4.7. Procedure – Upgrading Zorp clusters

Purpose: 

To upgrade an existing Zorp cluster to version 7, complete the following steps. Before starting the following procedure, read this entire section carefully. The currently active cluster node will be referred to as node1 in this section. The currently inactive cluster node is designated as node2.

Warning

After starting this procedure, the HA functionality will not be available until all nodes are upgraded.

Warning

After completing this procedure the HA functionality will by provided be Keepalived and the current Heartbeat configuration will be obsolete.

Prerequisites: 

The configuration of every Zorp component must be uploaded and active on the hosts of the cluster. Upload and reload every configuration change from ZMC before starting the upgrade. Also, check the general prerequisites described in Chapter 2, Prerequisites to upgrading to Zorp .

Before starting to upgrade the cluster, upgrade your ZMS host as described in Procedure 4.3, Upgrading Zorp Management Server (ZMS) to version 7.

Note

You can keep the current ZMS host to make sure that node1 remains configurable after starting the upgrade procedure. In this case, install a new ZMS instance as described in Zorp Professional 7 Installation Guide and perform and upgrade as described in Procedure 4.3, Upgrading Zorp Management Server (ZMS) to version 7.

Steps: 

  1. Upgrade node2 as described in Procedure 4.5, Upgrading a host to Zorp 7.

    Warning

    When uploading the configuration from ZMC, upload the configuration only to node2

  2. Initiate a takeover on node2 and perform a comprehensive test of the firewall services. To initiate a takeover, login to node2, and issue the following command: /usr/lib/heartbeat/hb_takeover

  3. Optional step: If you kept your previous ZMS installation, disconnect node2. As a result, if you modify the configuration on node1 and you upload the changes to ZMS, it will not attempt to upload the changes to node2

    1. Login to the not upgraded ZMS (version 6) with ZMC.

    2. Navigate to Management > Connections....

    3. Select node2.

    4. Click Disconnect.

  4. Optional step: If you kept your previous ZMS installation, tighten the local service rule (for details, see Section 9.4, Local services on Zorp in Zorp Professional 7 Administrator Guide) so that node1 only accepts management connections from the corresponding ZMS (version 6) instance.

    1. Login to the kept ZMS instance with ZMC (version 6).

  5. Configure keepalived on node2.

  6. Stop Heartbeat on node1.

  7. Start keepalived on node2.

  8. Closing steps:

    1. Perform a comprehensive test of the firewall services while node2 is active. After the testing period is finished and you determine that the upgraded node is stable, start the following steps:

    2. Upgrade node1.

    3. Bootstrap node1 from Zorp Management Server. For details, see Procedure 13.3.4, Configuring recovery connections in Zorp Professional 7 Administrator Guide.

      Warning

      If you kept your previous ZMS installation, bootstrap node1 from the newly installed ZMS instance (version 7)

    4. Mark node1 as the active node by perfoming a HA takeover.

    5. Perform a comprehensive test of the firewall services while node1 is active. After the testing period is finished and you determine that the upgraded node is stable, perform a standby on node1.

  9. On the Zorp Management Server:

    1. Restore the Zorp Management Server database from the backup. For details, see Procedure 13.1.2.2, Restoring a ZMS database backup in Zorp Professional 7 Administrator Guide.

    2. Connect to the Zorp Management Server with the Zorp Management Console.

    3. To upload the host configuration to the host, click Upload/All.

    4. Reboot.

Previous Up Next
 Home