Upgrade process
This documentation provides the technical steps for upgrading Opsview Monitor, including version-specific requirements, pre-deployment checks, and how to run the upgrade using Opsview Deploy. Before proceeding, ensure to review upgrade considerations.
Upgrading from 6.7.x or older to 6.8.x or newer Copied
-
Ensure that you have completed the steps at Database Migration for SQL strict Mode.
-
The character limit for certain database table columns has been reduced from 255 to 191 characters. Review your data and shorten any entries that exceed this limit before upgrading:
opsview.time_zones(namecolumn)opsview.collectors(namecolumn)opsview.hostsnmpinterfaces(interfacenamecolumn)opsview.hosttemplatemanagementurls(namecolumn)opsview.modules(namespace column)runtime.opsview_performance_metrics(metricnamecolumn)runtime.opsview_perfdata_meta(series_nameandmetriccolumn)runtime.nagios_objects(all columns)
Note
As part of the upgrade process, running thecheck_deployplaybook will flag any fields that should be reduced prior to upgrading with a"Value … was too long"or"Value … is longer than 191 chars"message.
- If data was previously inserted that violated constraints on certain fields, then following the upgrade, you may see warnings from the UI or REST API about invalid data. To resolve this issue, see Opsview Character Support.
Upgrading from 6.9.0 or older to 6.9.1 or newer Copied
Due to a repository key change, you must add the new repository key to your Debian or Ubuntu system before the upgrade.
Before proceeding with the upgrade, run the following command as root from the orchestrator to update the key on all non-remotely managed collector systems:
/opt/opsview/deploy/bin/rc.ansible ansible all -m shell -a 'test -d /usr/share/keyrings && ( curl -Os https://downloads.opsview.com/OPSVIEW-APT-KEY-2024.asc && echo "f095452e85790a0e1d3382468fced72fba1632da14a0e9ca649a888a0c38db12 OPSVIEW-APT-KEY-2024.asc" | sha256sum -c && cat OPSVIEW-APT-KEY-2024.asc | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null ) || true'
If you do not have access to the internet, the actual key string can be added instead with:
