Eden Net Software Update Guide

EdenNet 21 FP 2106
EdenNet Software Update Guide

DN1000008332
Issue: 1-2
EdenNet Software Update Guide DN1000008332 1-2 Disclaimer
The information in this document applies solely to the hardware/software product (“Product”) specified herein, and only as specified herein.
This document is intended for use by Nokia' customers (“You”) only, and it may not be used except for the purposes defined in the agreement
between You and Nokia (“Agreement”) under which this document is distributed. No part of this document may be used, copied, reproduced,
modified or transmitted in any form or means without the prior written permission of Nokia. If you have not entered into an Agreement
applicable to the Product, or if that Agreement has expired or has been terminated, You may not use this document in any manner and You
are obliged to return it to Nokia and destroy or delete any copies thereof.
The document has been prepared to be used by professional and properly trained personnel, and You assume full responsibility when using
it. Nokia welcome Your comments as part of the process of continuous development and improvement of the documentation.
This document and its contents are provided as a convenience to You. Any information or statements concerning the suitability, capacity,
fitness for purpose or performance of the Product are given solely on an “as is” and “as available” basis in this document, and Nokia reserves
the right to change any such information and statements without notice. Nokia has made all reasonable efforts to ensure that the content of
this document is adequate and free of material errors and omissions, and Nokia will correct errors that You identify in this document. But,
Nokia' total liability for any errors in the document is strictly limited to the correction of such error(s). Nokia does not warrant that the use of
the software in the Product will be uninterrupted or error-free.
N O WA RRA NT Y O F AN Y KI ND , EI T HER EXPR ES S OR I M P L I E D , I N C L U D I N G B U T N O T L I M I T E D TO A N Y

WARR ANT Y OF AVA IL ABI LI T Y, AC CU RAC Y, R EL I A B I L IT Y, T I T L E , N O N - I N F R I N G E M E N T, M E R C H A N TA B I L I TY
OR F IT NE SS FO R A PA RT ICU LAR PU RPO SE, I S M A D E IN R E L AT I O N TO T H E C O N T E N T O F T H I S D O C U M E N T.
IN NO EVEN T WI L L NOK IA B E LI ABLE F OR AN Y DA M A G E S , I N C L U D I N G B U T N O T L I M I T E D TO S P E C I A L ,
D IRE CT, IN D IRECT, I NCI DE NTAL OR C ON SEQ UE N T IA L OR A N Y L O S S E S , S U C H A S B U T N O T L I M I T E D TO LO SS
OF PRO F IT, REVE NU E, B US IN ESS IN T ER RU PT I ON , B U S I NE S S O P P O RT U N I T Y O R D ATA T H AT M AY A R I S E
FRO M T HE USE O F TH IS DO CU M EN T O R T HE IN F OR M AT IO N I N I T, E V E N I N T H E C A S E O F E R R O R S I N O R
OM IS SI O NS FRO M T HI S DOC UM EN T O R IT S CO NT E N T.
This document is Nokia’ proprietary and confidential information, which may not be distributed or disclosed to any third parties without the
prior written consent of Nokia.
Nokia is a registered trademark of Nokia Corporation. Other product names mentioned in this document may be trademarks of their
respective owners, and they are mentioned for identification purposes only.
Copyright © 2021 Nokia. All rights reserved.
Important Notice on Product Safety

This product may present safety risks due to laser, electricity, heat, and other sources of danger.
Only trained and qualified personnel may install, operate, maintain or otherwise handle this product and only after having carefully read the
safety information applicable to this product.
The safety information is provided in the Safety Information section in the “Legal, Safety and Environmental Information” part of this
document or documentation set.
Nokia is continually striving to reduce the adverse environmental effects of its products and services. We would like to encourage you
as our customers and users to join us in working towards a cleaner, safer environment. Please recycle product packaging and follow the
recommendations for power use and proper disposal of our products and their components.
If you should have questions regarding our Environmental Policy or any of the environmental services we offer, please contact us at Nokia for
any additional information.
EdenNet Software Update Guide DN1000008332 1-2 Table of Contents
Contents
1 Summary of changes...................................................................................................................................... 4
2 Software update overview.............................................................................................................................. 8
3 Software update prerequisites....................................................................................................................... 9

3.1 Backing up of configuration files under Central VM............................................................................... 10
3.2 Ensuring all the customized equations are the same after the software update.................................... 10
4 Configuring inventory file.............................................................................................................................12
5 Updating the software...................................................................................................................................13
6 Verifying the software update...................................................................................................................... 16
7 Troubleshooting............................................................................................................................................. 17
7.1 Software update failure as Apps are not started within the stipulated time............................................17
7.2 GUI is unresponsive when accessed from an external IP address........................................................ 17
7.2.1 Add IP addresses to nginx configuration....................................................................................... 18
7.3 Rollback failure at task........................................................................................................................... 19
7.4 Software update failure as SON App Manager API is down..................................................................19
8 Appendices.....................................................................................................................................................20
8.1 Appendix A: Automation of pre-update tasks......................................................................................... 20
8.2 Appendix B: Automation of backup tasks...............................................................................................22
8.3 Appendix C: Automation of post-update tasks....................................................................................... 23
8.4 Appendix D: Backup, pre and post-update report description................................................................25
8.5 Appendix E: Rollback the software update.............................................................................................29
8.5.1 Rolling back for APP Nodes...........................................................................................................29
8.5.2 Rolling back DB changes............................................................................................................... 29
8.5.2.1 Restoring the database snapshot using the MySQL Enterprise backup................................30
8.5.2.2 Restoring the Database virtual machine (DB VM) using AVE............................................... 30
8.5.3 Rollback support............................................................................................................................. 34
8.5.4 Rollback limitations......................................................................................................................... 34
8.6 Appendix F: Rollback after a successful update.................................................................................... 34
8.7 Appendix G: Generating the sudoers file............................................................................................... 35
8.8 Appendix H: Copying the sudoers file to the target servers using ansible............................................. 36
8.9 Appendix I: Setup the control server sudoers for non-root user.............................................................36
8.10 Appendix J: Manually adding more nodes to the existing setup.......................................................... 37
EdenNet 21 FP 2106 © 2021 Nokia 3

