All Product Installation and Upgrade Guides

Eyeglass Isilon Edition Upgrade Guide

Home




Read Me First

New Validations. Expect to get warnings post upgrade. This is expected and is a key feature of this release to detect failover conditions that must be addressed to be ready for failover. If you get alarms it is good, so the issues can be fixed.
  1. SyncIQ Domain Mark for fast fail back - checks both clusters to verify if SyncIQ domain mark exists and will raise warning if not found (NOTE: it will raise warning if you did not apply sudo update on step #1)
  2. SPN Delegation for Access zone and IP pool failover - This check AD Delegation was completed to the cluster AD objects and the opposite cluster (cross test). If any test fails it will raise a warning with exactly which delegation permission is missing.
  3. DNS Dual Delegation - This ensures automatic DNS resolution is in place before a failover. This validation will inspect your DNS configuration to determine if the Delegation is correct, A records resolve to subnet service ip's in the correct subnet. If you use Infoblox this validation must be disabled. It only supports standards based Name server delegations and not DNS forwarding.


Before Executing Upgrade Steps 

  1. The upgrade will disrupt Eyeglass services for less than 10 minutes
  2. A VM level snapshot should be taken before upgrade to allow rollback to the previous version of the appliance

Inplace Upgrades

Scenario #1 - Appliances running Open Suse 42.3 OS to the latest release

This option allows customers to upgrade to the latest release without deploying  a new OVF to get the latest operating system. NOTE: OS verson 42.3 no longer recieves security updates and is customers choice to stay on this OS of the appliance. NOTE: The OS is not covered by the support contract. NOTE: Release 2.5.6 is the last release to provide 42.3 installer files.

  1. To check the OS version
  2. ssh as admin user to Eyeglass
  3. type cat /etc/os-release
  4. The OS version is displayed
  5. If Running 42.3 and you wish to stay on this OS version without using new OVF upgrade path, then continue with steps here.

Scenario #2 - Appliances running Open Suse 15.1 OS to the latest release

  1. No special steps
  2. Continue to upgrade instructions here.


Inplace Upgrade -  Installer Download and Upgrade Procedures      

  1. To complete an offline upgrade:
  2. Login to support site with a registered support account https://support.superna.net
  3. Scroll down on page after login to locate the software download validation form.
  4. Screen Shot 2017-08-15 at 8.43.41 PM.png
  5. Get the appliance ID from the about window of the Eyeglass desktop 
  6. Screen Shot 2017-08-15 at 8.45.43 PM.png
  7. Enter the appliance ID and click download button to retrieve the offline installer. NOTE: This command checks for an active support contract, and will only download software if support contract validation is successful. 
  8. Use winscp tool (google winscp download) to copy the offline package onto the appliance with the admin user and password.  
  9. ssh to the Eyeglass appliance and sudo to root command: sudo su -   (you will be prompted for the admin password again)
  10. Make the offline package executable: chmod 755 <filename> 
  11. Run the installer: ./<filename> 
  12. You may be prompted for Phone Home Agreement if not previously set. Enter ‘y’ or ‘n’ to continue.   Phone Home allows remote monitoring and faster support that allows remote log collection.
  13. Once the update is completed, login to the Eyeglass web page.
  14. IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.
  15. Check the About Eyeglass window and verify version shows the version you downloaded.  The full list of releases can be found here.
  16. Complete
  17. Check Post upgrade steps here


Upgrade to A New Appliance from an Old Appliance

  1. Follow the steps in the next sections to complete the backup and restore process from an old appliance to a new appliance


Step 1 - Upgrade Path From Old Appliance Versions to Open Suse 15.1 OS with the latest Release - Backup/Restore Method


All Appliance versions prior to latest version are using Open Suse OS versions that no longer have security patches available (13.1, 13.2 , 42.1, 42.3).  Use this upgrade option to get upgraded to the latest Eyeglass release  and get the latest Open Suse 15.1 OS that includes automatic security patch updates. NOTE:  If you are using an older version appliance backup file some settings are not retained depending on the backup file release version.  The table in this document outlines settings that are migrated.

  1. Follow steps to download the new OVF here
  2. Deploy new Eyeglass VM using the install guide as a reference
  3. NOTE: The new appliance ip address can be different than the old appliance IP.
  4. Reference the table of settings that are migrated in the next section.
  5. After the new appliance is deployed and you can login to the webUI and ssh then continue with the steps below.

Step 1a - Review Table of Migrated Settings if Backup File Version Matches New Appliance Version 



Eyeglass Configuration Item

Source Appliance software version > 1.8.0

Restoring local credentials for clusters

Yes

Restoring licenses keys

Yes

Adjusting licenses keys to latest format

Yes

Job Schedules

Yes

Job Initial state Setting (enabled, disabled)

No

custom settings with igls adv command.

