Idea ID 1644482
Request: Eliminate the requirement to roll back the CORD updates to the last major release for all upgrades. The upgrade procedure needs to be robust enough to deal with CORDS + rollups + hotfixes without having to uninstall any fixes.
In our past upgrades, the CORD rollback has not only created problems but also extended the downtime for the SA infrastructure in order to complete the upgrade.
For example, we have been testing the upgrade
FROM: SA 10.51 + Rollup 6 running on RedHat 7.4 using TLSv1.2 and a restricted cipherlist + latest agent version
TO: SA 10.60 + Rollup 5 (same OS, TLS & cipherlist)
After multiple iterations of testing, we determined that all of the following actions were needed pre-upgrade:
- Reboot all Cores & Satellites to an older RedHat kernel (7.2). This is because SA 10.50 was not supported on RedHat 7.3 and above. If you do the CORD rollback without back-revving the kernel, the FUSE component will not relink and that has a domino effect on other components of the Cores
- Uninstall the rollups – To avoid spin, way & word issues with the restricted cipherlist
- Backrev the agent on all Cores & Satellites – To avoid agent startup issues with the restricted cipherlist and min_ssl_protocol parameters
Then and only then it was safe to do the CORD removal.
We estimated that all of the above actions across our mesh, would add a minimum of 6 downtime hours to our production upgrade. (Much of that time is spent rebooting and restarting components). Basically, it consumes a day out of our two and a half day estimate to complete the upgrade.
So while Microfocus has no control over RedHat kernel changes, if the requirement to roll back the CORD did not exist, we would not need to roll back the kernel. The ROLLUP that introduced the support for RHEL 7.4 could have stayed in place. The same is true for the min_ssl_protocol_version and cipherlist fixes – without the requirement to roll back the CORD, we would not have to remove the rollups OR backrev the agent.
I suspect that it’s no longer possible to have a procedure in place for upgrades to 10.6x that eliminates CORD removal, but it would be clearly beneficial to any customer who will be performing an upgrade to 10.7x (and above) to have this change implemented.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.