Upgrade Guide


THIS PROCEDURE IS SPECIFICALLY FOR UPGRADE FROM ANY EYEGLASS 1.3 or 1.4 or 1.5 or 1.6 or 1.7 or 1.8 VERSION TO EYEGLASS 1.9.x VERSION Latest Appliance





IMPORTANT: THIS UPGRADE INCLUDES A FINAL STEP TO REMOVE ALL HISTORICAL RECORDS AND ALARM RECORDS.


Pre-Upgrade Steps


  1. Record Eyeglass Appliance Eyeglass Configuration Setting Modifications (if you have never changed these values SKIP this step)

    1. Record the global setting on your Eyeglass appliance such as the Replication schedule.  Any customizations will need to be reapplied after the upgrade and a record of the current Eyeglass settings is required.

  1. ssh to the Eyeglass appliance and login as admin (default password 3y3gl4ss).

  2. Type the following commands and record the results.  These are your current global settings:

igls adv requesttimeout

  

Upgrade path for Appliances DEPLOYED below R1.9.0 (OpenSUSE 13.1 or 13.2) to Latest OVF (OpenSUSE 42.2)

  • The appliances that shipped with Eyeglass Release below 1.9.0 are based on OpenSuse 13.1 and 13.2 which are no longer of OS patch availability.

  • The new upgrade process will allow an any release Eyeglass upgrade to latest OVF appliance which is based on OpenSuse 42.2 OS that has patches available from OpenSuse.

  • If your appliance was deployed prior to release 1.9.0,  you will need to follow this upgrade process

    • How to check the version of your OVF?

    • The appliance ID indicates the initial version of the OVF that was deployed.

    • See image below shows a 1.5.4 OVF

    • about igls.png


New upgrade process allows new OVF to be deployed and use backup restore feature, to restore a backup file from an older appliance to a new appliance.  NOTE:  This means some settings are not retained depending on the backup file release version. If unsure contact support if you have concerns on upgrade and settings.


Table of Migrated Settings  

 

 

Eyeglass Configuration Item

Source >1.3

Source > 1.5.3 and < 1.8

Source > 1.8.0

Restoring local credentials for clusters

Yes

Yes

Yes

Restoring licenses keys

No

Re-add manually

Yes

Yes

Adjusting licenses keys to latest format

Yes

Yes

Yes

Job Schedules

No

Yes

Yes

Job Initial state Setting (enabled, disabled)

No

No

No

custom settings with igls adv command.

Yes

Yes

Yes

Restore Notification Center settings1

  1. Post restore Edit Notification Settings and set the

Yes - requires post restore config

Yes - requires post restore config


Yes

Restoring failover log history (if available)

Yes

Yes

Yes

Restoring custom RBAC roles (if available)

No

No

Yes

Restoring API tokens  (if available)

No

No

Yes (as of 1.9.0)

Restoring Ransomware Defender security guard logs (if available)

N/A

N/A

Yes

Restoring cluster Configuration reports (if available)

 

No

No

Yes

Restoring Current Job state (enabled, disabled, DFS mode) (if available)

No

No

Yes

Alarm history

No

No

No

Old Backups Archives

No

No

No

Cluster Storage Monitor Data (if available)

N/A

No

No

RPO Generated Reports

No

No

No

RPO Report Data

No

No

No

Failover Scripts

N/A

Yes

Yes

Ransomware Defender Settings and History (if available)

  • Ransomware Defender History

  • Ransomware Defender ignored list settings

  • Ransomware Defender Statistics

  • Ransomware Defender Settings

  • Security Guard configuration2

2. schedule is restored but no other settings - these need to be re-added manually

N/A

N/A

No


 


Upgrade Steps from any release OVF to the latest OVF Appliance

The restore command  accepts a new  argument --anyrelease. Using the --anyrelease flag in restore will allow you to restore an old backup into a current version of Eyeglass.

Exclusions

  • All existing Eyeglass databases are removed, no backup is made.

  • NOTE: This will delete databases and they will be rediscovered on startup.  DO NOT USE this method if you have Cluster Storage Monitor or Ransomware Defender or RPO Report data with historical records that you need to retain.  Contact support.

  • View the Table of Migrated Settings section for detailed description of what is restored based on the original release

Prerequisites

  • Take a screenshot of the Eyeglass Jobs window prior to upgrade.  This can be used as a reference to verify Job state post restore.


Procedure

  1. Take an Eyeglass full backup from your old Eyeglass appliance.

  2. Download the full backup locally and then copy the zip file backup using scp or winscp to the newly deployed Eyeglass Appliance. It could be place in /tmp for example.

  3. Power off the old Eyeglass appliance.  It is not supported to have multiple Eyeglass appliances managing the same clusters.

  4. SSH to new Eyeglass appliance and login as admin (default password 3y3gl4ss). Issue “sudo su -” to enter in root mode (default password 3y3gl4ss).

