7 Steps to Migrate an Appliance

Overview

This article is a step-by-step guide to migrate CentOS 6 to CentOS 7 Appliance. This is not an automated migration, please read carefully and follow the instructions to avoid any issues on the migration. Swivel Secure highly recommend customers to perform a side-by-side migration with SOC team. Please request details about this support to your sales representative.

Note: Until the current date, no update is possible to be done in CentOS 7, so make sure Swivel Secure products are updated in CentOS 6 first. Updates for CentOS 7 are currently in pending status.

Requirements

Minimum for Stand-Alone and/or High Availability:

  • CPU: 2-Core
  • RAM: 4 GB
  • Free disk space: 80GB
  • AuthControl Sentry 4.1.1 or higher

Recommended for Stand-Alone and/or High Availability:

  • CPU: 4-Core
  • RAM: 8 GB
  • Free disk space: 100GB
  • AuthControl Sentry 4.1.1 or higher

Until the current date updates are not available in CentOS 7, it’s a work in progress and it will be available soon. Just ensure Swivel Secure products are updated in CentOS 6 before migrating it.

Command Line Interface access is required to perform the migration. Please contact to your sales representative relating this subject.

Below steps to be performed in CentOS 7

Step 1 - Backup Options

Backup of Applications Option

This option requires no further actions apart from moving the 2021XXXXXXXXXX-APP file from CentOS 6 appliance to the CentOS 7 appliance.

Backup of System Option

Please follow all below steps.

Backup Full Option

Please follow all below steps.

Keep in mind that this migration process occurs only once when migrating CentOS 6 appliances to CentOS 7 appliances.

Step 2 - Backup MySQL certificates

Before restoring backup from CentOS, make a zip of the folder my.cnf.d. This folder contains SSL certificates. Keep this zipped file in the path it is.

_images/bkpmycnfd.gif

Step 3 - Services Status

Check for all running services. Stop and then start all in the following order:

  1. Tomcat stop
  2. Database stop
  3. Heartbeat stop (if HA appliance)
  4. Mon stop (if HA appliance)
  5. SNMPD stop
  6. Webmin stop
  7. Sendmail stop
_images/StopServices.gif

If any of the above running services does not stop, kill the process via command line. Below command will display Tomcat PID, then use kill command to stop the process.

_images/killtomcat.gif

Start services back in the below order.

  1. Database start
  2. Tomcat start
  3. Heartbeat start (if HA appliance)
  4. Mon start (if HA appliance)
  5. SNMPD start
  6. Webmin start
  7. Sendmail start
_images/restartservices.gif

If any process had to be killed manually, stop it and start again in CMI to ensure consistency. Killing process:

Note: Do not use service nor systemctl command in CLI to start/stop services. Doing so will change permissions on files and it can crash the products causing a lot of headache. These services state must always be managed in CMI (specially Tomcat). There’s one exception in the steps below.

Step 4 - Logs Monitoring

Keep an eye on catalina.out log during the next steps to identify any errors that could be raised. Command:

_images/tailtomcat.gif

Also, command journalctl -f can be used to keep an eye in system logs.

_images/jounralctl.gif

Step 5 - Restore CentOS 6 Backup

Proceed to the restore option in CMI Menu and restore the required CentOS 6 backup.

_images/restorebkp.gif

The error message for the file drdb.conf in the process can be ignored. Do not enter Yes for the last message to restart network. Just press Enter key with no input.

Step 6 - Restore MySQL Certificates

Stop Tomcat in CMI menu. In CLI, access etc folder and remove my.cnf.d generated with the restore. Then unzip my.cnf.d_backup.zip instructed on Step 1 in this article. Restart Database and run command mysql_upgrade –force in CLI. This command looks for incompatibilities with the upgraded MySQL server:

  • It upgrades the system tables in the mysql schema so that you can take advantage of new privileges or capabilities that might have been added.
  • It upgrades the Performance Schema and sys schema.
  • It examines user schemas.
_images/mycndrestore.gif

If mysql_upgrade finds a table with incompatibilities, it performs a table check and, if problems are found, attempts a table repair. If the table cannot be repaired, please refer to the official MariaDB document here. If the rebuild / repair does not work properly, do not insist and recreate CentOS 7. If the issue is persistent, please contact your sales representative for further assistance.

Step 7 - Functional Review

Test and ensure all Swivel Secure products are properly deployed and Sentry users are able to login and logout.