Upgrade process

This documentation provides the technical steps for upgrading Opsview Monitor, including version-specific requirements, pre-deployment checks, and how to run the upgrade using Opsview Deploy. Before proceeding, ensure to review upgrade considerations.

Upgrading from 6.7.x or older to 6.8.x or newer Copied

Note

As part of the upgrade process, running the check_deploy playbook will flag any fields that should be reduced prior to upgrading with a "Value … was too long" or "Value … is longer than 191 chars" message.

Upgrading from 6.9.0 or older to 6.9.1 or newer Copied

Due to a repository key change, you must add the new repository key to your Debian or Ubuntu system before the upgrade.

Before proceeding with the upgrade, run the following command as root from the orchestrator to update the key on all non-remotely managed collector systems:

/opt/opsview/deploy/bin/rc.ansible ansible all -m shell -a 'test -d /usr/share/keyrings && ( curl -Os https://downloads.opsview.com/OPSVIEW-APT-KEY-2024.asc && echo "f095452e85790a0e1d3382468fced72fba1632da14a0e9ca649a888a0c38db12 OPSVIEW-APT-KEY-2024.asc" | sha256sum -c && cat OPSVIEW-APT-KEY-2024.asc | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null ) || true'

If you do not have access to the internet, the actual key string can be added instead with:

/opt/opsview/deploy/bin/rc.ansible ansible all -m shell -a 'test -d /usr/share/keyrings && ( printf -- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGXCQIwBDACiD5D1qlC35JtUwPGcy+n7eJIX9aSdjG5hWadMjZryyUadLTMc\nsNdDB0jblxeu4CFAe7g3LNJTnNlF6NpWHVz0fZ8R0jW2rNjlaoVgUrtn8OTshz3t\nQ+9/TRSONt+D1xl3+O8p+XUg8jDr07+izxzWstD9M3j2KWuc3ts4DimRQkmdnv+Q\nyd1fEpq1Z1djgB4aSCe10LzMY8AIPRMsrMyhJWz287D1sEnAYP66zrLTHKeWmeRY\nQBKNzA3Fhgo4g95j/IJPaYATQV6/oqyrD/Gtu/8N3Brr1popE+1NVdcmbY7M7yox\nYB6NnWKGKH+4vR9k4sNgrPp9g+WI0e1ZV8dXE0fCK6EJNUO9ZIOqr3uHrAF6ESmh\ndnc672jT4QLnhvWVOHrUYo3XUPhGhZA33MUxdsrK14y1iOQfa1g7WzZ2zLSs251/\nLGlxUN5VHIejSNcbRsbJkOGhn+dTop8NZgBVaiY5my6cAgsSW3O0yS24vodKw3ln\nERH54Rnff53+odUAEQEAAbRMT3BzdmlldyByZXBvc2l0b3JpZXMgKGh0dHBzOi8v\nZG93bmxvYWRzLm9wc3ZpZXcuY29tKSA8c3VwcG9ydEBpdHJzZ3JvdXAuY29tPokB\n0QQTAQgAOxYhBM+iZ8I4zbrWrT12Kzeseua0tpoLBQJlwkCMAhsDBQsJCAcCAiIC\nBhUKCQgLAgQWAgMBAh4HAheAAAoJEDeseua0tpoLXGEL/0I8cBhqnoro1yQV3Rmx\nnwM5aOF5kP1Pla78suceG9eiM0sMohur+K4mVM+Rx5l+ZLI3c/YfXnNLDl9SRCCX\nNaKAB2w60EWxzh734iwsOzN4B4WuYlilAt6QZ8qQP951A8++Sg9zTCRNg3B50BdL\nFO5v4KHQS8hcZWp5bxulSLQpQXxQNrtE+1haD6jeAbkeUHQfglYAywnhPQvShTAs\nzPOj/SclbgjX/9MRIXrVzztOsrpq2nSfihDiTfGCCTB1n1YyyLV9ib64ePxFjLtv\nqNMYf9G0QOgM8wqgzfMa92vFowMiJBn20uWzRbbj8GYlhumsMGqxrFri9r1AuGXY\nZygsoNpsi1VvBClSi48Dei8ChC4kQFwVz3WqFUUlHkc3TtigZATu7wUQmEzkSPkB\nT8pNgpOgVwgUChIbcS2EY54k2uZUZOHVad3ffyePLLB/eHotne+OKG67ebrXhFl9\nXkhGt5qCeRSxjw2NtfkycOdMLFnhdR9l7gfnUYUmrxSgSLkBjQRlwkCMAQwAknuc\nj5TN0ZxTapwMsg4gCY1NeKqptPQWe8FnGhak+Pj1ubL5TJovXwTqw0z30c2nI1zN\nJFbI5azfwDCMjHwey+JyqC0pdHn0I2jD2aGEnneZnwHjGaC+pULIWFAJwozOz0u1\nmMBgm5XcHDDatOIL0Zb8XkQgZR6h1mOxaoGWSrw4mqrU9BFENsdSXt+EBML58m0U\nzCcgRnWDCRzzPrxkiL1i4kw/Zuk1834R3GoABM19jzWzRP8nu+fS+urcHimWjWT7\nJaWCSO+961VXF69wqnd+bL0bvAGbuOuv1cGkrppR9pG8X8Hf+tHH6Afv3m/tmBld\nheonNcPNrsvaApqP7bSCjqiz0swlyPLw58ykqHrQ8G0ekMnVkXhEVMuqsNO+gJnF\neyJ9ijhTp6Ylh/mIfevmHtlqHbA+Uwsl81Mnv/+SzzRjrU3U9rMnKTb8UE9/yQQR\nppN73/dOpnGi2oLoY4rYi4+Iju4M06If28Yd6U5/UMSasNCcd2SJaB5+RFJzABEB\nAAGJAbYEGAEIACAWIQTPomfCOM261q09dis3rHrmtLaaCwUCZcJAjAIbDAAKCRA3\nrHrmtLaaCwJuC/4vpxxUKaI7+6q7vkWALc8coZ65ytZ8cXeFIAQIkX0L97fJraq1\n9yMxu1FdfaceE7bDIEPWPgiciaV7t+qGeDgmrInBpmqp51r3YJxx8zWiO6Y7pvoG\n/nlFNl4ZXZAEu7PtrcFaUNMgqP+EPAz0S3j32RIlMAOFTetxNEr0BoowlrMy6kCd\nqMBaN6rJLGH3U8yeNFHttKN32AvfIak+PRM6kVmdh+VCRpJlrpbb1JmeDF22Z5RW\nqNVPvgV5meSHiK1y8YMMsQSXNf8h2vbDn4K2HMpWUTjtdlPnsComuFv/+Laykbb7\nhkPy2bPwZgDDpViHx1O7wRaQQhjaMD/Iaohh6ynpsEZe9asXUpXOA49McQBQxNGb\nEKguzPusnnjwtbXbfPKLQGqGm4x7wQkB0JbTUarL8Jw1wXlyaibOSOkaCXTqMiFx\nbO/9XIX0oWLiOQYj+vFr/TaTXA8HEdEswwTZrirYHK0zAYDcU3AcFKIqVjUWeMkr\nl+F2x62WJX7sDGE=\n=Yi2S\n-----END PGP PUBLIC KEY BLOCK-----" | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null ) || true'

Make sure to specify the location of the key within /etc/apt/sources.list.d/opsview.list. It should be placed between deb and the Opsview URL.

[signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg]

If these are not carried out, you may encounter the error: The following signatures couldn't be verified because the public key is not available.

