Upgrade notes

Upgrade from Rudder 5.0

Migration from any 5.0 minor version is supported (see below for migration from older versions).

Rudder generic method condition from command will change its behaviour in audit policy mode starting 5.1.

Before the 5.1 Rudder version, when in audit policy mode, the method was not executing the command passed in parameters and would always report an error.

In order to limit the compliance drift when switching policy mode we chose to make the method behave in the exact same way in audit mode than in enforce mode because:

  • Audit and enforce policy mode should do the same check on the node, and differ on the remediation part

  • The method is mainly used to bypass missing components in the current generic methods library and so, not applying it in audit restrain Rudder from complex use cases

  • The command passed as parameter should always be system impact free, and so, it can be executed without impacting the overall configuration state of the node

Rudder 5.0.9 changes the default log level for the configuration server in Rudder.

This allows easier debugging and tracability of policy updates, so we enabled it by default, but will produce more logs. If you want to revert to the previous behavior (which only logs errors):

  • On systemd systems

    • Create a /etc/systemd/system/rudder-cf-serverd.service.d/override.conf file containing:

[Service]
Environment=VERBOSITY_OPTION=
  • Run systemctl daemon-reload then systemctl restart rudder-cf-serverd

    • On systems using the init script

  • Edit the /etc/default/rudder-agent file:

# You need to uncomment and let empty
CFENGINE_COMMUNITY_PARAMS_1=""
  • Restart the service with service rudder-agent restart

Verbosity options can be:

  • empty for only errors

  • --inform for basic messages

  • --verbose for very detailed logs

  • --debug for unreasonnably detailed logs

== Upgrade from Rudder 4.3

Migration from Rudder 4.3 are supported, so you can upgrade directly to 5.1.

The following features are now provided as plugins and no more available as part of default Rudder installation starting from 5.0:

  • LDAP-based authentication

  • Relay servers

  • Changes validation workflow (change requests)

If you were using them, upgrade will disable them and you will have to install the plugin. Read the plugins page on our website for more information.

On RHEL/centOS and SLES systems, when upgrading from a 4.3 older than 4.3.3, it is necessary to explicitely upgrade rudder-agent (in the same command as the other packages) when upgrading a relay or a root server, because of a dependency misconfiguration in the agent package.

This has been fixed in the packages, but the problem is caused by the package in the version your are upgrading from.

If your Rudder server was upgraded from a 4.1 or older installation on Ubuntu 12.04 LTS or 14.04 LTS, you may still be using port 5514 for syslog communication with nodes.

It not necessary anymore, you can switch back to the default by changing the port in the rudder.syslog.port line in /opt/rudder/etc/rudder-web.properties to 514.

== Upgrade from Rudder 4.2 or older

Direct upgrades from 4.2.x and older are no longer supported on 5.1. If you are still running one of those, either on servers or nodes, please first upgrade to one of the supported versions, and then upgrade to 5.1.

== Compatibility between Rudder agent 5.1 and older server versions

=== 4.3 servers

Rudder agents 5.1 are compatible with 4.3 and 5.0 Rudder servers.

=== Older servers

Rudder agents 5.1 are not compatible with Rudder servers older than 4.3. You need to upgrade your server to a compatible version before the agents.

== Compatibility between Rudder server 5.1 and older agent versions

=== 4.3 and 5.0 agents

Rudder agent 4.3 and 5.0 are fully compatible with Rudder server 5.1. It is therefore not strictly necessary to update all your agents to 5.1.

=== Older agents

These agents are not compatible with Rudder 5.1, and you have to upgrade them. Be careful to follow the upgrade path explained above.


← on SLES on Debian/Ubuntu →