Updating TNSR

Warning

Trial versions of TNSR packages cannot be updated. Reinstall with a full version of TNSR or install a new trial version. The operating system may be updated, but not TNSR.

With a signed client certificate from Netgate in place, TNSR has access to the Netgate software repositories which contain important updates to TNSR. These updates can be retrieved using the package command in the TNSR CLI, or yum in the host OS shell.

Note

Updating TNSR will also update the operating system. Even when there are no TNSR updates available, it is a good practice to periodically perform an update to obtain important operating system updates such as security vulnerability mitigations.

Pre-Upgrade Tasks

Before updating TNSR, perform the following tasks:

  • Make sure the signed certificate is in place (Install the certificate)

  • Make sure the TNSR instance has working Internet connectivity through the host OS management interface

  • Take a backup of the running and startup configurations (Configuration Backups)

Updating via the TNSR CLI

The easiest way to update TNSR is from within the TNSR CLI itself.

tnsr# package upgrade

That command will download and apply all available updates. Afterward, exit the CLI and start it again.

Note

There will be no output from this command until the process completely finishes, which may take a few minutes for larger updates.

Updating via the shell

TNSR can also be updated from the command line using the host OS package management commands, in this case, yum:

$ sudo yum clean all
$ sudo yum clean expire-cache
$ sudo yum -y upgrade

Update Script

The following shell script may be used to keep TNSR and CentOS updated. In addition to the updates it also makes a local backup before performing the update.

Download: updatetnsr.sh
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
#!/bin/sh

# Stop existing services
sudo systemctl stop strongswan frr vpp clixon-restconf

# Time to make the backups
mkdir -p ~/tnsr-config-backup
sudo cp -p /var/tnsr/running_db ~/tnsr-config-backup/running_db-`date +%Y%m%d%H%M%S`.xml
sudo cp -p /var/tnsr/startup_db ~/tnsr-config-backup/startup_db-`date +%Y%m%d%H%M%S`.xml

# Update all RPMs
sudo yum clean all
sudo yum clean expire-cache
sudo yum -y upgrade

# Ensure services are stopped, in case some automatically started after update.
sudo systemctl stop strongswan frr vpp clixon-restconf
# Start services
sudo systemctl start clixon-backend clixon-restconf

Update Troubleshooting

If the TNSR CLI method does not work, use the shell method instead.

If either method prints an error referring to a broken package database, recover it as follows:

$ mkdir -p ~/tmp/
$ sudo mv /var/lib/rpm/__db* ~/tmp/
$ sudo rpm --rebuilddb
$ sudo yum clean all