EdenNet Software Update Guide DN1000008332 1-2 Summary of changes
1 Summary of changes
Release Description
EdenNet 21 FP 2106 No change.
EdenNet 21 FP 2105 Updated sections:
• Software update prerequisites is updated with an additional point.
EdenNet 21 FP 2103 Updated sections:
• Configuring inventory file

• Updating the software
• Appendix A: Automation of pre-update tasks
• Appendix B: Automation of backup tasks
• Appendix C: Automation of post-update tasks
EdenNet 21 No change.
EdenNet 20 FP 2009 Added section:
• Software update failure as SON App Manager API is down
EdenNet 20 FP 2008 Updated section:
EdenNet 20 FP 2007 Added section:
• Appendix J: Manually adding more nodes to the existing setup
Updated sections:
• Appendix C: Automation of post-update tasks

• Appendix D: Backup, pre and post-update report description
Deleted section:
• Appendix J: Importing certificates to Automatic Site Creation from Net-

Act
EdenNet 19A FP 2004 Added sections:

Release Description
• Appendix J: Importing certificates to Automatic Site Creation from Net-
Act
• Restoring the database snapshot using the MySQL Enterprise backup
• Restoring the Database virtual machine (DB VM) using AVE
• Rolling back for APP Nodes
Updated sections:
• Software update prerequisites

• Rolling back DB changes
• Appendix E: Rollback the software update
EdenNet 19A FP 2003 Added section:
• Appendix I: Setup the control server sudoers for non-root user
Updated sections:

• Appendix A: Automation of pre-update tasks
• Appendix B: Automation of backup tasks
EdenNet 19A FP 2002 Updated section:
• Rollback support
EdenNet 19A FP 2001 Updated section:
Deleted section:
• Appendix I: Steps for insufficient space in /tmp partition
EdenNet 19A FP 1912 Added sections:
• Installation of the configuration file (Inventory File)

• Rollback failure at task
• Appendix G: Generating the sudoers file
• Appendix H: Copying the sudoers file to the target servers using ansi-
ble
• Appendix I: Steps for insufficient space in /tmp partition
Updated section:

Release Description
EdenNet 19A FP 1911 Updated sections:
• Updated with <installation_user> information in:
– Software update prerequisites

– Updating the software
– Verifying the software update
– Add IP addresses to nginx configuration
– Appendix E: Rollback the software update
• Updated automation script commands for 8VM configuration in:
– Appendix A: Automation of pre-update tasks

– Appendix B: Automation of backup tasks
– Appendix C: Automation of post-update tasks
• Appendix F: Rollback after a successful update - updated commands
for vson/custom user login
Deleted section:
• Appendix E: Updating the Ansible version
EdenNet 19A No change.
EdenNet 19 FP 1907 Added sections:
• GUI is unresponsive when accessed from an external IP address

• Add IP addresses to nginx configuration
• Updating the software - updated the note with secure storage informa-
tion
• Updating the software - updated note information
EdenNet 18 SP1 1901 Updated section:
• Updating the software and Appendix E: Rollback the software update -

added an export command
EdenNet 18 SP1 1812 Added section:

Release Description
• Troubleshooting - Software update failure as Apps are not started with-
in the stipulated time
EdenNet 18 SP1 1811 This is a new document which describes the procedures to be performed to
update the EdenNet software.

EdenNet Software Update Guide DN1000008332 1-2 Software update overview
2 Software update overview
This document describes the tasks to be performed to update the software in an existing EdenNet in-
stance. An outline of the update process is:
1. Obtaining the software update archive and placing it in the control server.
2. Editing the inventory file.
3. Starting the ansible playbook in the control server.
4. Ansible execution of the software update steps in the target EdenNet instance using SSH.
5. Verifying the software update installation.
Note: The user which triggers the EdenNet installation is referred to as an

<installation_user> (can be root or non-root user). The software update is supported
only on the same <installation_user>.

EdenNet Software Update Guide DN1000008332 1-2 Software update prerequisites
3 Software update prerequisites
Before starting the software update process, ensure that the following prerequisites are met:
• An instance of EdenNet 20 or higher must be deployed.
• Inventory file for the previous EdenNet instance must be available in the control server.
• It is recommended to update the Selfmon node if the Selfmon is installed during EdenNet 20 in-
stallation.
If Selfmon installation or update is required, set the selfmon_enabled = True and uncomment
all the other Selfmon related parameters in the inventory file by filling valid details.
• Sufficient storage space must be available for the software update archive (minimum 1GB must be
free) in the control server.
• Minor software update archive must be downloaded and be available in the control server.
• Ansible 2.3.2 must be installed on the control server.
• Backup of the DB nodes available.
– For information on DB snapshot using MySQL Enterprise backup, see Mounting of external
disk for taking backup of MySQL section in the EdenNet Backup and Restore document.
– An online backup of the database can be taken while the database is running. This is the usu-
al way to take a backup of the database. Online database backup mode can be configured
to full with compression. To do the database backup operation in the required database VMs,
see Taking a full online backup of the database section in the EdenNet Backup and Restore
document.
OR
– For information on DB VM backup using AVE (Avamar Virtual Edition), see Backups of virtual
machines section in the EdenNet Backup and Restore document.
• Backup of configuration files under Central VM must be performed. For backup procedure, see
Backing up of configuration files under Central VM.
• Ensure all the customized equations are the same after the software update. for more information,
see Ensuring all the customized equations are the same after the software update.
• Check the system configurations and verify that the prerequisites are met before upgrading Eden-
Net. For more information see, Appendix A: Automation of pre-update tasks.
• Backup the global module configurations, LMS files, and other configurations to the control server.
For more information see, Appendix B: Automation of backup tasks.

