Upgrade Guide


THIS PROCEDURE IS SPECIFICALLY FOR UPGRADE FROM ANY EYEGLASS 1.3 or 1.4 or 1.5 or 1.6 or 1.7 or 1.8 VERSION TO EYEGLASS 1.9.x VERSION



Contents

  1. 1 Pre-Upgrade Steps
    1. 1.1 Record Eyeglass Appliance Eyeglass Configuration Setting Modifications (if you have never changed these values SKIP this step)
  2. 2 Supported Upgrade Paths
  3. 3 Upgrade from 1.5.4 or 1.6 or 1.7 or 1.8 to 1.9.x
    1. 3.1 PREREQUISITE:
    2. 3.2 Online Upgrade (Requires Internet connected appliance with port 443)
    3. 3.3 Offline Upgrade (No Internet connection Available to the appliance)
  4. 4 Upgrade from 1.3.x or 1.4.x or 1.5.x to 1.5.4 (before upgrade to 1.9.x)
    1. 4.1 PRE-REQUISITE:
    2. 4.2 Offline Upgrade
      1. 4.2.1 Upgrade for Eyeglass deployed version 1.4 and lower and openSUSE 13.1
      2. 4.2.2 Upgrade for Eyeglass deployed version between 1.4.1 and 1.5.3 and openSUSE 13.2
  5. 5 Post Upgrade Manual Steps (upgrade from 1.3.x or 1.4.x or 1.5.x or 1.6.x or 1.7.x or 1.8 to 1.9.x)
    1. 5.1 required only if Phone Home was previously enabled - otherwise SKIP this step - or follow steps below to Enable Phone Home for the first time
    2. 5.2 Phone Home
    3. 5.3 Step only applies to upgrades from 1.4.0 OR < 1.5.1 (if this does not apply SKIP this step
      1. 5.3.1 Configuration for SPN Remediation (only applies to 1.4 upgrade path)
      2. 5.3.2 Update Isilon sudoer file when “Eyeglass” user with minimum privileges was used to add the cluster  (only applies to 1.4 upgrade path)
      3. 5.3.3 Update Isilon sudoer file to Enable Open file detection before failover (only applies to < 1.5.1 upgrade path)
    4. 5.4 Step applies upgrades from < R1.6.0
      1. 5.4.1 Update Isilon sudoer file to retrieve data for Cluster Storage Hardware view
    5. 5.5 Steps apply to upgrades from < R1.6.3
      1. 5.5.1 Update EyeglassAdmin Role permissions to Read/Write for Snapshot Schedule and Dedupe Sync
      2. 5.5.2 Update EyeglassAdmin Role permissions for Cluster Configuration Reports - ONEFS 8 ONLY
    6. 5.6 Steps apply to upgrades from < R1.7
    7. 5.7 Steps apply to upgrades from < R1.8


IMPORTANT: THIS UPGRADE INCLUDES A FINAL STEP TO REMOVE ALL HISTORICAL RECORDS AND ALARM RECORDS.


Pre-Upgrade Steps


  1. Record Eyeglass Appliance Eyeglass Configuration Setting Modifications (if you have never changed these values SKIP this step)

    1. Record the global setting on your Eyeglass appliance such as the Replication schedule.  Any customizations will need to be reapplied after the upgrade and a record of the current Eyeglass settings is required.

  1. ssh to the Eyeglass appliance and login as admin (default password 3y3gl4ss).

  2. Type the following commands and record the results.  These are your current global settings:

igls admin schedules list

igls adv initialstate show

igls adv requesttimeout

  

Supported Upgrade Paths

Supported Upgrade paths for standalone Eyeglass appliances:

Depending on the Eyeglass version that you are currently running you may need to follow a multi-step upgrade process.  Please see below for supported upgrade paths.

