Contents
Overview
The goal of this article is to explain how ZEVENET Subscriptions work and how to configure ZEVENET Enterprise Edition subscriptions to maintain updated ZEVENET appliances in a very automatic way.
Architecture
The ZEVENET Enterprise Edition appliances require to have connectivity to two services: certs.zevenet.com and repo.zevenet.com
ZEVENET Enterprise Edition connects to https://certs.zevenet.com/ in order to check your Subscription Plan or Support status and once this system confirms the access is granted, then it connects to https://repo.zevenet.com/ in order to check the package updates.
For this reason, it’s important to ensure that the Load Balancer is able to reach both remote points. If due to any reason, the connection to the Internet from the load balancer it is not allowed to those sites the load balancer can be configured to add an HTTP and HTTPS proxy. Ensure to have enabled the following destination rules in your data center:
For Firewall sysadmins: Allow From the ZEVENET IP to DNS resolution of certs.zevenet.com and repo.zevenet.com port 443 (HTTPS protocol)
For Proxy sysadmins: Allow From the Zevenet IP to https://certs.zevenet.com/* and https://repo.zevenet.com/* (HTTPS protocol)
Configuration Procedure
Please follow the next steps in order to enable your Subscription Plan or Support in the ZEVENET Load Balancer Enterprise Edition appliances. Firstly, please ensure you have the appliances deployed and activated.
1. Connect to your ZEVENET appliance and ensure that at least the release ZEVENET 5.2.11 is installed:
root@zvnlb:~# dpkg -l | grep zevenet ii zevenet 5.2.11 amd64 ZEVENET Load Balancer Enterprise Edition
2. If your ZEVENET package is in a previous version please apply the latest release that you received at the moment of the Subscription Plan or Support acquisition.
3. If required, configure the proxy when a direct connection to the Internet is not allowed. Edit the global.conf file and configure the $http_proxy and $https_proxy variables as follows.
root@zvnlb:~# vi /usr/local/zevenet/config/global.conf #proxy $http_proxy="http://PROXY_IP:PROXY_HTTPS_PORT"; $https_proxy="https://PROXY_IP:PROXY_HTTPS_PORT";
NOTE: If ZEVENET Version is 6 or higher the proxy configuration can be done in web GUI System > Remote Services > Proxy.
Just in case your proxy requires validation please configure it as follows:
root@zvnlb:~# vi /usr/local/zevenet/config/global.conf #proxy $http_proxy="http://USER:PASSWORD@PROXY_IP:PROXY_HTTPS_PORT"; $https_proxy="https://USER:PASSWORD@PROXY_IP:PROXY_HTTPS_PORT";
Take into account to:
- Change USER and PASSWORD for the given proxy credentials.
- Change PROXY_IP with your own proxy IP or proxy name.
- Change PROXY_HTTPS_PORT with your own proxy port that accepts HTTPS.
- Ensure that the proxy IP and proxy port is reachable from the Load Balancer, you can use telnet for these tests.
Repeat this configuration to every ZEVENET appliance that requires to have access to the remote repository for updates.
Applying package updates and hotfixes
ZEVENET appliances are fully integrated with the Linux operating system based in a GNU/Debian environment, so once the release ZEVENET 5.2.11 or higher is applied you will be able to update the ZEVENET system as any other GNU/Debian via APT repository, please refer to the following commands to be applied in order to maintain the appliances up to date.
Update the database of packages in your ZEVENET appliance from the remote APT repository.
root@zvnlb:~# apt-get update Hit:1 https://repo.zevenet.com/ee/v5/4.9.13zva5000 stretch InRelease Reading package lists... Done root@zvnlb:~# apt-get --with-new-pkgs upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages will be upgraded: cherokee zevenet zevenet-web-gui 2 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 1,764 kB of archives. After this operation, 3,072 B disk space will be freed. Do you want to continue? [Y/n] Y . . .
Since ZEVENET 6 the system includes a tool called checkupgrades which check if any package update is pending and gives information about the system status as follows:
root@zvnlb:~# checkupgrades Zevenet Packages are up-to-date.
or via web GUI:
Search a certain package in the local database.
root@zvnlb:~# apt-cache search zevenet cherokee - Zevenet cherokee gdnsd - Zevenet gdnsd health-checks - Zevenet health checks pound - Zevenet pound reverse proxy ssyncd - Zevenet Ssyncd zevenet - ZEVENET Load Balancer Enterprise Edition zevenet-web-gui - Web GUI of Zevenet Enterprise zevenet-ipds - Security updates to feed IPDS module of ZEVENET Load Balancer
Read the contents and information for a certain package.
root@zvnlb:~# apt-cache show zevenet-web-gui
Update a certain package.
root@zvnlb:~# apt-get install zevenet-web-gui
Update the whole system.
root@zvnlb:~# apt-get --with-new-pkgs upgrade
Offline updates
ZEVENET Load Balancer is able to be updated even if the load balancer is not allowed to connect to the Internet, so the latest ZEVENET updates also are accessible in ISO format, this ISO file can be downloaded from the Support Portal ZVNCentral.
The procedure for the offline updating process is the following.
1. Ensure that the load balancer has an active support contract.
2. Download the latest ZEVENET Update ISO file from the KB section of ZVNCentral portal, direct link here.
3. Copy the ISO file in the load balancer path /usr/local/zevenet/updates/.
4. Run the command checkupgrades, this command will check in first place the connectivity to our private system, if the connection is not possible, then the command will check if there are update ISO files in the updates path.
5.If there are pending updates, a message will be shown in order to confirm with the updating process.
Considerations
ZEVENET 6 configures the subscription by default at the moment of appliance activation, so please ensure that the load balancer has internet connectivity before to activate it, if the activation procedure is done without internet connectivity, then the subscription won’t be configured properly, but you can force the procedure once there is internet connectivity with the following command:
echo "" | /usr/local/zevenet/bin/enterprise.bin Zevenet::Apt setAPTRepod
Compatibility and Security
ZEVENET Load Balancer is based on a GNU/Debian system and fully integrated with the APT repository services. Although, it doesn’t mean that ZEVENET packages are fully compatible with Debian mainstream packages, as this has been designed to be optimized and ready for high availability, scalability, and security of applications.
It is capable to add third parties APT repositories for certain packages, but use this at your sole responsibility. System updates and upgrades are only supported by the official ZEVENET APT repositories. In addition, for security reasons, only accept updates from signed package repositories.