• If there are any modules deprecated in the release, then the respective schedules for such mod-
ules must be deleted and the active instances must be stopped.
• For more information on errata installation, see EdenNet Errata installation guide.
• If the user wants to execute the system acceptance test cases, see SAT Automation Deployment
and Execution Manual.
• If the operator is using Automated Site Creation (ASC) and one or more NetActs are integrated to
ASC, then the RESTful Web Service Data Access API (RESTDA) must be enabled on each Net-
Act to monitor alarms in ASC.
3.1 Backing up of configuration files under Central VM

To back up the configuration files under Central VM , do the following.
1. Log in to Central VM as a root user.
2. Back up the existing keycloak configuration file by entering:
# cp -f /opt/keycloak/standalone/configuration/standalone.xml /home/
vson/standalone.xml.bkp
3. Take a backup of the existing kong configuration file by entering:
# cp -f /etc/kong/kong.conf /home/vson/kong.conf.bkp
Expected outcome
The configuration files are backed up under Central VM.
3.2 Ensuring all the customized equations are the same after the
software update
To ensure all the customized equations are the same after the software update, do the following.
1. Log in to the Central VM and KPI supplier nodes as a vson user and search for the latest
kpi_equations folder by entering:
# sudo -i -u vson
# find /home/vson/ -type d -name kpi_equations
2. Take a back up of this entire folder by entering:
# mkdir -p /var/tmp/kpi_equations_backup
# cp -R <path to kpi equations folder> /var/tmp/kpi_equations_backup/

Note: kpi_equations folder must contain the following files:
• Equations.txt
• known_pegs.json
• metadata.json
• peg_aliases.json
As a part of the EdenNet installation, kpi_equations folder is available at the default path /
tmp/config/framework/service/regionService/files/ on App VM (2VM configuration)
and Central VM (5VM/8VM configuration). If the custom KPIs are located at any other path/VM, it
is required to take a back up from the specific path/VM to the kpi_equations_backup folder.

EdenNet Software Update Guide DN1000008332 1-2 Configuring inventory file
4 Configuring inventory file
There are three inventory parameters introduced for Fault Management (FM) service:
• If already integrated before update, the flag to retain integration of FM service:

is_fm_integrated=False.
– If set to True, it re-integrates FM service with EdenNet.

– If set to False, it does not re-integrate FM Service with EdenNet
• FM Service App IP Address: fm_app_ip=<fm_app_ip>
• FM Service App port: fmaccess_app_port=9401. If not explicitly changed during FM service in-
stallation, the default value is set as 9401.
Note: fm_app_ip and fmaccess_app_port are mandatory parameters when

is_fm_integrated is set to True.

EdenNet Software Update Guide DN1000008332 1-2 Updating the software
5 Updating the software

This section describes the procedure to update the EdenNet software.
1. Run the following command to enter the maintenance mode as a vson user in the GUI server
(5VM configuration) or in the App server (2VM configuration):
# enterMaintenanceMode
Note: When the system enters the maintenance mode, all the running or idle modules
will be stopped automatically.
Check if the maintenance mode is enabled by running the following command:
# showMaintenanceMode
For example,
System in maintenance mode
2. Log in to the control server as an <installation_user>.
3. Take a backup of the existing inventory file from the previous EdenNet installer.
Note: The inventory file will be available at <directory of the Control server>/
installer/ansible_files/
4. Extract the software update archive by entering:
# tar -xzvf <Software update archive name>.tar.gz
This operation will create a new installer folder in the current directory.
Note: Ensure that the previous directory does not exist before this action.
5. If the <installation_user> is a non-root user, see Appendix I: Setup the control server
sudoers for non-root user before proceeding
6. Navigate to the ansible_files in the extracted directory as:
# cd <directory of the Control server>installer/ansible_files
7. Update the existing variables and IPs in the new inventory file located at <directory of the
Control server>/installer/ansible_files/ by referring to the backed up inventory file
from step 3.

Note:
• Ensure that you do not copy the content from the old inventory file directly.
• Ensure that force_install, cluster_upgrade, and
force_regenerate_certs variables are set to False in the inventory file.
• If the configuration involves multiple IPs for any node’s interface, the first IP address
given in the inventory file for that node, must be the same as that in /etc/hosts
from the same node. This is required to ensure that nginx, redis, and ldap
services bind to the correct IP address. This check is needed only if any node in the
system has multiple IP interfaces.
• The enable_audit_logging_and_hardening=True/False parameter does
not have any impact on the software update.
CAUTION!
uid_offset value for an EdenNet instance in an operator's network should not be

changed during the preparation of the inventory file for the upgrade.
If uid_offset is not configured in the inventory file of previous installation, then configure
the value as uid_offset=0.
8. If the installation user is a non-root user, see Appendix G: Generating the sudoers file
before proceeding.
9. Enter the following commands in the control server:
# export LD_LIBRARY_PATH=/usr/local/lib
# export ANSIBLE_CONFIG=<path where installer is extracted>/installer/

ansible_files/ansible.cfg
# sh installMonthlyRelease <path of directory to create logfiles>

<inventory_file>
Note:
• Here <path of directory to create logfiles> is the directory where the

user would want the log files to be generated.
• Custom KPIs will be lost after the software update and are required to be manually
added after software update.
• After the software update, the log file
monthly_release_upgrade_on_<software release
version>_<timestamp>.log will be available at <path of directory to
create logfiles>.
10. To exit the maintenance mode as a vson user in the GUI server (5VM configuration) or the App
server (2VM configuration), enter:

# sudo -i -u vson
# exitMaintenanceMode
Note: When the system exits from maintenance mode, all the iterative modules which
were running or idle before entering the maintenance mode and had completed one it-
eration start automatically. Modules may not abide by the trigger rule (set before the up-
grade) for the next iteration. Non-iterative modules that were stopped, won't start auto-
matically.
To check if the maintenance mode is disabled, enter:
For example,
System not in maintenance mode

EdenNet Software Update Guide DN1000008332 1-2 Verifying the software update
6 Verifying the software update

This section describes the procedure to verify the software update.
2. Refer Appendix C: Automation of post-update tasks to perfom post upgrade verification.
Note:
• EdenNet software update is successful if all the listed services are Active.
• If the EdenNet software update is unsuccessful:
• If rollback of the previous installation is desired, see Appendix E: Rollback the

software update section.
• Otherwise, re-run the software update, after a fix for the failure is provided.
• After a successful software update, if the user wants to execute the system
acceptance test cases, see SAT Automation Deployment and Execution Manual.

