12. Software Upgrade

12.1. Release Notes
12.2. Upgrade from previous versions to mr5.2.2

12.1. Release Notes

The sip:provider CE version mr5.2.2 has several important changes comparing to the previous release:

  • A preconfigured firewall subsystem was added to secure the NGCP. The firewall whitelists all services vital to NGCP’s operations while blocking all other traffic. After upgrade, the firewall subsystem will be disabled by default to avoid inadvertent self-lockout of the operator during upgrade. The firewall has to be enabled manually after successful upgrade in /etc/ngcp-config/config.yml setting security.firewall.enable: ‘yes’. During upgrade the NGCP configuration framework will prepare a standard rule set ready to be used after successful upgrade. If iptables rules already exist on the system, those will be save to a customtt.tt2 and will persist until custom.tt2 and tt2 are merged. If a third-party firewall system is detected, the upgrade procedure will stop. To resume the upgrade, the situation needs to be consolidated (e.g. by removing the unsupported firewall subsystem and merging existing rules into the NGCP firewall subsystem). Notice: Make sure SSH access is correctly configured in /etc/ngcp-config/config.yml to allow SSH access after activating the firewall. Please read the handbook carefully for further instructions before activating the firewall subsystem. [TT#9717]
  • [PRO/Carrier] The default rotate_days configuration for backuptools was decreased from 7 to 3 days to avoid disk space issues (if the configuration is already less than 7 days it will stay unmodified during upgrades) [TT#9816]
  • sshd: in preparation for the upcoming Debian Stretch release upgrade of the underlying operating system, the protocol version 1 specific settings KeyRegenerationInterval, RSAAuthentication, RhostsRSAAuthentication + ServerKeyBits have been removed from the sshd_config (using their defaults now)
  • Improved NGCP documentation style
  • [CPBX] Implement Yealink CP860 and Grandstream GXW-4008 auto provisioning
  • Migrate NGCP admin’s passwords to bcrypt and drop admin’s ssl client cert from DB, providing an API function to fetch PEM and P12 certificates.
important

Due to migrating to bcypt hashing of admin and reseller passwords both on the admin panel and the API, password authentication via the API will take ~500ms for each request. It is highly advised to use ssl client certificate based authentication instead of passwords on the API for performance reasons!

Please find the complete changelog in our release notes on our WEB site.

12.2. Upgrade from previous versions to mr5.2.2

The sip:provider CE system upgrade to mr5.2.2 will be performed in a couple of tasks:

  • Verify APT source lists
  • Upgrade NGCP software packages
  • Upgrade NGCP configuration templates
  • Upgrade NGCP DB schema
  • Upgrade the base system within Debian (v8) to the latest package versions
warning

ensure you are using Sipwise APT repositories. Public Debian mirrors may not provide packages for old Debian releases anymore. Also they can be outdated. Consider to use Sipwise repositories for the time of upgrade.

Execute the following commands as root:

echo "# Please visit /etc/apt/sources.list.d/ instead." > /etc/apt/sources.list

mkdir -p /etc/apt/sources.list.d
for file in /etc/apt/sources.list.d/*.list ; do mv "${file}" "${file}.DISABLED" ; done

NGCP_CURRENT_VERSION=$(cat /etc/ngcp_version)
cat > /etc/apt/sources.list.d/debian.list << EOF
# Debian repositories, deployed via upgrade ${NGCP_CURRENT_VERSION}->mr5.2.2
deb https://debian.sipwise.com/debian/ jessie main contrib non-free
#deb-src https://debian.sipwise.com/debian/ jessie main contrib non-free
#
deb https://debian.sipwise.com/debian-security/ jessie-security main contrib non-free
#deb-src https://debian.sipwise.com/debian-security/ jessie-security main contrib non-free
#
deb https://debian.sipwise.com/debian/ jessie-updates main contrib non-free
#deb-src https://debian.sipwise.com/debian/ jessie-updates main contrib non-free
EOF

NGCP_CURRENT_VERSION=$(cat /etc/ngcp_version)
cat > /etc/apt/sources.list.d/sipwise.list << EOF
# NGCP_MANAGED_FILE
# Sipwise repository, deployed via upgrade ${NGCP_CURRENT_VERSION}->mr5.2.2
deb https://deb.sipwise.com/spce/${NGCP_CURRENT_VERSION}/ jessie main
#deb-src https://deb.sipwise.com/spce/${NGCP_CURRENT_VERSION}/ jessie main
EOF

Run "apt-get update" and ensure you have no warnings/errors here.

For upgrading the sip:provider CE to release mr5.2.2, execute the following commands:

NGCP_CURRENT_VERSION=$(cat /etc/ngcp_version)
sed -i "s/$NGCP_CURRENT_VERSION/mr5.2.2/" /etc/apt/sources.list.d/sipwise.list
apt-get update
apt-get install ngcp-upgrade-ce

Run the upgrade script as root like this:

ngcp-upgrade
info

sip:provider CE can be upgraded to mr5.2.2 from previous release or previous build only. The script ngcp-upgrade will find all the possible destination releases for the upgrade and allow to choose the proper one.

info

If there is an error during upgrade, the ngcp-upgrade script will request you to solve it. Once you’ve fixed the problem just re-execute ngcp-upgrade again and it will continue from the previous step.

The upgrade script will ask you to confirm that you want to start. Read the given information carefully, and if you agree, proceed with y.

The upgrade process will take several minutes, depending on your network connection and server performance. After everything has been updated successfully, it will finally ask you to reboot your system. Confirm to let the system reboot (it will boot with an updated kernel).

Once up again, double-check your config file /etc/ngcp-config/config.yml (sections will be rearranged now and will contain more parameters) and your domain/subscriber/peer configuration and test the setup.

When all finishes successfully check that replication is running. Check ngcp-status. Finally, do a basic functionality test. Check web interface, register two test subscribers and perform a test call between them to ensure call routing works.

info

You can find a backup of some important configuration files of your existing installation under /var/backup/ngcp-mr5.2.2-* (where * is a place holder for a timestamp) in case you need to roll back something at any time. A log file of the upgrade procedure is available at /var/backup/ngcp-mr5.2.2-*/upgrade.log.