Skip to main content

Illumio Core 23.5 Install, Configure, Upgrade

Upgrade the PCE

This section describes how to upgrade the PCE and its UI together. To upgrade the UI alone, see UI-Only Upgrade.

Note

You can upgrade your PCE operating system to RHEL 9 while also upgrading your PCE. See Upgrading to RHEL 9.

When upgrading the PCE and UI packages together, perform these high-level tasks:

  1. Verify that you have met all the Upgrade Prerequisites.

  2. Perform PCE installation planning and prerequisite steps if you have not already performed these tasks on the PCE. See Prepare for PCE Installation.

  3. Back up the PCE.

  4. Download the software.

  5. Stop the PCE.

  6. Install the new PCE and UI.

  7. Update the runtime environment file.

  8. Migrate the database.

  9. Set runlevel to 5.

  10. Verify successful upgrade.

Back Up the PCE

When you are upgrading from a previous PCE version, the first step is to back up your existing data.

Back Up PCE Data
Back up the PCE Runtime Environment File

Store a copy of each node's runtime_env.yml file on a system that is not part of the cluster or Supercluster. The default location of the PCE Runtime Environment File is /etc/illumio-pce/runtime_env.yml.

Download the Software

  1. Download the software from the Illumio Support portal (login required).

  2. On the core nodes only, copy the Illumio PCE UI RPM file to the /tmp folder. In the following steps, this file is referred to as illumio_ui_rpm.

  3. On all nodes in the cluster, copy the Illumio PCE software RPM file to the /tmp folder. In the following steps, this file is referred to as illumio_pce_rpm.

Stop the PCE

  1. On all nodes in the cluster, stop the PCE:

    sudo -u ilo-pce illumio-pce-ctl stop --wait

  2. On all nodes in the cluster, verify the PCE status is STOPPED:

    sudo -u ilo-pce illumio-pce-ctl status -sv --wait

Install the New PCE and UI

The packages to install depend on the type of PCE node:

  • Core nodes: Two packages, the PCE RPM and UI RPM.

  • Data nodes: One package, the PCE RPM.

  1. On each core node in the cluster, log in as root and install the PCE RPM and the UI RPM. Be sure to specify both of the RPM file names on the command line:

    rpm -Uvh illumio_pce_rpm illumio_ui_rpm

    For

    illumio_pce_rpm

    and

    illumio_ui_rpm

    , substitute the paths and filenames of the two RPM files you downloaded from the Illumio Support portal.

  2. On each data node in the cluster, log in as root and install the PCE RPM:

    rpm -Uvh illumio_pce_rpm

    For

    illumio_pce_rpm

    , substitute the path and filename of the software you downloaded from the Illumio Support portal.

  3. If your PCE also includes an installed NEN, run the following commands:

    rpm -e illumio_pce_nen --noscripts
rpm -Uvh illumio_pce_rpm --noscripts
rpm -Uvh illumio_nen_rpm

    For

    illumio_pce_rpm

    and

    illumio_nen_rpm

    , substitute the paths and filenames of the two RPM files you downloaded from the Illumio Support portal.

    Then use the following command to check the environment:

    sudo -u ilo-pce illumio-pce-ctl check-env

Update the Runtime Environment File

See "What's New and Changed in This Release" to determine if any changes to the PCE Runtime Environment File (runtime_env.yml) are required to upgrade.

Warning

The cluster_type runtime parameter must be set on all PCE nodes starting in PCE 21.5.0, except on a single node cluster (SNC). If you are upgrading from a version earlier than 21.5.0, be sure to set this parameter. For details about what value to use on each type of node, see Reference: PCE Runtime Parameters.

To make changes to the runtime environment configuration:

  1. On all nodes in the cluster, update the runtime_env.yml file.

  2. On all nodes in the cluster, check the validity of the runtime_env.yml file:

    sudo -u ilo-pce illumio-pce-ctl check-env

    If any issues are reported by this command, correct them before moving on to the next step.

Migrate the PCE Database

Ensure that you have upgraded all nodes in the cluster to the same version before you perform these steps. Otherwise, none of the nodes in your cluster will start.

  1. On all nodes in the cluster, start the PCE:

    sudo -u ilo-pce illumio-pce-ctl start --runlevel 1

  2. For some upgrades, you might be prompted to upgrade the database PostgreSQL software on one of the data nodes.

    At the prompt, enter yes to continue the upgrade.

    If you do not see this prompt, go to the next step.

    Upgrade needed. The agent database is currently running at postgres 
version 9.6 and needs to be upgraded to version 11.4
Upgrade needed. The traffic database is currently running at postgres 
version 9.6 and needs to be upgraded to version 11.4
The PCE software will now upgrade to a newer version of the postgres 
software from an older version.
You need to migrate the PCE database after this process has finished.
Prior to this upgrade, Illumio recommends you make a backup of the 
relevant data directories:
/var/illumio_pce_data/persistent
The upgrade must not be interrupted, otherwise the data might get 
corrupted and prevent the PCE from starting.
Do you wish to continue with the database upgrade. [yes/no]: yes
Proceeding with database upgrade.
Please wait until the system has reached runlevel 1.

  3. On all nodes in the cluster, verify the PCE status:

    sudo -u ilo-pce illumio-pce-ctl status -sv --wait

  4. Verify that the runlevel is 1:

    sudo -u ilo-pce illumio-pce-ctl get-runlevel

  5. On any node in the PCE cluster, migrate the database to the latest schema version:

    sudo -u ilo-pce illumio-pce-db-management migrate

Set Runlevel 5

Bring the PCE to runlevel 5, full operation:

sudo -u ilo-pce illumio-pce-ctl set-runlevel 5

Important

If you did not run the illumio-pce-db-management migrate command on the primary database, you cannot bring the node up to runlevel 5 and you cannot start the other nodes in the cluster. If some of the nodes in the cluster are already running, they will shut down until you successfully migrate the database. If you attempt to start the upgraded PCE cluster without migrating the database, this error is displayed:

sudo -u ilo-pce illumio-pce-ctl start
Starting Illumio Runtime STARTING 20.96s
$ 
$ Stopping PCE software: DB migrations mismatch for DB: 
avenger_executor_dev: Missing migrations.

Verify Success

Upgrading to RHEL 9

You can upgrade your PCE operating system to RHEL 9 while also upgrading your PCE. When upgrading from a previous operating system and previous PCE release, follow these recommended additional steps.

  1. Upgrade the PCE, using the steps outlined earlier in this topic.

  2. Take a backup of the upgraded PCE. Store the backup in a safe storage.

  3. Upgrade the operating system to RHEL 9.

  4. Install the same PCE version you upgraded to in step 1 on RHEL 9.

  5. Restore the backup that was made in step 2.

For details on steps 2 through 5, see "Upgrade the OS on a Running PCE" in the PCE Administration Guide.