EdenNet Software Update Guide DN1000008332 1-2 Troubleshooting
7 Troubleshooting
This section describes the error scenarios that might occur during the EdenNet software update and
how they can be resolved.
7.1 Software update failure as Apps are not started within the stipulated
time
Problem:
The EdenNet software update failed at task: launch.enet : Restart enet applications
Cause:
A few apps are not started within the stipulated time.
Solution:
The EdenNet software update must be re-triggered by entering the following command:

<inventory_file>
7.2 GUI is unresponsive when accessed from an external IP address

Problem:
The GUI is not reachable from external IP addresses but is accessible from internal IP addresses.
Possible cause:
It might be because of a security enhancement introduced in EdenNet 1904 release.
Solution:
With this feature, nginx service running on GUI VM is bound to listen to specific IP addresses. This is
done as part of a security enhancement. Disabling services on interfaces which do not require system
accessibility or by limiting the reachability greatly reduces the potential vulnerabilities offered to an
attacker.
To bind nginx to specific interfaces, the following default configurations must be included in the
gui.conf file located at /home/vson/enet/etc/nginx/conf.d/servers/gui.conf as:
server {
listen <GUI_SERVER_IP>:80 default_server;
listen <GUI_SERVER_IP>:443 default_server ssl;

....
}
Here, the <GUI_SERVER_IP> is the IP address of the GUI VM as mentioned in the inventory file.
If the customer has multiple IP addresses configured on the GUI VM, and the GUI is accessible only
from a limited set of internal IP addresses, it might be due to this service binding. It is recommended to
keep this configuration unchanged.
However, if the customer needs to access the GUI from external IP addresses, and the GUI VM has
multiple IP addresses configured, other IP addresses must be added to the nginx configuration. For
more information, see Add IP addresses to nginx configuration .
7.2.1 Add IP addresses to nginx configuration

To add other IP addresses to the nginx configuration, do the following:
1. Log in to the GUI VM as an <installation_user>.
2. Check if multiple IP addresses are configured by entering:
ifconfig
Note: If the ifconfig command shows only the <GUI_SERVER_IP> as the

configured IP address in GUI VM, then the issue observed is not related to this security
enhancement.
3. If the ifconfig command shows more than one IP address, update the configuration in the
gui.conf file located at /home/vson/enet/etc/nginx/conf.d/servers/gui.conf to
include other IP addresses as:
server {
listen <GUI_SERVER_IP>:80 default_server;
listen <GUI_SERVER_IP>:443 default_server ssl;
listen <customer_public_ip_1>:443 default_server ssl;
listen <customer_public_ip_2>:443 default_server ssl;
....
}
Here, the customer_public_ip_1 and customer_public_ip_2 are appearing as the output

of ifconfig command (other than <GUI_SERVER_IP>).
Note: It is recommended to expose public IP addresses over port 443 only. (If required,
similar lines can be added for port 80.)
4. Save the changes in gui.conf file and enter the following command:

sudo systemctl restart enet
5. Check if the GUI is accessible from an external IP address.
7.3 Rollback failure at task

Problem:
The EdenNet software Rollback failed at task: Enable the OSS interface.
Cause:
It results in a http error and the Rollback procedure fails.
Solution:
The EdenNet software Rollback procedure must be re-triggered.
7.4 Software update failure as SON App Manager API is down

Problem:
The EdenNet software update fails at task: launch.enet : Install SON modules
Cause:
SON App Manager or SON App Manager API is down when module is being imported from SON Mod-
ule Manager component.
Solution:
The EdenNet software update must be re-triggered by entering the following command:

<inventory_file>

EdenNet Software Update Guide DN1000008332 1-2 Appendices
8 Appendices
8.1 Appendix A: Automation of pre-update tasks

The automated procedure performs the listed tasks before the EdenNet software update:
• Resource verification if the usage is above max_resource_usage_threshold and alerts the

user if the resource usage exceeds the threshold
• Check the RAM usage
• Check the current timestamp
• Display the licenses expiring after license_expiry_time (Upgrade Only)
• Check network_config
• Verify the onboot check
• Check the enet version
• Display the user account details
• Display the OSS access details
• Check the NSS version on CENTRAL_VM_DB_SERVERS and CENTRAL_VM_SERVERS
• Check the Java version used by vson
• Check the OPENSSL version on GUI_SERVERS
• Check for generic errors
• Check for user provided errors
The user should provide the following parameters in the [all:vars] section of the respective
2VM/5VM/8VM inventory file.
Table 1: Pre-update task execution parameters describes all the pre-update task execution parame-
ters.
Name Description
max_resource_usage_threshold Maximum threshold for disk and memory usage

in percentage (%) for the VMs. If any of the VM's
disk or memory usage exceeds the configured
value, the following log message will be printed:
Alert Critical! RAM utilization above <max_re-

source_usage_threshold> for the target <VM
IP>
license_expiry_time Number of days until license expires for all mod-

ules.

Name Description
It is used to report if any of the module licenses

will expire after the mentioned license_
expiry_time.
For example,
LicenseName GSM Energy Saving

Management LTU
SerialNumber 0411118164609
FileName O1801234.XML
LicenseMode CAPACITY
LicenseType NE
LicenseCode OSSW7476
ExpiryDays 5
TargetId 12345678
TargetType ISON
CustomerId 123456
CustomerName NSN Testing
Table 1: Pre-update task execution parameters
To check for certain error strings in the log files on the target servers, the following code snippet
must be updated at ../installer/ansible_files/roles/perform-pre-checks/vars/
main.yml to automate the process.
Snippet:
- name: <Group of Hosts where the logs are present>

log_path: <Path to the log file>
genreic_regex: <The string to match and search for>
For example,
- name: CENTRAL_VM_SERVERS
log_path: /home/vson/log/enet/appManager.log
genreic_regex: Traceback (most recent call last)
This content is in YAML format. User can add further Groups, log paths, and generic regex to search.
If the regex matches, the respective string will be printed in the ansible logs and the pre-update CSV
report as:
User provided error > <<genreic_regex>> found in <<log_path>> of <<name>>
Note:
• Ensure that the <installation user> has privileges to

<path_for_automated_reports_on_control_server> directory.