  5. From the command line execute the command

    1. igls app restore /tmp/<eyeglass_backup.xxxx.zip> --anyrelease

    2. Replacing /tmp/<eyeglass_backup.xxxx.zip> with the name of the Eyeglass Archive file always including full path.

    3. You will be prompted to continue. Enter “y” to continue.

    4. For example:

# igls app restore /tmp/eyeglass_backup_17-07-05_20-42-08.zip --anyrelease

Do you want to revert to the archive at /tmp/eyeglass_backup_17-07-05_20-42-08.zip? [y/N]: y

  1. Login to the new Eyeglass appliance and check if:

    1. Licences have been added.

    2. Clusters have been added.

NOTE: If your cluster is running original 7.2.x.x, 8.0.0.0, 8.0.0.1, 8.0.0.2 the TLS security protocols allowed weaker security algorithms and key sizes.  Eyeglass 1.9 OVF and later has hardened security settings.  In this case you may need to edit file below in order for clusters to be added

/opt/superna/java/jre1.8.0_05/lib/security/java.security

and comment out the line “jdk.tls.disabledAlgorithms=MD5, SHA1, DSA, RSA keySize < 2048, SSLv2Hello, SSLv3, TLSv1, TLSv1.1”

      • After editing this file an Eyeglass sca service restart is required

systemctl restart sca

    1. Failover and Failback History preserved.

    2. If Eyeglass version above 1.8.0 the ability to restore jobs to previous state was introduced. DFS settings should be enabled and job state should be set to previous values (enabled or disabled).

  1. Done.

Option to remain on OpenSUSE 13.1 or 13.2 Eyeglass Appliance

The procedure below provide an option to upgrade to the latest release while remaining on an OpenSUSE 13.1 or 13.2 Eyeglass appliance is you are running Eyeglass 1.6.3 or higher.  
IMPORTANT:

  • OpenSuse 13.1 and 13.2 are no longer of OS patch availability

  • Eyeglass Releases deployed on 13.1 and 13.2 are EOL or Notice for EOL as documented here

Prerequisites

  • VMware snapshot to backup the Eyeglass appliance prior to applying the update.  This is the only rollback path available to the previous release.

Procedure - Offline Upgrade (No Internet connection Available to the appliance)

  1. To do an offline upgrade from 1.6.3 or greater on OpenSUSE 13.1 or 13.2: (Eyeglass appliance has no internet access):

  2. Download the Offline install package from the Eyeglass Isilon release table  here.

  3. SCP (winscp) the offline package onto the appliance.

  4. ssh to the Eyeglass appliance and sudo to root (command sudo su -) or login to the appliance as root.

  5. Make the offline package executable: chmod 755 <filename>

  6. Run the installer: ./<filename> -- -force

  7. You may be prompted for Phone Home Agreement if not previously set.  Enter ‘y’ or ‘n’ to continue.

  8. Once the update is completed, login to the Eyeglass web page.

  9. IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.

  10. Check the About Eyeglass window and verify version numbers are as shown here.

  11. Complete.

Post Upgrade Checks

  1. Verify your initial settings as per the pre-requisite step.

  2. If using the eyeglass service account to add the Isilon Clusters to Eyeglass ensure that all permissions have been created for the eyeglass service account in Isilon and all sudoer file updates have been done as per this document here.

  3. Log in to the Eyeglass web page and open the Eyeglass Main Menu -> Notification Center and verify that the Alarm Severity Filter is correctly set

  1. And verify that the Email Recipients are correctly set with the correct Email Type.


Upgrade from 1.9.0 with OpenSUSE 42.2 to Any new Release

PREREQUISITES

  • VMware snapshot to backup the Eyeglass appliance prior to applying the update.  This is the only rollback path available to the previous release.

  • Eyeglass appliance must be on the OpenSUSE 42.2 operating system

    • Check by ssh to the Eyeglass appliance and execute the command

cat /etc/os-release

VERSION should be 42.2


IMPORTANT:

  • Eyeglass operation will be interrupted briefly during Upgrade for an Eyeglass service restart typically < 10 minutes

  • For Eyeglass updates, when more than one Eyeglass sub-package update is available they all must be applied as there may be dependencies between the packages requiring all updates for Eyeglass to function properly. (Eyeglass sub-packages begin with "eyeglass_" in the package name.)  If prompted, you must also say yes to external dependencies.

Online Upgrade (Requires Internet connected appliance with port 443)

> also requires access allowed to https://storage.googleapis.com/repo.superna.net/eyeglass/production/*

> this URL may also need to be whitelisted

To do an online upgrade to a release > 1.9.0:


1.  ssh to the Eyeglass appliance and sudo to root (command sudo su -) or login to the appliance as root.


2.  Run the following command to do the upgrade:


bash -c "$(curl -sL https://goo.gl/qcX7ts)"


3.   Enter ‘y’ to continue with the update.  If prompted, you must say ‘y’ to external dependencies.

4.  You may be prompted for Phone Home Agreement if not previously set.  Enter ‘y’ or ‘n’ to continue.

5.  Once the upgrade is completed, login to the Eyeglass web page.

IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.

6.  Check the About Eyeglass window and verify version numbers are as shown here for the Release you upgraded to.

  1. Complete.


Offline Upgrade (No Internet connection Available to the appliance)


To do an offline upgrade to a release > 1.9.0: (Eyeglass appliance has no internet access):


1.  Download the Offline install package from the Eyeglass Isilon release table  here.

2.  SCP (winscp) the offline package onto the appliance.


3.  ssh to the Eyeglass appliance and sudo to root (command sudo su -) or login to the appliance as root.


4.  Make the offline package executable: chmod 755 <filename>


5.  Run the installer: ./<filename>


6.  You may be prompted for Phone Home Agreement if not previously set.  Enter ‘y’ or ‘n’ to continue.


7.  Once the update is completed, login to the Eyeglass web page.


IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.


8.  Check the About Eyeglass window and verify version numbers are as shown here.

  1. Complete.