Tip

This is the documentation for the 19.12 version. Looking for the documentation of the latest version? Have a look here.

Updating TNSR

Warning

Trial versions of TNSR packages cannot be updated. Reinstall with a full version of TNSR or install a new trial version. The operating system may be updated, but not TNSR.

With a signed client certificate from Netgate in place, TNSR has access to the Netgate software repositories which contain important updates to TNSR. These updates can be retrieved using the package command in the TNSR CLI, or yum in the host OS shell.

Note

Updating TNSR will also update the operating system. Even when there are no TNSR updates available, it is a good practice to periodically perform an update to obtain important operating system updates such as security vulnerability mitigations.

Pre-Upgrade Tasks

Before updating TNSR, perform the following tasks:

  • Make sure the signed certificate is in place (Install the certificate)

  • Make sure the TNSR instance has working Internet connectivity through the host OS management interface

  • Take a backup of the running and startup configurations (Configuration Backups)

Updating via the TNSR CLI

The easiest way to update TNSR is from within the TNSR CLI itself.

tnsr# package upgrade

That command will download and apply all available updates. Afterward, exit the CLI and start it again.

Note

There will be no output from this command until the process completely finishes, which may take a few minutes for larger updates.

Updating via the shell

TNSR can also be updated from the command line using the host OS package management commands, in this case, yum:

$ sudo yum clean all
$ sudo yum clean expire-cache
$ sudo yum -y upgrade

Update Script

The following shell script may be used to keep TNSR and CentOS updated. In addition to the updates it also makes a local backup before performing the update.

Download: updatetnsr.sh
 1#!/bin/sh
 2
 3# Stop existing services
 4sudo systemctl stop strongswan frr vpp clixon-restconf
 5
 6# Time to make the backups
 7mkdir -p ~/tnsr-config-backup
 8sudo cp -p /var/tnsr/running_db ~/tnsr-config-backup/running_db-`date +%Y%m%d%H%M%S`.xml
 9sudo cp -p /var/tnsr/startup_db ~/tnsr-config-backup/startup_db-`date +%Y%m%d%H%M%S`.xml
10
11# Update all RPMs
12sudo yum clean all
13sudo yum clean expire-cache
14sudo yum -y upgrade
15
16# Ensure services are stopped, in case some automatically started after update.
17sudo systemctl stop strongswan frr vpp clixon-restconf
18
19# Run config database upgrade script
20sudo /usr/bin/tnsr-db-update
21
22# Start services
23sudo systemctl start clixon-backend clixon-restconf

Updating the Configuration Database

If TNSR fails to start due to a change in the configuration, use the included configuration database migration utility, /usr/bin/tnsr-db-update, to check for and correct potential problems.

Warning

TNSR must be stopped before attempting to run this script, which modifies the running database at /var/tnsr/running_db.

The /usr/bin/tnsr-db-update script must be run as root either directly or via sudo:

$ sudo /usr/bin/tnsr-db-update

The utility will make a backup of the configuration before making alterations. This backup is placed in /var/lib/tnsr/db-backups/tnsr-<version>/running_db-<timestamp>.

Update Troubleshooting

If the TNSR CLI method does not work, use the shell method instead.

If either method prints an error referring to a broken package database, recover it as follows:

$ mkdir -p ~/tmp/
$ sudo mv /var/lib/rpm/__db* ~/tmp/
$ sudo rpm --rebuilddb
$ sudo yum clean all