• Ensure that force_install is set to False, force_regenerate_certs is set to

False, and cluster_upgrade is set to True in the inventory file.
To trigger the automated script, the following command must be executed as an

<installation_user> on the control server:
• For 2VM configuration:
# ANSIBLE_STDOUT_CALLBACK=skippy ANSIBLE_LOG_PATH="<log_directory>/
ansible_precheck_$(date +%Y_%m_%d_%H_%M_%S).log" ansible-playbook
automate_upgrade.yml --tags "perform_pre_check" -i inventoryfile.2VM
# ANSIBLE_STDOUT_CALLBACK=skippy ANSIBLE_LOG_PATH="<log_directory>/
ansible_precheck_$(date +%Y_%m_%d_%H_%M_%S).log" ansible-playbook
automate_upgrade.yml --tags "perform_pre_check" -i inventoryfile.5VM
ANSIBLE_STDOUT_CALLBACK=skippy ANSIBLE_LOG_PATH="/ ansible_precheck_

$(date +%Y_%m_%d_%H_%M_%S).log" ansible-playbook automate_upgrade.yml --
tags "perform_pre_check" -i inventoryfile.8VM
Note:
• The logs are present at <log_directory>/ansible_precheck trailing with the

latest timestamp.
• A CSV file report PRE_CHECK_REPORT_<timestamp>.csv will be available at
<path_for_automated_reports_on_control_server>/precheck_report.
These files contain details of the execution. Review this report before proceeding with
EdenNet software upgrade. For a detailed explanation of the pre-upgrade tasks reports,
see Appendix D: Backup, pre and post-update report description.
8.2 Appendix B: Automation of backup tasks

The automated procedure performs the automation of backup tasks which were earlier done manually
by the user before EdenNet software update.
The automated tasks are:
• Back up the module global configuration INI and LMS files

• Get the CM cache schedules (only for direct integration)
• Get the PM data collection count
• Get the e-mail configuration
• Get the enet status of App servers
• Get the enet version

• Get the licenses expiring after license_expiry_time

• Fetch the SON Exclusion, Blacklist, and Whitelist details
Note:


ANSIBLE_LOG_PATH="<log_directory>/ansible_backup_$(date +%Y_%m_
%d_%H_%M_%S).log" ansible-playbook automate_upgrade.yml --tags
"perform_back_up_of_user_files" -i inventoryfile.2VM
ANSIBLE_LOG_PATH="<log_directory>/ansible_backup_$(date +%Y_%m_
ANSIBLE_LOG_PATH="/ansible_backup_$(date +%Y_%m_ %d_%H_

%M_%S).log" ansible-playbook automate_upgrade.yml --tags
After the command is executed, the backed up module global configuration INI and LMS files will be
available on the control server at <path_for_automated_reports_on_control_server>/
backup_of_user_files.
The report containing the mail server configuration, CM schedules, and PM schedule counts will be
available on the control server at <path_for_automated_reports_on_control_server>/
backup_of_user_report.
Note:
• The log file ansible_backup_<timestamp>.log at <log_directory> con-

tains the detailed logs of the execution. For a detailed explanation of the reports
generated at <path_for_automated_reports_on_control_server>/
backup_of_user_report, see Appendix D: Backup, pre and post-update report de-
scription.

8.3 Appendix C: Automation of post-update tasks

The script performs the automation of post-upgrade tasks which were earlier manually done by the
user after EdenNet software update.
The automated tasks are:
• Get CM cache schedules (only for direct integration)

• Get PM data collection count
• Get the e-mail configuration
• Get the user account details
• Get the OSS access details
• Fetch the SON Exclusion, Blacklist, and Whitelist details
• Get the enet version
• Get the licenses close to expiration
• Get the enet status of App servers
The user should update the following parameter in the [all:vars] section of the respective
2VM/5VM/8VM inventory file.
Table 2: Post update parameters describes all the post upgrade parameters.
Name Value
license_expiry_time Number of days until license expires for all mod-

ules.
It is used to report if any of the module licenses

will expire after the mentioned license_
expiry_time.
For example,
For the given license_expiry_time= 5,
LicenseName GSM Energy Saving

Management LTU
SerialNumber 0411118164609
FileName O1801234.XML
LicenseMode CAPACITY
LicenseType NE
LicenseCode OSSW7476
ExpiryDays 5
TargetId 12345678
TargetType ISON
CustomerId 123456
CustomerName NSN Testing

Table 2: Post update parameters
Note:


ANSIBLE_LOG_PATH="<log_directory>/ansible_post_eden_upgrade_$(date +
%Y_%m_%d_%H_%M_%S).log" ansible-playbook automate_upgrade.yml --tags
"post_upgrade" -i inventoryfile.2VM --extra-vars "selfmon_enabled=False
license_expiry_time=<number_of_days_until_license_expires>"
ANSIBLE_LOG_PATH="<log_directory>/ansible_post_eden_upgrade_$(date +
%Y_%m_%d_%H_%M_%S).log" ansible-playbook automate_upgrade.yml --tags
ANSIBLE_LOG_PATH="/ansible_post_eden_upgrade_$(date + %Y_%m_
After the command is executed, a report containing the mail server configuration,
CM schedules, and PM schedule counts will be available on the control server at
<path_for_automated_reports_on_control_server>/post_upgrade_reports.
Note: A log file ansible_post_eden_upgrade_<timestamp>.log

will be available at <log_directory> which will contain the detailed logs
of the execution. For a detailed explanation of the reports generated at
<path_for_automated_reports_on_control_server>/post_upgrade_reports
see, Appendix D: Backup, pre and post-update report description.
8.4 Appendix D: Backup, pre and post-update report description

Pre-update report:
A CSV file named PRE_CHECK_REPORT_<timestamp>.csv will be available at