Yes

Restore Notification Center settings1

  1. Post restore Edit Notification Settings and set the

Yes

Restoring failover log history (if available)

Yes

Restoring custom RBAC roles (if available)

Yes

Restoring API tokens  (if available)

Yes (as of 1.9.0)

Restoring Ransomware Defender security guard logs (if available)

Yes

Restoring cluster Configuration reports (if available)

 

Yes

Restoring Current Job state (enabled, disabled, DFS mode) (if available)

Yes

Alarm history

No

Old Backups Archives

No

Cluster Storage Monitor Data (if available)

No

RPO Generated Reports

No

RPO Report Data

No

Failover Scripts

Yes

Ransomware Defender Settings and History (if available)

  • Ransomware Defender History
  • Ransomware Defender ignored list settings
  • Ransomware Defender Statistics
  • Ransomware Defender Settings
  • Security Guard configuration2

2. schedule is restored but no other settings - these need to be re-added manually with user service account and password.

No



Step 1b - Review Historical Eyeglass Data & Settings that are Not Restored before continuing

  1. All existing Eyeglass databases are removed, no backup is made.
  2. NOTE: This will delete databases and they will be rediscovered on startup.  DO NOT USE this method if you have Cluster Storage Monitor or Ransomware Defender historical events or RPO Report data that you need to retain.  Contact support if this applies to you scenario.

Step 2 - Information to Record before Upgrading

  1. Take a screenshot of the Eyeglass Jobs window prior to upgrade.  This can be used as a reference to verify Job state and type.  Example auto type or dfs type.
  2. (if IP pool mode configured) Take a screenshot of the IP Pool failover policy to pool mappings 

Step 3 - Backup Zip File (old appliance) and Restore to New Appliance Procedures

  1. Take an Eyeglass Restore backup from your old Eyeglass appliance.
  2. Download the Restore backup locally and then copy the zip file backup using scp or winscp to the newly deployed Eyeglass Appliance. It should be placed in /tmp folder .
  3. See Restore Backup button that is required versus support backup.  The Restore backup includes SSL private keys, the support backup does not. This applies to Releases > 2.5.3
  4.  
  5. Power off the old Eyeglass appliance. It is not supported to have multiple Eyeglass appliances managing the same clusters.
  6. SSH to new Eyeglass appliance and login as admin (default password 3y3gl4ss). Issue “sudo su -” to enter in root mode (default password 3y3gl4ss).
  7. From the command line execute the command
    1. igls app restore /tmp/<eyeglass_backup.xxxx.zip> --anyrelease
    2. Replacing /tmp/<eyeglass_backup.xxxx.zip> with the name of the Eyeglass Archive file always including full path.
    3. You will be prompted to continue. Enter “y” to continue.
    4. For example:
      1. igls app restore /tmp/eyeglass_backup_17-07-05_20-42-08.zip --anyrelease
      2. Do you want to revert to the archive at /tmp/eyeglass_backup_17-07-05_20-42-08.zip? [y/N]: y
    5. Once the restore is complete continue below
  8. Check Post upgrade steps here

    Post-Upgrade Steps (All Upgrade Paths)


    Validate - Service account permissions, Eyeglass Job Status, Pool Mappings,  Licenses and Cluster Inventory

  1. Mandatory Step - Check minimum permissions sudo section in this document are all in place for your release.  This will generate errors if permissions are not correct.   Use this guide to review sudo permissions.
  2. Login to the new Eyeglass appliance and check:
    1. Open Jobs window and verify all jobs modes are set correctly and appear in either config sync or DFS section.  The screenshot taken before should be used to check the jobs are in the correct mode.  
      1. If the jobs are in the wrong mode please set the mode correctly with the bulk actions menu.
  3. (only If IP Pool failover Mode is configured otherwise skip) use the sceenshot taken above to verify the synciq pool mappings using the DR Dashboard​ mapping screen to verfiy they look correct.
  4. Open License Manager Icon and verify Licences are visible.
  5. Open Inventory Icon and verifyClusters are displayed.
  6. Log in to the Eyeglass web page and open the Eyeglass Main Menu -> Notification Center and verify that the Alarm Severity Filter is correctly set
  7. And verify that the Email Recipients are correctly set with the correct Email Type.
  8. done


Validate - Ransomware Defender, Easy Auditor License Assignment

  1. This step is mandatory to ensure licenses are assigned to the correct cluster.  This release no longer supports auto assigned license mode to clusters
  2. Login to Eyeglass
  3. Open License Manager 
  4. Click on Licensed Devices tab

  5. First STEP: Set each cluster that should NOT be licensed to Unlicensed status using the drop down menu.
  6. 2nd STEP: Set each cluster listed to User Licensed for the product(s) that should be assigned to this cluster.  Example the production writeable clusters should be set to User Licensed for Ransomware Defender or Easy Auditor.
  7. Click the submit button to save.


Copyright Superna LLC