/opt/opsview/deploy/bin/rc.ansible ansible all -m shell -a 'test -d /usr/share/keyrings && ( printf -- "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQGNBGXCQIwBDACiD5D1qlC35JtUwPGcy+n7eJIX9aSdjG5hWadMjZryyUadLTMc\nsNdDB0jblxeu4CFAe7g3LNJTnNlF6NpWHVz0fZ8R0jW2rNjlaoVgUrtn8OTshz3t\nQ+9/TRSONt+D1xl3+O8p+XUg8jDr07+izxzWstD9M3j2KWuc3ts4DimRQkmdnv+Q\nyd1fEpq1Z1djgB4aSCe10LzMY8AIPRMsrMyhJWz287D1sEnAYP66zrLTHKeWmeRY\nQBKNzA3Fhgo4g95j/IJPaYATQV6/oqyrD/Gtu/8N3Brr1popE+1NVdcmbY7M7yox\nYB6NnWKGKH+4vR9k4sNgrPp9g+WI0e1ZV8dXE0fCK6EJNUO9ZIOqr3uHrAF6ESmh\ndnc672jT4QLnhvWVOHrUYo3XUPhGhZA33MUxdsrK14y1iOQfa1g7WzZ2zLSs251/\nLGlxUN5VHIejSNcbRsbJkOGhn+dTop8NZgBVaiY5my6cAgsSW3O0yS24vodKw3ln\nERH54Rnff53+odUAEQEAAbRMT3BzdmlldyByZXBvc2l0b3JpZXMgKGh0dHBzOi8v\nZG93bmxvYWRzLm9wc3ZpZXcuY29tKSA8c3VwcG9ydEBpdHJzZ3JvdXAuY29tPokB\n0QQTAQgAOxYhBM+iZ8I4zbrWrT12Kzeseua0tpoLBQJlwkCMAhsDBQsJCAcCAiIC\nBhUKCQgLAgQWAgMBAh4HAheAAAoJEDeseua0tpoLXGEL/0I8cBhqnoro1yQV3Rmx\nnwM5aOF5kP1Pla78suceG9eiM0sMohur+K4mVM+Rx5l+ZLI3c/YfXnNLDl9SRCCX\nNaKAB2w60EWxzh734iwsOzN4B4WuYlilAt6QZ8qQP951A8++Sg9zTCRNg3B50BdL\nFO5v4KHQS8hcZWp5bxulSLQpQXxQNrtE+1haD6jeAbkeUHQfglYAywnhPQvShTAs\nzPOj/SclbgjX/9MRIXrVzztOsrpq2nSfihDiTfGCCTB1n1YyyLV9ib64ePxFjLtv\nqNMYf9G0QOgM8wqgzfMa92vFowMiJBn20uWzRbbj8GYlhumsMGqxrFri9r1AuGXY\nZygsoNpsi1VvBClSi48Dei8ChC4kQFwVz3WqFUUlHkc3TtigZATu7wUQmEzkSPkB\nT8pNgpOgVwgUChIbcS2EY54k2uZUZOHVad3ffyePLLB/eHotne+OKG67ebrXhFl9\nXkhGt5qCeRSxjw2NtfkycOdMLFnhdR9l7gfnUYUmrxSgSLkBjQRlwkCMAQwAknuc\nj5TN0ZxTapwMsg4gCY1NeKqptPQWe8FnGhak+Pj1ubL5TJovXwTqw0z30c2nI1zN\nJFbI5azfwDCMjHwey+JyqC0pdHn0I2jD2aGEnneZnwHjGaC+pULIWFAJwozOz0u1\nmMBgm5XcHDDatOIL0Zb8XkQgZR6h1mOxaoGWSrw4mqrU9BFENsdSXt+EBML58m0U\nzCcgRnWDCRzzPrxkiL1i4kw/Zuk1834R3GoABM19jzWzRP8nu+fS+urcHimWjWT7\nJaWCSO+961VXF69wqnd+bL0bvAGbuOuv1cGkrppR9pG8X8Hf+tHH6Afv3m/tmBld\nheonNcPNrsvaApqP7bSCjqiz0swlyPLw58ykqHrQ8G0ekMnVkXhEVMuqsNO+gJnF\neyJ9ijhTp6Ylh/mIfevmHtlqHbA+Uwsl81Mnv/+SzzRjrU3U9rMnKTb8UE9/yQQR\nppN73/dOpnGi2oLoY4rYi4+Iju4M06If28Yd6U5/UMSasNCcd2SJaB5+RFJzABEB\nAAGJAbYEGAEIACAWIQTPomfCOM261q09dis3rHrmtLaaCwUCZcJAjAIbDAAKCRA3\nrHrmtLaaCwJuC/4vpxxUKaI7+6q7vkWALc8coZ65ytZ8cXeFIAQIkX0L97fJraq1\n9yMxu1FdfaceE7bDIEPWPgiciaV7t+qGeDgmrInBpmqp51r3YJxx8zWiO6Y7pvoG\n/nlFNl4ZXZAEu7PtrcFaUNMgqP+EPAz0S3j32RIlMAOFTetxNEr0BoowlrMy6kCd\nqMBaN6rJLGH3U8yeNFHttKN32AvfIak+PRM6kVmdh+VCRpJlrpbb1JmeDF22Z5RW\nqNVPvgV5meSHiK1y8YMMsQSXNf8h2vbDn4K2HMpWUTjtdlPnsComuFv/+Laykbb7\nhkPy2bPwZgDDpViHx1O7wRaQQhjaMD/Iaohh6ynpsEZe9asXUpXOA49McQBQxNGb\nEKguzPusnnjwtbXbfPKLQGqGm4x7wQkB0JbTUarL8Jw1wXlyaibOSOkaCXTqMiFx\nbO/9XIX0oWLiOQYj+vFr/TaTXA8HEdEswwTZrirYHK0zAYDcU3AcFKIqVjUWeMkr\nl+F2x62WJX7sDGE=\n=Yi2S\n-----END PGP PUBLIC KEY BLOCK-----" | gpg --dearmor | sudo tee /usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg > /dev/null ) || true'
Make sure to specify the location of the key within /etc/apt/sources.list.d/opsview.list. It should be placed between deb and the Opsview URL.
[signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg]
If these are not carried out, you may encounter the error: The following signatures couldn't be verified because the public key is not available.
Opsview Deploy Copied
Upgrading to a new version of Opsview Monitor will take you through the following steps, either automated or manually:
- Add the package repository for the new version of Opsview Monitor.
- Install the latest Opsview Deploy (
opsview-deploy) package. - Install the latest Opsview Python (
opsview-python3) package. - Re-run the installation playbooks to upgrade to the new version.
Once the upgrade has completed, all hosts managed by Opsview Deploy will have been upgraded to the latest version of Opsview Monitor.
Note
Running the curl commands will start the upgrade process. Only execute it when ready.
Automated Upgrade Copied
-
Configure the correct Opsview Monitor package repository and update
opsview-deployto the corresponding version by running the command.curl -sLo- https://deploy.opsview.com/6.x | sudo bash -s -- --only repository,bootstrapYou must replace 6.x with the correct version you want to upgrade to.
-
Validate if your system is ready for upgrading, and set up python on all systems (installing if needed) by running the command:
root:~# cd /opt/opsview/deploy root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/check-deploy.yml -
Continue to upgrade your system by running this command.
root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/setup-everything.yml
Once completed, you can proceed with the post-upgrade tasks.
Manual Upgrade Copied
Amend your Opsview repository configuration to point to the 6.10.x release.
RHEL and OL Copied
Check if the contents of /etc/yum.repos.d/opsview.repo matches the following, such as the version number specified within the baseurl line.
[opsview]
name = Opsview Monitor
baseurl = https://downloads.opsview.com/opsview-commercial/6.x/yum/rhel/$releasever/$basearch
enabled = yes
gpgkey = https://downloads.opsview.com/OPSVIEW-RPM-KEY-2024.asc
You must replace 6.x with the correct version you want to upgrade to.
Debian and Ubuntu Copied
Check if the contents of /etc/apt/sources.list.d/opsview.list matches the following, such as the version number specified within the URL. You should replace focal with your OS name (as per other files within the same directory).
deb [signed-by=/usr/share/keyrings/APT-GPG-KEY-Opsview-2024.gpg] https://downloads.opsview.com/opsview-commercial/6.x/apt focal main
Update Opsview Deploy Copied
Run the command for RHEL and OL:
yum makecache
yum install opsview-deploy
Run the command for Debian and Ubuntu:
apt-get update
apt-get install opsview-deploy
Pre-deployment checks Copied
Before running opsview-deploy, we recommend that you check the following list of items.
Manual checks Copied
| What | Where | Why |
|---|---|---|
| All YAML files follow correct YAML format | opsview_deploy.yml, user_*.yml |
Each YAML file is parsed each time opsview-deploy runs. |
| All hostnames are FQDNs | opsview_deploy.yml |
If Opsview Deploy cannot detect the host’s domain, the fallback domain opsview.local will be used instead. |
| SSH user and SSH port have been set on each host | opsview_deploy.yml |
If these aren’t specified, the default SSH client configuration will be used instead. |
Any host-specific vars are applied in the host’s vars in opsview_deploy.yml |
opsview_deploy.yml, user_*.yml |
Configuration in user_*.yml is applied to all hosts. |
| An IP address has been set on each host | opsview_deploy.yml |
If no IP address is specified, the deployment host will try to resolve each host every time. |
| All necessary ports are allowed on local and remote firewalls | All hosts | Opsview requires various ports for inter-process communication. See Ports. |
| If you have rehoming | user_upgrade_vars.yml |
Deploy now configures rehoming automatically. See Rehoming. |
| If you have Ignore IP in Authentication Cookie enabled | user_upgrade_vars.yml |
Ignore IP in Authentication Cookie is now controlled in Deploy. See Rehoming. |
| Webserver HTTP/HTTPS preference declared | user_vars.yml |
In Opsview 6, HTTPS is enabled by default, to enforce HTTP-only then you need to set opsview_webserver_use_ssl: False. See opsview-web-app. |
Example of opsview-deploy.yml:
---
orchestrator_hosts:
# Use an FQDN here
my-host.net.local:
# Ensure that an IP address is specified
ip: 10.2.0.1
# Set the remote user for SSH (if not default of 'root')
ssh_user: cloud-user
# Set the remote port for SSH (if not default of port 22)
ssh_port: 9022
# Additional host-specific vars
vars:
# Path to SSH private key
ansible_ssh_private_key_file: /path/to/ssh/private/key
Automated checks Copied
Opsview Deploy can also look for (and resolve some) issues automatically. Before executing setup-hosts.yml or setup-everything.yml, run the check-deploy.yml playbook. Starting with Opsview 6.6.x, this playbook will additionally set up Python on all systems used:
root:~# cd /opt/opsview/deploy
root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/check-deploy.yml
If any potential issues are detected, a required action recap will be added to the output when the play finishes.