<path_for_automated_reports_on_control_server>/precheck_report which contains

the details of the execution as described in Table 3: Pre-update CSV file values. This generated CSV
report contains all the relevant details of each target server which is listed under the target hostname.
Value Description
Hostname Hostname of the target server
Operating System Type Operating system of the target server
Current Time Current timestamp of target server, when the au-

tomation was triggered
OS Name Operating system name of the target server
OS Version Operating system version of the target server
Architecture Architecture of the target server
Kernel Release Current active kernel on the target server
Internal IP Internal IP of the target server
Name Servers DNS of the target server
Onboot Check Status Checks if the ethernet interface is activated at boot

time or not
Total RAM Total RAM of the target server
Total RAM Used Total RAM used by the target server
Total RAM Free Total RAM free in the target server
Total Shared RAM Memory used by the tmpfs file system in the target
server
Total Cache memory Total cache memory of the target server
Total SWAP Total SWAP memory of the target server
Total SWAP used Total used SWAP memory in the target server
Total SWAP free Total free SWAP memory in the target server
Load Average Average system load of the target server calculated

over 15 minutes
System Uptime Days/(HH:MM) Time for which the target server has been active
Java version check Checks whether the JAVA version is higher than 2 on
the App servers
OpenSSL version check Checks whether the OpenSSL version is higher than
1.0.1e on the GUI Server
NSS Version check status on Central DB VM Checks whether the NSS version is higher than 3.20
on Central DB VM

Value Description
NSS Version check status on Central APP Checks whether the NSS version is higher than 3.20
VM on Central APP VM
Table 3: Pre-update CSV file values
Table 4: Optional pre-update CSV file values describes the optional values for pre-update reports
which is available only when their respective condition is satisfied.
Value Condition for availability
Disk usage summary for /var This is available when the /var directory has
less than 5 GB available in the target server.
Generic error search status This is available when there are user provided
errors in the ../installer/ansible_files/
roles/perform-pre-checks/vars/main.
yml file.
This returns a positive match in the respective

target server.
Disk usage summary for user provided threshold This is available when any of the drive partitions
exceed the user allocated max_resource_us-
age_threshold.
Disk usage summary for /home This is available when the /home directory has
less than 2.5GB available in the target server.
Disk usage summary for site_packages_tmp_ This is available when the site_packages_
dir provided in the inventory file tmp_dir has less than 7GB available in the tar-
get server.
Table 4: Optional pre-update CSV file values
Backup and Post-update report:
Table 5: Backup and post-upgrade report sheets describes the back up and post update reports that
are generated as an excel file with different sheets containing information as follows.
Sheet name Description
Enet Status This is an individual sheet named as the hostname followed by

the string 'Enet Status' to report the status of all the applications
running on a respective host.
There will be one sheet for every available EdenNet App server.
It consists of two columns the Application name running on the
host and its status (ACTIVE or INACTIVE or FAILED).

Son Exclusion List This reports cell labels and cluster names that were SON exclud-
ed.
It consists of two columns:
• SON Excluded Cluster Names

• SON Excluded Cells
Email Configuration This reports the different settings of the configured email service.
{Region}_15min This is generated for every region integrated to EdenNet.
It provides the first 60 data collection counts and consists of two

columns:
• count - PM data collection count

• timestamp - timestamp for which counts have been aggregat-
ed
User Accounts This provides all the details of the LDAP user accounts config-
ured in EdenNet.
Oss Access Data This provides details regarding OSS which are integrated to
EdenNet and the current status of OSS (Enabled or Disabled).
Expiring License Data This lists out all the licenses which are about to expire in a fixed
amount of days provided by user.
The configuration parameter license_expiry_time under the

section [all:vars] in the inventory file is used to specify the
fixed amount of days.
Enet Version This contains information about the current EdenNet version
available along with its the build details.
CM Schedules This contains CM data intervals schedules. This sheet is generat-

ed only for direct integration.
It consists of the following columns:
• MO Class-The type of managed object scheduled

• Schedule Time- Time at which managed object was sched-
uled for export
• Update Time- Time at which managed object was last updat-
ed
• Failure Time- Time at which schedule of managed object last
failed.


• OSS Name- Name of the OSS from which the managed ob-
ject was exported.
Table 5: Backup and post-upgrade report sheets
8.5 Appendix E: Rollback the software update

Rolling back a software update will roll back the software to the immediate previous version. For
example, considering there are three releases, such as Release x -> Release x1 -> Release x2 ->
Release x3. If the user decides to roll back from Release x3, then the system will roll back to Release
x2.
8.5.1 Rolling back for APP Nodes

This section describes the procedure for rolling back the software update for APP nodes.
2. Navigate to the <directory of the Control server>/installer/ansible_files

directory.
3. Enter the following command:
# export LD_LIBRARY_PATH=/usr/local/lib
# export ANSIBLE_CONFIG=<path where installer is extracted>/installer/

ansible_files/ansible.cfg
4. Trigger the rollback by entering:
# sh rollbackMonthlyRelease <path of directory to create logfiles>

<inventory_file>
Note:
• The <path of directory to create logfiles> is the directory where the

user wants the log files to be generated.
• After the rollback, the monthly_release_rollback_from_<software
release version>_<time_stamp>.log log file is present in the <path of
directory to create logfiles> directory.
WARNING! Do not re-attempt the EdenNet software update unless the rollback is
successful.

8.5.2 Rolling back DB changes

This section describes the procedure for rolling back the DB changes. Based on the method used for taking DB backup, DB
changes are restored.
Note: This procedure is required and supported only for Central DB, GUI DB, and KPI DBs.
Any reference to the DB nodes provided in the following section is for Central DB, GUI DB,
and KPI DB nodes.
8.5.2.1 Restoring the database snapshot using the MySQL Enterprise backup
This section describes the procedure for restoring the database snapshot using the MySQL Enterprise backup.
1. Restore the MySQL database by following the instructions in Restoring the database from backups
section in the EdenNet Backup and Restore document.
2. Log in to Central VM as root user.
3. Stop the keycloak service by entering:
# systemctl stop keycloak
4. Navigate to the keycloak configuration directory by entering:
# cd /opt/keycloak/standalone/configuration/
5. Edit and replace the keycloak_db_password in the standalone.xml file with the password
retrieved from the /home/vson/standalone.xml.bkp file. For reference, the password will be
available under this section:
<security>
<user-name>keycloak</user-name>
<password>keycloak_db_password</password>
</security>
6. Start the keycloak service by entering:
# systemctl start keycloak
7. Once the EdenNet system is operational, remove the temporary certificate directory on all DB
nodes by entering:
# rm -rf /opt/nokia/mysql_cert_backups
Expected outcome
The database snapshot is restored using the MySQL Enterprise backup.

