Move or Restore Orchestrator
You can:
Move Orchestrator from Virtual Machine to Cloud
IMPORTANT: Before you begin, make sure the on-premise Orchestrator and cloud Orchestrator are the same version. The minimum required version for cloud migration is 8.5.7.
WARNING: The Orchestrator blueprint (obtained through the following procedure) will not restore the IPSec UDP key material. When you import the blueprint, Orchestrator will start a new IPSec UDP key material rotation. To prevent Orchestrator from doing this, make sure that the appliance has a connection to the Orchestrator or the Cloud Portal before you proceed. This will ensure that the appliance obtains the existing key and tunnels will remain up.
To move Orchestrator from virtual machine to cloud:
-
Place a purchase order with TAC to provision the cloud Orchestrator. For more information on contacting TAC, see Working with Support.
-
Open a customer case with TAC to enable the Orchestration.
-
To pause orchestration and export the Orchestrator blueprint, do the following:
NOTE:
You must export the Orchestrator blueprint 24-36 hours before the migration is scheduled.
Do not make any network changes while Orchestrator is exporting the blueprint.-
In Orchestrator, navigate to Orchestrator > Orchestrator Server > Tools > Maintenance Mode.
-
Click Add.
The Configure Maintenance Mode dialog box opens.
-
Select the appliance you want to pause orchestration on.
-
Select Pause Orchestration.
-
Click OK.
-
Click Close.
-
Navigate to Orchestrator > Orchestrator Server > Tools > Orchestrator Blueprint Export.
The Orchestrator Blueprint Export dialog box opens.
-
Select the blueprint type: Template or Migration.
-
Click Export. Orchestrator downloads an SQL file to your local desktop.
-
-
Provide the exported file to Support.
-
Shut down the existing Orchestrator before the migration is scheduled.
Silver Peak DevOps will notify you when the migration is complete. Estimated duration of migration:
-
Small orchestration: 1 - 2 hours
-
Medium orchestration: 2 - 4 hours
-
Large orchestration: 6 - 8 hours
-
-
After the migration is complete, delete your on premises Orchestrator.
-
Do the following to enable orchestration.
-
In Orchestrator, navigate to Orchestrator > Orchestrator Server > Tools > Maintenance Mode.
-
Click Add.
The Configure Maintenance Mode dialog box opens.
-
Select the appliance you want to enable orchestration on.
-
Clear Pause Orchestration.
-
Click OK.
-
Click Close.
-
-
Do the following to enable IPSec UDP.
-
Navigate to Configuration > Security > IPSec Key Rotation.
The Schedule IPSec Key Rotation dialog box opens.
-
Select Enable Key Rotation, and then click Save.
-
Move Orchestrator from Cloud to Virtual Machine
WARNING: The Orchestrator blueprint (obtained through the following procedure) will not restore the IPSec UDP key material. When you import the blueprint, Orchestrator will start a new IPSec UDP key material rotation. To prevent Orchestrator from starting a new IPSec UDP key material rotation, make sure that the appliance has a connection to the Orchestrator or the Cloud Portal before you proceed. This will ensure that the appliance obtains the existing key and tunnels will remain up.
-
Complete the following steps to pause orchestration on the Cloud Orchestrator and export the Orchestrator blueprint.
NOTE:
You must export the Orchestrator blueprint 24-36 hours before the migration is scheduled.
Do not make any network changes while Orchestrator is exporting the blueprint.-
In Orchestrator, navigate to Orchestrator > Orchestrator Server > Tools > Maintenance Mode.
-
Click Add.
The Configure Maintenance Mode dialog box opens.
-
Select the appliance you want to pause orchestration on.
-
Select Pause Orchestration.
-
Click OK.
-
Click Close.
-
Navigate to Orchestrator > Orchestrator Server > Tools > Orchestrator Blueprint Export.
The Orchestrator Blueprint Export dialog box opens.
-
Select the blueprint type: Template or Migration.
-
Click Export. Orchestrator downloads an SQL file to your local desktop.
-
-
Shut down the existing Cloud Orchestrator before the migration is scheduled.
-
Complete the migration by importing the migration file.
-
If you are migrating from the cloud to on-prem, you will need to enter the account name and key in the Orchestrator UI in the on-prem (target) Orchestrator.