  1. Eyeglass current version 1.5.4 or previous 1.6 or 1.7 or 1.8 or 1.9 version

    1. Direct upgrade to 1.9.y - follow steps in section Upgrade from 1.5.4 or 1.6 or 1.7 or 1.8 to 1.9.x


  1. Eyeglass current version 1.3.x, 1.4.x or 1.5.x (not 1.5.4)

Upgrade to 1.5.4 first, then upgrade to 1.9.x

    1. For Upgrade to 1.5.4 follow steps in section Upgrade from 1.3.x or 1.4.x or 1.5.x to 1.5.4

    2. Then upgrade to 1.9 following steps in section Upgrade from 1.5.4 or 1.6 or 1.7 or 1.8 to 1.9.x




Upgrade from 1.5.4 or 1.6 or 1.7 or 1.8 to 1.9.x

PREREQUISITE:

  • Installed and operational Eyeglass 1.5.4 or previous 1.6 or 1.7 or 1.8 or 1.9 version

    • If you are running an earlier Eyeglass release you must follow instructions in section Upgrade from 1.3.x or 1.4.x or 1.5.x to 1.5.4 before continuing with this procedure

  • VMware snapshot to backup the Eyeglass appliance prior to applying the update.  This is the only rollback path available to the previous release.  


IMPORTANT:

  • Eyeglass operation will be interrupted briefly during Upgrade for an Eyeglass service restart typically < 10 minutes

  • For Eyeglass updates, when more than one Eyeglass sub-package update is available they all must be applied as there may be dependencies between the packages requiring all updates for Eyeglass to function properly. (Eyeglass sub-packages begin with "eyeglass_" in the package name.)  If prompted, you must also say yes to external dependencies.


Online Upgrade (Requires Internet connected appliance with port 443)

> also requires access allowed to https://storage.googleapis.com/repo.superna.net/eyeglass/production/*

> this URL may also need to be whitelisted


To do an online upgrade to 1.9.x from previous 1.5.4 or 1.6 or 1.7 or 1.8 or 1.9 release:


1.  ssh to the Eyeglass appliance and sudo to root (command sudo su -) or login to the appliance as root.


2.  Run the following command to do the upgrade:


bash -c "$(curl -sL https://goo.gl/qcX7ts)"


3.   Enter ‘y’ to continue with the update.  If prompted, you must say ‘y’ to external dependencies.


4.  You may be prompted for Phone Home Agreement if not previously set.  Enter ‘y’ or ‘n’ to continue.



5.  Once the upgrade is completed, login to the Eyeglass web page.


IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.


6.  Check the About Eyeglass window and verify version numbers are as shown here for Release 1.9.x.




Offline Upgrade (No Internet connection Available to the appliance)


To do an offline upgrade to 1.9 from previous 1.5.4 or 1.6  or 1.7 or 1.8 or 1.9 release: (Eyeglass appliance has no internet access):


1.  Download the Offline install package from the Eyeglass Isilon release table for R1.9.x here.

2.  SCP the offline package on to the appliance.


3.  ssh to the Eyeglass appliance and sudo to root (command sudo su -) or login to the appliance as root.


4.  Make the offline package executable: chmod 755 <filename>


5.  Run the installer: ./<filename>


6.  You may be prompted for Phone Home Agreement if not previously set.  Enter ‘y’ or ‘n’ to continue.


7.  Once the update is completed, login to the Eyeglass web page.


IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.


8.  Check the About Eyeglass window and verify version numbers are as shown here for Release 1.9.x.


Upgrade from 1.3.x or 1.4.x or 1.5.x to 1.5.4 (before upgrade to 1.9.x)

PRE-REQUISITE:

  • Installed and operational Eyeglass 1.3, 1.4 or 1.5

  • VMware snapshot to backup the Eyeglass appliance prior to applying the update.  This is the only rollback path available to the previous release.  


IMPORTANT:

  • Eyeglass operation will be interrupted briefly during Upgrade for an Eyeglass service restart typically < 10 minutes

  • For Eyeglass updates, when more than one Eyeglass sub-package update is available they all must be applied as there may be dependencies between the packages requiring all updates for Eyeglass to function properly. (Eyeglass sub-packages begin with "eyeglass_" in the package name.)  If prompted, you must also say yes to external dependencies.