8.5.2.2 Restoring the Database virtual machine (DB VM) using AVE
This section describes the procedure for restoring the Databse VM using AVE.
1. Back up the following files from the Central VM DB to a non DB node. For example, control server
or any of the APP VMs.
• /opt/cassandra-for-kong/conf/cassandra_kong.p12
• /opt/cassandra-for-kong/conf/cassandra.yaml
• /opt/nokia/mysql/certs/mysqlclient-keystore.jks
• /opt/nokia/mysql/certs/mysqlclient-keystore.p12
• /opt/nokia/mysql/certs/mysql_client.crt
• /opt/nokia/mysql/certs/mysql_client.key
• /opt/nokia/mysql/certs/ca_cert.crt
• /home/data/mysql/mysql_server.crt
• /home/data/mysql/mysql_server.key
2. Restore the DB VMs by following the Restoring virtual machine backups section in the EdenNet
Backup and restore document.
Note: After the DB VM restore is completed and virtual machine is powered on, continue
even if you see any errors while checking the enet app status.
3. Stop all the apps on the APP nodes by entering the following command as a vson user:
# enet stop all
4. Stop the enet service on all APP nodes by entering the following command as root user:
# systemctl stop enet
5. On the Central VM, enter the following command as root user:
# systemctl stop kong
# systemctl stop keycloak
Note: For steps 3 to step 5, ignore any command execution failures.
6. Stop the mysqld service on all DB nodes by entering the following command as root user:
# systemctl stop mysqld
7. Stop the cassandra_kong service on Central VM DB node by entering the following command as
root user:

# systemctl stop cassandra_kong
8. Restore the files which were backed up in step 1. See Table 6: File backup details for more
information.
Note: ca_cert.crt file has to be copied to two locations on all the DB Nodes.
File name Mode Owner Group Target DB VM
/opt/cassandra-for-kong/ 0750 cassandra_kong <installation_ Central VM DB

conf/cassandra_kong.p12 user_group>
/opt/nokia/mysql/certs/ 0644 vson vson Central VM DB

mysqlclient-keystore.jks
/opt/nokia/mysql/certs/ 0644 vson vson Central VM DB

mysqlclient-keystore.p12
/opt/nokia/mysql/certs/ 0755 <installation_ <installation_ All DB Nodes

mysql_client.crt user> user_group>
/opt/nokia/mysql/certs/ 0755 <installation_ <installation_ All DB Nodes

mysql_client.key user> user_group>
/opt/nokia/mysql/certs/ca_ 0755 <installation_ <installation_ All DB Nodes

cert.crt user> user_group>
/home/data/mysql/ca_cert. 0644 mysql mysql All DB Nodes

crt
/home/data/mysql/mysql_ 0644 mysql mysql All DB Nodes

server.crt
/home/data/mysql/mysql_ 0644 mysql mysql All DB Nodes

server.key
Table 6: File backup details
Set the mode by entering:
# chmod <mode> <file_name>
Set owner and group by entering:
# chown <owner>:<group> <file_name>
9. Log in to Central VM DB as root user and perform the following steps:

a) Navigate to the cassandra_kong configuration directory by entering:
# cd /opt/cassandra-for-kong/conf/

b) Edit and replace the keystore_password at two places in the cassandra.yaml file
with the password retrieved from the backed up file /opt/cassandra-for-kong/conf/
cassandra.yaml in step 1.
For reference, the password will be available under these sections:
server_encryption_options:
internode_encryption: none
keystore: /opt/cassandra-for-kong/conf/cassandra_kong.p12
keystore_password: <password>
…
…
client_encryption_options:
enabled: true
# If enabled and optional is set to true encrypted and
unencrypted connections are handled.
optional: true
keystore: /opt/cassandra-for-kong/conf/cassandra_kong.p12
keystore_password: <password>
c) Start the cassandra_kong service by entering:
# systemctl start cassandra_kong
10. Start the mysqld service on all DB nodes by entering the following command as root user:
# systemctl start mysqld
11. Log in to Central VM as root user and perform the following steps:
a) Navigate to the keycloak configuration directory by entering:
# cd /opt/keycloak/standalone/configuration/
b) Edit and replace the keycloak_db_password in the standalone.xml file with the
password retrieved from the /home/vson/standalone.xml.bkp file. For reference, the
password will be available under this section:
<security>
<user-name>keycloak</user-name>
<password>keycloak_db_password</password>
</security>
c) Navigate to the kong configuration directory by entering:
# cd /etc/kong
d) Edit and replace the cassandra_password value in the kong.conf file with the password
retrieved from the /home/vson/kong.conf.bkp file. For reference, see:
cassandra_password = <password>
e) Enter the following commands:

# systemctl start keycloak
# systemctl start kong
12. Start the enet service on all APP nodes by entering the following command as root user:
# systemctl start enet
13. Start all the apps on APP nodes by entering the following command as vson user:
# enet start all
Expected outcome
The Database virtual machine (DB VM) is restored using AVE.
8.5.3 Rollback support
The following tasks are supported as part of rollback:
• Rollback EdenNet Module code changes

• Rollback EdenNet Application code changes
• Rollback EdenNet Service code changes
• Rollback EdenNet Framework code changes
8.5.4 Rollback limitations
Rollback of updated OEM is not supported with the rollback procedure.
The user must import the module manually after a successful rollback.
8.6 Appendix F: Rollback after a successful update

To perform the rollback on application servers after a successful software update (based on comparing
the SAT execution results before and after the update), do the following:
1. Log in to all application servers as a vson user by entering:
# sudo -i -u vson
2. Locate the eden_upgrade_backup.gz file under the /home/vson directory.
3. Rename the file as venv_backup.gz while retaining the same read-write permissions.
4. If the application server has the /home/custom directory, log out from vson by entering:
# exit vson

