Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Upgrading CPPM cluster with GUI tool

This thread has been viewed 2 times

  • 1.  Upgrading CPPM cluster with GUI tool

    Posted Mar 19, 2018 06:20 AM

    Hi,

    I'm just about to upgrade our production cluster with the GUI tool. Cluster has 6 nodes 

    clearpasm0 - master publsiher

    clearpass1 - auth subscriber (VM)

    clearpass2 - auth subscriber (VM)

    clearpass5 - auth subscriber ( Hware)

    cleasrpass7 - insight server ( VM)

    clearpass9 - auth server ( Hware)

     

    While upgrade of a 2 node cluster using this method "just worked" I'm a bit twitchy about just enabling all cluster nodes and saying "get on with it"

    so thought I'd do 

    clearpassm0, clearpass7 clearpass9 in a 1st pass and then do clearpasss 1,25, in a second one.

    Other than an upgrade taking so long that a subscriber loses connection to the cluster, anything that could go wrong with the above ?

     

    ... or dp I just select all nodes and "get on with it" ?

    Rgds

    Alex

     



  • 2.  RE: Upgrading CPPM cluster with GUI tool

    Posted Mar 19, 2018 08:28 AM

    Hi Alex

     

    2 hours passed - di you do it already? ;)

     

    Purpose of the GUI is to just do it, right? ;)

     

    If you do upgrade the master, and reboot it - you loose the option to upgrade the other subs through the Cluster Upgrade UI..

     

    If you're not sure, then do it the old fashioned way one by one.

     

    I had a problem upgrading a cluster using the cluster upgrade tool. Basically the Publisher took too much time rebooting so eventually the subscriber upgrade didn't complete and so it got stuck in a "upgrade" state. Had to bring in TAC to solve it.

     

    But still - I will do Cluster Update next time too, tho Upgrade (Major Version) I might not use Cluster Upgrade Tool..

     

    As a sidenote.. Problem was that upgrade to 6.7 changed the network adapters on the Pub so that MGMT was DATA and visa versa. Caused a bit of a headache to figure that out and change it back.



  • 3.  RE: Upgrading CPPM cluster with GUI tool

    Posted Mar 19, 2018 08:32 AM

    Hi,

    course, you have to check the mac address of the VM network interfaces on the server ...

    A



  • 4.  RE: Upgrading CPPM cluster with GUI tool

    Posted Mar 19, 2018 08:36 AM

    >I had a problem upgrading a cluster using the cluster upgrade tool. >Basically the Publisher took too much time rebooting so eventually the >subscriber upgrade didn't complete and so it got stuck in a "upgrade" state.

     

    Yeah! had that once. Initial version og GUI upgrade tool, told it to upgrade all the servers so it started with 1 then fixed period of time later moved onto the next one etc ... problem was it didn't check to see if the pervious one had completed .. sat there watching cppm servers vanish off the network one by one. Wasn't bad then as we could just revert to FreeRadius .. but now we've got shedloads of kit that needs clearpass there .

    At least I can have VM snapshots now and can alo reboot into older partitinos if something goes wrong



  • 5.  RE: Upgrading CPPM cluster with GUI tool

    Posted Mar 19, 2018 10:19 AM

    You mean this bit?

     

    If you are upgrading ClearPass from 6.5.x or 6.6.x to 6.7.0 on a VMware ESXi server, and only if the MAC address of Network adapter1 is higher than that of Network adapter2, additional steps are required after the upgrade. (#41698)

    After upgrading, follow the steps below in order for ClearPass to have network connectivity:

     

    1.

    After you upgrade to 6.7.0, log in to the console as appadmin and use the CLI command <system shutdown> to shut down the ClearPass server. This step must be done only through the console.

     

    2.

    After the command is executed, wait for the virtual appliance to shut down completely.

     

    3.

    Edit the ClearPass virtual appliance settings in the vSphere client and remove the two Ethernet adapters that are named Network adapter1 and Network adapter2.

     

    4.

    Add two new network adapters with the names Network adapter1 and Network adapter2 and of type Ethernet Adapter. Network adapter1 should be the management port connected to SwitchManagement, and Network adapter2 should be the data port connected to SwitchData.

     

    5.

    Save the new settings and start the ClearPass virtual appliance.

     

    6.

    Log in to the ClearPass console using the appadmin account, and then run the following CLI command to refresh the network settings:

    system refresh-network

            

     

    7.

    After the refresh command is executed, reboot the ClearPass virtual appliance to establish network connectivity.

     



  • 6.  RE: Upgrading CPPM cluster with GUI tool

    Posted Mar 19, 2018 10:43 AM

    o.k. Looking at the following condition when upgrading CPPm VMs in a cluster, our master publisher and 1 secondary neednetwork address "tweaked". How does that work when using the GUI tool?

    ========

     

    f you are upgrading ClearPass from 6.5.x or 6.6.x to 6.7.0 on a VMware ESXi server, and only if the MAC address of Network adapter1 is higher than that of Network adapter2, additional steps are required after the upgrade. (#41698)

    After upgrading, follow the steps below in order for ClearPass to have network connectivity:

     

    1.

    After you upgrade to 6.7.0, log in to the console as appadmin and use the CLI command <system shutdown> to shut down the ClearPass server. This step must be done only through the console.

     

    2.

    After the command is executed, wait for the virtual appliance to shut down completely.

     

    3.

    Edit the ClearPass virtual appliance settings in the vSphere client and remove the two Ethernet adapters that are named Network adapter1 and Network adapter2.

     

    4.

    Add two new network adapters with the names Network adapter1 and Network adapter2 and of type Ethernet Adapter. Network adapter1 should be the management port connected to SwitchManagement, and Network adapter2 should be the data port connected to SwitchData.

     

    5.

    Save the new settings and start the ClearPass virtual appliance.

     

    6.

    Log in to the ClearPass console using the appadmin account, and then run the following CLI command to refresh the network settings:

    system refresh-network

            

     

    7.

    After the refresh command is executed, reboot the ClearPass virtual appliance to establish network connectivity.