Offline Upgrade


Offline upgrade path to 1.5.4 from previous 1.3, 1.4 or 1.5  release will depend on whether you have originally deployed your Eyeglass appliance at R1.4 or lower with openSUSE 13.1


  • Eyeglass deployed at R1.4 or lower with openSUSE 13.1: Follow procedure in section Upgrade for Eyeglass deployed version 1.4 and lower and openSUSE 13.1 which will also include steps to upgrade to the openSUSE 13.2 operating system (openSUSE 13.1 no longer supported)


  • Eyeglass deployed at R1.4.1 or higher with openSUSE 13.2: Follow procedure in section Upgrade for Eyeglass deployed version between 1.4.1 and 1.5.3 and openSUSE 13.2

Upgrade for Eyeglass deployed version 1.4 and lower and openSUSE 13.1


Please find below the download links required to perform the Eyeglass appliance upgrade procedure from openSUSE 13.1 to openSUSE 13.2 as described here:

http://documentation.superna.net/eyeglass-isilon-edition/tech-notes/superna-eyeglass-procedure-to-upgrade-the-eyeglass-appliance-from-opensuse-13-1-to-opensuse-13-2


offline upgrade to Eyeglass 1.5.4:

https://storage.cloud.google.com/storage.superna.net/superna-net/eyeglass-offline-1.5.4-16061.run


Eyeglass 1.5.4 OVF:  

https://storage.googleapis.com/storage.superna.net/superna-net/eyeglass-1.5.4-ovf.zip


Upgrade for Eyeglass deployed version between 1.4.1 and 1.5.3 and openSUSE 13.2


1.  Download the Offline install package for 1.5.4 here:

https://storage.cloud.google.com/storage.superna.net/superna-net/eyeglass-offline-1.5.4-16061.run

2.  SCP the offline package on to the appliance.


3.  ssh to the Eyeglass appliance and sudo to root (command sudo su -) or login to the appliance as root.


4.  Make the offline package executable: chmod 755 <filename>


5.  Run the installer: ./<filename>


6.  You may be prompted for Phone Home Agreement if not previously set.  Enter ‘y’ or ‘n’ to continue.


7.  Once the update is completed, login to the Eyeglass web page.


IMPORTANT: Refresh any open Eyeglass window to ensure that you have latest changes.


8.  Check the About Eyeglass window and verify version numbers are for 1.5.4.


9.  Follow instructions in section “Upgrade from 1.5.4 or 1.6 or 1.7 or 1.8  to 1.9.x” to upgrade to R1.9.x


Post Upgrade Manual Steps (upgrade from 1.3.x or 1.4.x or 1.5.x or 1.6.x or 1.7.x or 1.8 to 1.9.x)



  1. required only if Phone Home was previously enabled - otherwise SKIP this step - or follow steps below to Enable Phone Home for the first time

    1. Phone Home

If you previously had Phone Home enabled, it must be re-enabled after the Upgrade.  To re-enable Phone Home post upgrade:

  1. Open the About Eyeglass window from the Eyeglass web page.

  2. Select the Phone Home Support menu on the left.

  3. Select the I agree option.


  1. Step only applies to upgrades from 1.4.0 OR < 1.5.1 (if this does not apply SKIP this step

    1. Configuration for SPN Remediation (only applies to 1.4 upgrade path)

      1. Delegate Isilon cluster machine account in Active Directory.

      2. Steps to delegate can be found here.  We recommend per object delegation. Applied to each cluster AD machine account.

    2. Update Isilon sudoer file when “Eyeglass” user with minimum privileges was used to add the cluster  (only applies to 1.4 upgrade path)

      1. Only if the Isilon clusters on your Eyeglass system have been provisioned using the eyeglass user belonging to the EyeglassAdmin role with minimum privileges, the following update is required in sudoer file on each cluster managed by Eyeglass to support the SPN remediation feature.

      2. Steps to update the cluster sudoer file can be found here in the section “Update Isilon sudoer file for Eyeglass service User (Root Level Commands Needed for Failover).

