Upgrading from opFlow 2.x to 3.x
- alexz (Unlicensed)
The migration from opFlow 2 to 3 cannot be totally seamless, because opFlow 3 uses the database differently and relies on a different flow collection tool. This document briefly describes the recommended procedure for such an upgrade.
switch off the 'flowd' data collector
opFlow 3 uses 'nfdump/nfcapd' as collector, and the old flowd collector interferes with that and needs to be retired.sudo service flowd stop sudo chkconfig --del flowd
shut down 'opflowd'
It is very inadvisable to modify the database while opflowd is running.sudo service opflowd stop
- drop the old incompatible database (optional: after a backup/export)
opFlow 3 uses a different database layout, and existing data won't work with the new application; depending on your configuration it will be required to remove the conflicting data.- Open the old configuration file
/usr/local/opmantek/conf/opFlow.nmisand look fordb_name.
If the database is called "opFlow", it SHOULD be removed.
If it is called "flows", it MUST be removed prior to upgrading to opFlow 3 (as opFlow 3 uses that database name by default).
If it is called "nmis", then it MUST NOT be removed, but certain collections within it SHOULD be dropped. - Export the database for backup. You find instructions for this operation on the MongoDB Data Migration, Backup and Restore page.
Connect to the database server
You need to connect to your mongoDB server using themongoclient, with username and password as given in youropFlow.nmisconfig file:# if your installation uses the default username and password: mongo -u opUserRW -p op42flow42 admin > show dbs admin 0.078GB local 0.078GB nmis 0.078GB opFlow 14.071GB >
Drop the whole database or drop only the flow-related collections
To drop the whole "opFlow" database, issue the following commands: "use opFlow" and "db.dropDatabase();" - if the db is named differently, substitute the correct name in theusestatement.
To drop just the relevant collections (primarily required if the database is called "nmis"), issue these commands instead:use nmis db.conversations.drop(); db.customapps.drop(); db.endpoints.drop(); db.flows.drop(); db.iana.drop(); db.reportConfig.drop(); db.reportData.drop(); db.sites.drop(); db.sumCache.drop();
- Open the old configuration file
disable all opFlow 2 cron jobs
The opFlow 3 installer will recreate suitable cron entries; until that stage is reached any jobs for opFlow 2 need to be disabled.sudo rm -f /etc/cron.d/opflow
If you have any opFlow-related cron entries in
root's crontab, comment those out as well:sudo crontab -u root -e # ... and use the editor to remove or comment out anything matching "opflow"
- download and run the opFlow 3 installer
You find the opFlow download on the Opmantek website. opFlow 3 ships as self-extracting interactive installer: simply download the run file, then tell your shell to execute it and you will be guided through the installation steps. - adjust either your flow exporters or the nfdump flow collector to use a suitable UDP port
opFlow 2 installation generally defaulted to using UDP port 12345 for receiving flow data; opFlow 3 uses nfdump and the currently more common port 9995.
You should check theold /usr/local/etc/flowd.conffile for the "Listen" directives, e.g.listen on 0.0.0.0:12345.
If the old installation did use a port other than 9995, then you have to decide whether you'd like to change your flow exporters to use the new port or change the nfdump configuration to use the "old" port. To adjust the nfdump configuration, edit/etc/sysconfig/nfdump(CentOS/RedHat) or/etc/default/nfdump(Debian/Ubuntu) after the opFlow 3 installation has completed, then restart the collector usingsudo service nfdump restart. - optional: remove the old opFlow installation
Unless you are using other legacy products (e.g. opMaps, opReports 2.x, opConfig 1.x), you can remove/usr/local/opmantekcompletely.
If this is an Opmantek VM Appliance, you may also remove/data/opflow: the new nfdump flow capture infrastructure uses/var/lib/nfdumpfor capture files.