Opsview Deploy Copied

Upgrading to a new version of Opsview Monitor will take you through the following steps, either automated or manually:

  1. Add the package repository for the new version of Opsview Monitor.
  2. Install the latest Opsview Deploy (opsview-deploy) package.
  3. Install the latest Opsview Python (opsview-python3) package.
  4. Re-run the installation playbooks to upgrade to the new version.

Once the upgrade has completed, all hosts managed by Opsview Deploy will have been upgraded to the latest version of Opsview Monitor.

Note

Running the curl commands will start the upgrade process. Only execute it when ready.

Automated Upgrade Copied

  1. Configure the correct Opsview Monitor package repository and update opsview-deploy to the corresponding version by running the command.

    curl -sLo- https://deploy.opsview.com/6.x | sudo bash -s -- --only repository,bootstrap
    

    You must replace 6.x with the correct version you want to upgrade to.

  2. Validate if your system is ready for upgrading, and set up python on all systems (installing if needed) by running the command:

    root:~# cd /opt/opsview/deploy
    root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/check-deploy.yml
    
  3. Continue to upgrade your system by running this command.

    root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/setup-everything.yml
    

Once completed, you can proceed with the post-upgrade tasks.

Manual Upgrade Copied

Amend your Opsview repository configuration to point to the 6.10.x release.

RHEL and OL Copied

Check if the contents of /etc/yum.repos.d/opsview.repo matches the following, such as the version number specified within the baseurl line.

[opsview]
name    = Opsview Monitor
baseurl = https://downloads.opsview.com/opsview-commercial/6.x/yum/rhel/$releasever/$basearch
enabled = yes
gpgkey  = https://downloads.opsview.com/OPSVIEW-RPM-KEY-2024.asc

You must replace 6.x with the correct version you want to upgrade to.

Debian and Ubuntu Copied

Check if the contents of /etc/apt/sources.list.d/opsview.list matches the following, such as the version number specified within the URL. You should replace focal with your OS name (as per other files within the same directory).

deb [signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg] https://downloads.opsview.com/opsview-commercial/6.x/apt focal main

Update Opsview Deploy Copied

Run the command for RHEL and OL:

yum makecache
yum install opsview-deploy

Run the command for Debian and Ubuntu:

apt-get update
apt-get install opsview-deploy

Pre-deployment checks Copied

Before running opsview-deploy, we recommend that you check the following list of items.

Manual checks Copied

What Where Why
All YAML files follow correct YAML format opsview_deploy.yml, user_*.yml Each YAML file is parsed each time opsview-deploy runs.
All hostnames are FQDNs opsview_deploy.yml If Opsview Deploy cannot detect the host’s domain, the fallback domain opsview.local will be used instead.
SSH user and SSH port have been set on each host opsview_deploy.yml If these aren’t specified, the default SSH client configuration will be used instead.
Any host-specific vars are applied in the host’s vars in opsview_deploy.yml opsview_deploy.yml, user_*.yml Configuration in user_*.yml is applied to all hosts.
An IP address has been set on each host opsview_deploy.yml If no IP address is specified, the deployment host will try to resolve each host every time.
All necessary ports are allowed on local and remote firewalls All hosts Opsview requires various ports for inter-process communication. See Ports.
If you have rehoming user_upgrade_vars.yml Deploy now configures rehoming automatically. See Rehoming.
If you have Ignore IP in Authentication Cookie enabled user_upgrade_vars.yml Ignore IP in Authentication Cookie is now controlled in Deploy. See Rehoming.
Webserver HTTP/HTTPS preference declared user_vars.yml In Opsview 6, HTTPS is enabled by default, to enforce HTTP-only then you need to set opsview_webserver_use_ssl: False. See opsview-web-app.