Log in as a custom user by entering:
# sudo -i -u custom
5. Locate the eden_upgrade_backup.gz file under the /home/custom directory.
6. Rename the file as venv_backup.gz while retaining the same read-write permissions.
7. Trigger the rollback by following the steps described in Appendix E: Rollback the software update.
8.7 Appendix G: Generating the sudoers file
2. Navigate to the <directory of the Control server>/installer/ansible_files

directory.
3. Run the following command:
For 2VM configuration:
ansible-playbook -vvv -i ./inventoryfile.2VM prepare_sudoers.yml --tags

"<tags>"

"<tags>"

"<tags>"
Note: Based on which sudoers file needs to be generated, <tags> can be replaced in
the command with the required tag/tags as per the following table:
Sudoers file name Used in Tag to use
eden_sudoers target servers target-server-sudoers
security_hardening_ target servers optional-security-hard-

sudoers ening
Table 7: Tag information
For example,
ansible-playbook -vvv -i ./inventoryfile.8VM prepare_sudoers.yml

--tags "target-server-sudoers,optional-security-hardening"

Multiple tags can be given at once, as comma separated values, to generate the
respective sudoers file.
4. After running the command, eden_sudoers and security_hardening_sudoers files are

generated at <path_to_installer_directory>/ansible_files/on the control server.
Copy that file to /etc/sudoers.d/ for every target server as a root user. It can be done either
manually or using an ansible command. For information on how this can be automated, see
Appendix H: Copying the sudoers file to the target servers using ansible .
8.8 Appendix H: Copying the sudoers file to the target servers using
ansible
Note: Passwordless ssh connection as a root user is required.
1. Log in to the control as a root user.

2. Go to the <directory of the Control server>/installer/ansible_files directory.
3. Enter the following command:
ansible-playbook -vvv -i ./inventoryfile.2VM configure_sudoers.yml

--extra-vars "ansible_user=root ansible_ssh_private_key_file=/
root/.ssh/id_rsa"

root/.ssh/id_rsa"

root/.ssh/id_rsa"
8.9 Appendix I: Setup the control server sudoers for non-root user
2. Navigate to ansible_files directory by entering:
# cd <Directory of Control Server>/installer/ansible_files/

3. Execute the create_cs_sudoers script file to generate the sudoers file for control server by
entering:
# sh create_cs_sudoers.sh
4. The eden_cs_<installation_user>_sudoers file is generated in your current working
directory. This file must be copied to the /etc/sudoers.d/ directory.
Note: This step must be done as a root user.
8.10 Appendix J: Manually adding more nodes to the existing setup

This section provides information on manually adding more regions or task nodes to the existing setup.
1. For manually adding more regions:

a) For more information on existing 5VM setup, see Manually adding more regions to the existing
5VM configuration section in the EdenNet Installation and Upgrade Guide.
b) For more information on existing 8VM setup, see Manually adding more regions to the existing
8VM configuration section in the EdenNet Installation and Upgrade Guide.
2. For manually adding task or custom task nodes, see Manually adding task and custom task nodes
on demand section in the EdenNet Installation and Upgrade Guide.

Eden Net Software Update Guide

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eden Net Software Update Guide

Uploaded by

Copyright:

Available Formats

EdenNet 21 FP 2106

EdenNet Software Update Guide

N O WA RRA NT Y O F AN Y KI ND , EI T HER EXPR ES S OR I M P L I E D , I N C L U D I N G B U T N O T L I M I T E D TO A N Y

Copyright © 2021 Nokia. All rights reserved.

Important Notice on Product Safety

2 Software update overview.............................................................................................................................. 8

3 Software update prerequisites....................................................................................................................... 9

4 Configuring inventory file.............................................................................................................................12

5 Updating the software...................................................................................................................................13

6 Verifying the software update...................................................................................................................... 16

EdenNet 21 FP 2106 © 2021 Nokia 3

EdenNet 21 FP 2106 No change.

EdenNet 21 FP 2105 Updated sections:

• Software update prerequisites is updated with an additional point.

EdenNet 21 FP 2104 No change.

EdenNet 21 FP 2103 Updated sections:

• Configuring inventory file

EdenNet 20 FP 2011 No change.

EdenNet 20 FP 2010 No change.

EdenNet 20 FP 2009 Added section:

• Software update failure as SON App Manager API is down

EdenNet 20 FP 2008 Updated section:

• Configuring inventory file

EdenNet 20 FP 2007 Added section:

• Appendix J: Manually adding more nodes to the existing setup

• Appendix C: Automation of post-update tasks

• Appendix J: Importing certificates to Automatic Site Creation from Net-

EdenNet 19A FP 2004 Added sections:

EdenNet 21 FP 2106 © 2021 Nokia 4

• Software update prerequisites

EdenNet 19A FP 2003 Added section:

• Appendix I: Setup the control server sudoers for non-root user

• Software update prerequisites

EdenNet 19A FP 2002 Updated section:

EdenNet 19A FP 2001 Updated section:

• Configuring inventory file

• Appendix I: Steps for insufficient space in /tmp partition

EdenNet 19A FP 1912 Added sections:

• Installation of the configuration file (Inventory File)

• Updating the software

EdenNet 21 FP 2106 © 2021 Nokia 5

EdenNet 19A FP 1911 Updated sections:

• Updated with <installation_user> information in:

– Software update prerequisites

– Appendix A: Automation of pre-update tasks

• Appendix E: Updating the Ansible version

EdenNet 19A No change.

EdenNet 19 FP 1907 Added sections:

• GUI is unresponsive when accessed from an external IP address

EdenNet 19 FP 1906 Updated section:

EdenNet 19 FP 1905 Updated section:

• Updating the software - updated note information

EdenNet 19 FP 1904 Updated section:

• Software update prerequisites

EdenNet 18 SP1 1901 Updated section:

• Updating the software and Appendix E: Rollback the software update -

EdenNet 18 SP1 1812 Added section:

EdenNet 21 FP 2106 © 2021 Nokia 6

EdenNet 21 FP 2106 © 2021 Nokia 7

2 Software update overview

Note: The user which triggers the EdenNet installation is referred to as an

EdenNet 21 FP 2106 © 2021 Nokia 8

3 Software update prerequisites

• An instance of EdenNet 20 or higher must be deployed.