    3. Update Isilon sudoer file to Enable Open file detection before failover (only applies to < 1.5.1 upgrade path)

      1. NOTE: Verify  If sudoer file has previously been updated for SPN remediation (see link above) then only the following entries need to be added

      2. NOTE: Must be done on all managed clusters

      3. NOTE: for complete list of sudoer settings to validate see here

      4. For OneFS 7.1, 7.2

        1. eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array isi smb openfiles list

      5. For OneFS 8.0

        1. eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array isi smb openfiles list


  1. Step applies upgrades from < R1.6.0

    1. Update Isilon sudoer file to retrieve data for Cluster Storage Hardware view

      1. NOTE: Verify  If sudoer file has previously been updated for SPN remediation (see link above) then only the following entries need to be added

      2. NOTE: Must be done on all managed clusters

      3. NOTE: for complete list of sudoer settings to validate see here

      4. For all OneFS versions

        1. eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array isi status*

        2. eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi status*


  1. Steps apply to upgrades from < R1.6.3

    1. Update EyeglassAdmin Role permissions to Read/Write for Snapshot Schedule and Dedupe Sync

From the Isilon Cluster command line these commands below are executable by ssh as root on Isilon

>> Must be executed for all Isilon Cluster being managed by Eyeglass

      1. Remove current Read Only permission for Job Engine and Snapshot privileges in the EyeglassAdmin Role

isi auth roles modify EyeglassAdmin --remove-priv ISI_PRIV_JOB_ENGINE

isi auth roles modify EyeglassAdmin --remove-priv ISI_PRIV_SNAPSHOT

      1. Add Read Write permission for Job Engine and Snapshot privileges in the EyeglassAdmin Role

isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_JOB_ENGINE

isi auth roles modify EyeglassAdmin --add-priv ISI_PRIV_SNAPSHOT

      1. Verify the change

isi auth roles privileges list EyeglassAdmin -v

You should see following for the Job Engine and Snapshot privileges

--------------------------------------------------------------------------------

      ID: ISI_PRIV_JOB_ENGINE

    Name: Job Engine

     Read Only: No

--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

      ID: ISI_PRIV_SNAPSHOT

    Name: Snapshot

    Read Only: No

--------------------------------------------------------------------------------

    1. Update EyeglassAdmin Role permissions for Cluster Configuration Reports - ONEFS 8 ONLY

From the Isilon Cluster command line these commands below are executable by ssh as root on Isilon

IMPORTANT: Only applies for OneFS 8 clusters

>> Must be executed for all OneFS 8 Isilon Cluster being managed by Eyeglass


      1. Add Read Only permissions in the EyeglassAdmin Role

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_FILE_FILTER

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_HARDENING

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_NDMP

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_MONITORING

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_ANTIVIRUS

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_FTP

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_HTTP

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_NTP

isi auth roles modify EyeglassAdmin --add-priv-ro ISI_PRIV_SYS_UPGRADE



      1. Verify the change

isi auth roles privileges list EyeglassAdmin -v



  1. Steps apply to upgrades from < R1.7

    1. Recommend to set the igls adv requesttimeout to new minimum setting of 300s unless you previously had set to a greater number in which case the larger timeout should be re-applied. A larger value would be used if the ping latency from eyeglass to the cluster is > 30 ms RTT.

NOTE: OneFS 8 also requires 300 as it takes longer to reply with API requests than OneFS 7

      1. Refer to the Eyeglass Admin Guide here to view and update this setting.

    1. Recommend to set the igls adv failovertimeout to new minimum setting of 180 minutes unless you previously had set to a greater number in which case the larger timeout should be re-applied.

      1. Refer to the Eyeglass Admin Guide here to view and update this setting.

  1. Steps apply to upgrades from < R1.8


  1. Update sudoer to enable new validation of time skew on cluster nodes and eyeglass VM.

  1. NOTE: Must be done on all managed clusters

  2. NOTE: for complete list of sudoer settings to validate see here

  3. For all OneFS versions

    1. eyeglass ALL=(ALL) NOPASSWD: /usr/bin/isi_for_array date*