Downgrade PCE to Previous Version
This section describes how to roll back the PCE to a previous version in the event of a PCE upgrade failure or defect. You can downgrade to any currently supported PCE version; see Versions, Compatibility & Support Status on the Illumio Support site.
Downgrade the PCE
To downgrade to a previous PCE version, you will need the following files:
PCE software installation files for the older version. See Download the Software.
Database backups taken on the previous version. See "Database Backup" in the PCE Administration Guide.
Backup of the
runtime_env.ymlfile from the previous version. See "Back Up the PCE Runtime Environment File" in the PCE Administration Guide.
To downgrade the PCE, perform the following steps:
On all nodes in the cluster, stop the PCE:
sudo -u ilo-pce illumio-pce-ctl stop
On all nodes in the cluster, downgrade the installation by installing the older version of the PCE and UI.
RPM Installation:
sudo rpm -Uh --force illumio_pce_rpm illumio-pce-ui.rpm
For example:
sudo rpm -Uh --force illumio-pce-21.2.8-2.c6.x86_64.rpm illumio-pce-ui-21.2.8.UI1-1.x86_64.rpm
Warning
Be sure to install the corresponding UI RPM after installing the older PCE version.
Tarball Installation:
mv install_root_previous_release install_root
For example:
mv /opt/illumio-pce-previous-release /opt/illumio-pce
If you changed the
runtime_env.ymlfile, restore the previous version of the file:cp /etc/illumio-pce/runtime_env.yml-backup /etc/illumio-pce/runtime_env.yml
On all nodes in the cluster, reset the node:
sudo -u ilo-pce illumio-pce-ctl reset
On all nodes in the cluster, start the PCE at runlevel 1:
sudo -u ilo-pce illumio-pce-ctl start --runlevel 1
On all nodes in the cluster, verify the PCE status and runlevel:
sudo -u ilo-pce illumio-pce-ctl status -s -v -w sudo -u ilo-pce illumio-pce-ctl cluster-status -w
Set up the database. First, determine the primary database (on an SNC, you can skip this step, as there is only one possible node):
sudo -u ilo-pce illumio-pce-db-management show-primary
On the primary data node, run this command to set up the database:
sudo -u ilo-pce illumio-pce-db-management setup
Restore the PCE policy database. On one of the data nodes of the cluster (or in an SNC, on the single node), restore a known good backup:
sudo -u ilo-pce illumio-pce-db-management restore --file location_of_db_dump_fileFor example, if you are downgrading because of an unsuccessful upgrade attempt, restore the backup you took before doing the upgrade.
(On an SNC, you can skip this step.) Copy the restored Illumination data file to the other data node. The file is located in the following directory:
persistent_data_root/redis/redis_traffic_0_master.rdbMigrate the PCE database. On one of the data nodes in the cluster, migrate the database to the latest schema version:
sudo -u ilo-pce illumio-pce-db-management migrate
Restore the traffic database. Run this command on the same node where you took the traffic database backup:
sudo -u ilo-pce illumio-pce-db-management traffic restore --file /path/to/traffic_db_dump_fileThis command prompts you to return the PCE to runlevel 5. You can choose to go to runlevel 5 or not.
If you did not accept the change to runlevel 5 after restoring the traffic database, you can bring the PCE to runlevel 5, full operation, at any time using the following command:
sudo -u ilo-pce illumio-pce-ctl set-runlevel 5
Important
If you did not run the
illumio-pce-db-management migratecommand, you cannot bring the node up to runlevel 5 and you cannot start the other nodes in the cluster. If some of the nodes in the cluster are already running, they will shut down until you successfully migrate the database. If you attempt to start the upgraded PCE cluster without migrating the database, this error is displayed:sudo -u ilo-pce illumio-pce-ctl start Starting Illumio Runtime STARTING 20.96s $ $ Stopping PCE software: DB migrations mismatch for DB: avenger_executor_dev: Missing migrations.