| Check | Notes or Limitations | Severity |
|---|---|---|
| Deprecated variables | Checks for: opsview_domain, opsview_manage_etc_hosts | MEDIUM |
| Connectivity to EMS server | No automatic detection of EMS URL in opsview.conf overrides |
HIGH |
| Connectivity to Opsview repository | No automatic detection of overridden repository URL(s) | HIGH |
| Connectivity between remote hosts | Only includes LoadBalancer ports. Erlang distribution ports, for example, are not checked | MEDIUM |
| FIPS crypto enabled | Checks value of /proc/sys/crypto/fips_enabled |
HIGH |
| SELinux enabled | SELinux will be set to permissive mode later on in the process by setup-hosts.yml, if necessary |
LOW |
| Unexpected umask | Checks umask in /bin/bash for root and nobody users. Expects either 0022 or 0002 |
LOW |
| Unexpected STDOUT starting shells | Checks for any data on STDOUT when running /bin/bash -l |
LOW |
| Availability of SUDO | Checks whether Ansible can escalate permissions (using sudo) | HIGH |
When a check is failed, an action is generated. Each of these actions is formatted and displayed when the play finishes and at the end of the output, these are sorted by their severity.
The severity levels are:
| Severity | Description |
|---|---|
HIGH |
Will certainly prevent Opsview from installing or operating correctly. |
MEDIUM |
May prevent Opsview from installing or operating correctly. |
LOW |
Unlikely to cause issues but may contain useful information. |
By default, the check_deploy role will fail if any actions are generated with MEDIUM or HIGH severity. To modify this behaviour, set the following in user_vars.yml:
check_action_fail_severity: MEDIUM
The actions at this severity or higher will result in a failure at the end of the role.
The following example shows the two MEDIUM severity issues generated after executing check-deploy playbook.
REQUIRED ACTION RECAP **************************************************************************************************************************************************************************************************************************
[MEDIUM -> my-host] Deprecated variable: opsview_domain
| To set the host's domain, configure an FQDN in opsview_deploy.yml.
|
| For example:
|
| >> opsview-host.my-domain.com:
| >> ip: 1.2.3.4
|
| Alternatively, you can set the domain globally by adding opsview_host_domain to your user_*.yml:
|
| >> opsview_host_domain: my-domain.com
[MEDIUM -> my-host] Deprecated variable: opsview_manage_etc_hosts
| To configure /etc/hosts, add opsview_host_update_etc_hosts to your user_*.yml:
|
| >> opsview_host_update_etc_hosts: true
|
| The options are:
| - true Add all hosts to /etc/hosts
| - auto Add any hosts which cannot be resolved to /etc/hosts
| - false Do not update /etc/hosts
Thursday 21 February 2019 17:27:31 +0000 (0:00:01.060) 0:00:01.181 *****
===============================================================================
check_deploy : Check deprecated vars in user configuration ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 1.06s
check_deploy : Check for 'become: yes' -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 0.03s
*** [PLAYBOOK EXECUTION SUCCESS] **********
Run Opsview Deploy Copied
-
Run the command to validate if your system is ready for upgrading:
root:~# cd /opt/opsview/deploy root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/check-deploy.yml -
Run the command to continue with the upgrade:
root:/opt/opsview/deploy# ./bin/opsview-deploy lib/playbooks/setup-everything.yml