemons may stop wroking correctly if they can not write their output on log files.

Endian Netwok

If the system appears as offline on the Endian Network, issue the following command from the console:

root@endian:~# jobcontrol restart enclient
If your system does not yet feature jobcontrol, use the legacy command:
root@endian:~# restartenclient -fd

How the migration works

Step 1: For maximum safety there should be a person physically near the system, who should:

  • Make a backup of the configuration, logs, log archives and database dump. You can either download the backup or put it on a USB Flash Drive.
  • Download the Disaster Recovery Image from Endian Network and create a Disaster Recovery USB Flash Drive (See here for ARM and here for x86).
  • Be able to operate on the system console in case of emergency. Please read the Disaster Recovery document for extensive information.

Step 2: You have to:

  • Make sure that the system is online on Endian Network. Otherwise, the channel switch will not start immediately.
  • Ensure your system is up-to-date and has the latest packages installed .

Step 3: Endian Network will then:

  • Send an action to the system which starts the upgrade process immediately.
  • Update the system (this may take a long time depending on your Internet connection speed).
  • Migrate all configuration files to 2.5.
  • Reboot the system.

Following Along: The upgrade process can be followed

  • Package by package in System > Endian Network > Updates (you may need to refresh the page).
  • On the upgrade log, that can be found after the process has been completed in the “Actions” section of Endian Network.
  • From the console, by looking at the upgrade log file, i.e., at the output of the command:
    root@endian:~# tail -f /var/log/efw-update

What Should I do If Something Goes Wrong?

After the upgrade, please check if the system is running as expected. If the process has not completed successfully, read the troubleshooting guide for the upgrade process. There you will find information and commands that you can use to resolve any issue that should arise during or after the upgrade process.

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request

Comments