Example of opsview-deploy.yml:

---
orchestrator_hosts:
  # Use an FQDN here
  my-host.net.local:
    # Ensure that an IP address is specified
    ip: 10.2.0.1
    # Set the remote user for SSH (if not default of 'root')
    ssh_user: cloud-user
    # Set the remote port for SSH (if not default of port 22)
    ssh_port: 9022
    # Additional host-specific vars
    vars:
      # Path to SSH private key
      ansible_ssh_private_key_file: /path/to/ssh/private/key

Automated checks Copied

Opsview Deploy can also look for (and resolve some) issues automatically. Before executing setup-hosts.yml or setup-everything.yml, run the check-deploy.yml playbook. Starting with Opsview 6.6.x, this playbook will additionally set up Python on all systems used:

root:~# cd /opt/opsview/deploy
root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/check-deploy.yml

If any potential issues are detected, a required action recap will be added to the output when the play finishes.

Check Notes or Limitations Severity
Deprecated variables Checks for: opsview_domain, opsview_manage_etc_hosts MEDIUM
Connectivity to EMS server No automatic detection of EMS URL in opsview.conf overrides HIGH
Connectivity to Opsview repository No automatic detection of overridden repository URL(s) HIGH
Connectivity between remote hosts Only includes LoadBalancer ports. Erlang distribution ports, for example, are not checked MEDIUM
FIPS crypto enabled Checks value of /proc/sys/crypto/fips_enabled HIGH
SELinux enabled SELinux will be set to permissive mode later on in the process by setup-hosts.yml, if necessary LOW
Unexpected umask Checks umask in /bin/bash for root and nobody users. Expects either 0022 or 0002 LOW
Unexpected STDOUT starting shells Checks for any data on STDOUT when running /bin/bash -l LOW
Availability of SUDO Checks whether Ansible can escalate permissions (using sudo) HIGH

When a check is failed, an action is generated. Each of these actions is formatted and displayed when the play finishes and at the end of the output, these are sorted by their severity.

The severity levels are:

Severity Description
HIGH Will certainly prevent Opsview from installing or operating correctly.
MEDIUM May prevent Opsview from installing or operating correctly.
LOW Unlikely to cause issues but may contain useful information.

By default, the check_deploy role will fail if any actions are generated with MEDIUM or HIGH severity. To modify this behaviour, set the following in user_vars.yml:

check_action_fail_severity: MEDIUM

The actions at this severity or higher will result in a failure at the end of the role.

The following example shows the two MEDIUM severity issues generated after executing check-deploy playbook.

REQUIRED ACTION RECAP **************************************************************************************************************************************************************************************************************************

[MEDIUM -> my-host] Deprecated variable: opsview_domain
  | To set the host's domain, configure an FQDN in opsview_deploy.yml.
  |
  | For example:
  |
  | >>  opsview-host.my-domain.com:
  | >>    ip: 1.2.3.4
  |
  | Alternatively, you can set the domain globally by adding opsview_host_domain to your user_*.yml:
  |
  | >>  opsview_host_domain: my-domain.com

[MEDIUM -> my-host] Deprecated variable: opsview_manage_etc_hosts
  | To configure /etc/hosts, add opsview_host_update_etc_hosts to your user_*.yml:
  |
  | >>  opsview_host_update_etc_hosts: true
  |
  | The options are:
  | - true   Add all hosts to /etc/hosts
  | - auto   Add any hosts which cannot be resolved to /etc/hosts
  | - false  Do not update /etc/hosts


Thursday 21 February 2019  17:27:31 +0000 (0:00:01.060)       0:00:01.181 *****
===============================================================================
check_deploy : Check deprecated vars in user configuration ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1.06s
check_deploy : Check for 'become: yes' -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.03s

*** [PLAYBOOK EXECUTION SUCCESS] **********

Run Opsview Deploy Copied

  1. Run the command to validate if your system is ready for upgrading:

    root:~# cd /opt/opsview/deploy
    root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/check-deploy.yml
    
  2. Run the command to continue with the upgrade:

    root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/setup-everything.yml
    
["Opsview On-Premises"] ["User Guide", "Technical Reference"]

Was this topic helpful?