NOTE: If you are migrating from on-prem to cloud, you do not need to perform this step because the Cloud Orchestrator will already have the account name and key.
-
Approve the target Orchestrator from the source Orchestrator, or ask TAC to approve it.
-
Ensure that the source Orchestrator has at least one valid user. If the source Orchestrator does not have a valid user, you will not be able to log in to the UI.
-
Download the migration file from the source Orchestrator UI. The migration file name will be similar to
SilverPeakOrchBlueprint-2018.06.28.sql
-
Shut down the source Orchestrator. If the source Orchestrator is in the cloud, you can stop or deactivate it.
-
Use WinSCP or similar file transfer application to copy the migration file to the target Orchestrator server (for example,
../tmp/SilverPeakOrchBlueprint-2018.06.28.sql
). -
SSH as admin into the target Orchestrator server.
-
Go to the gms directory.
$
cd gms
-
Stop Orchestrator, but keep the database running.
-
Change to root user. You will be prompted for the Orchestrator root user password.
$
su
-
Stop the GMS Java server and the database.
$
service gms stop
-
Exit out of root user.
$
exit
-
Start the database again.
$
dbserver start
-
If you are migrating to the cloud, then you must set the database connection parameters in the environment. If you do not set the parameters in the environment, Orchestrator will use the built-in values and will connect to the local database.
export DB_HOST_NAME = ""
export DB_PORT = ""
export DB_USER_NAME = ""
export DB_PASSWORD = ""
export DB_DATABASE="vistapoint"
export CONTAINER_MODE = "true"
-
Run the following script.
$
./setup/golden-orch-import.sh ~/tmp/SilverPeakOrchBlueprint-2018.06.28.sql
-
Restart the Orchestrator server.
-
Change to root user. You will be prompted for the Orchestrator root user password.
$
su
-
Start the GMS service and database.
$
service gms start
-
-
Delete the source Orchestrator.
-
-
-
Do the following to enable orchestration.
-
In Orchestrator, navigate to Orchestrator > Orchestrator Server > Tools > Maintenance Mode.
-
Click Add.
The Configure Maintenance Mode dialog box opens.
-
Select the appliance you want to enable orchestration on.
-
Clear Pause Orchestration.
-
Click OK.
-
Click Close.
-
-
Do the following to enable IPSec UDP.
-
Navigate to Configuration > Security > IPSec Key Rotation.
The Schedule IPSec Key Rotation dialog box opens.
-
Select Enable Key Rotation, and then click Save.
-
-
Open a customer case for TAC to shut down and decommission the cloud Orchestrator. For more information on contacting TAC, see Working with Support.
-
Notify TAC when the migration is complete. TAC will delete the Cloud Orchestrator.
Move or Restore Orchestrator Using a Backup
You may want to restore a new Orchestrator for a variety of reasons, including resizing or moving between virtual machines. Complete the following steps to restore Orchestrator from an existing Orchestrator backup.
NOTE: We recommend you review the release notes specific to the Orchestrator version that you are running in your network before you move or restore Orchestrator using a backup. You can download the release notes from the Silver Peak Technical Support Portal.
NOTE: The following steps require you to know if your VM is running Rocky Linux. To determine if your VM is running Rocky Linux, SSH into the VM and run ‘cat /etc/redhat-release’.
WARNING: If you are not moving the IP address of the existing Orchestrator VM to the new Orchestrator VM, you must verify connectivity between the Cloud Portal and all appliances before you begin. When Orchestrator is moved to a new VM, the new VM’s management IP address will be pushed to all appliances via the Cloud Portal. Appliances will only be able to reach Orchestrator via the Cloud Portal until they receive the new management IP.
-
Deploy a new instance of Orchestrator on a new VM and upgrade Orchestrator to the exact same version as your current Orchestrator.
-
You can use the setup CLI utility to configure the new Orchestrator as you would for a new deployment. Go to Configure Orchestrator Using the CLI Utility for more information.
-
Take a manual backup of your current Orchestrator (Orchestrator > Software & Setup > Backup > Backup Now).
-
SSH into the new Orchestrator and log in as admin. (This step assumes that you have completed the initial configuration steps as explained in Configure Orchestrator Using the CLI Utility).
-
Copy the backup file from your remote server to your new Orchestrator using one of the following steps depending on the type of server you are using:
-
If your new Orchestrator is running Rocky Linux, do one of the following:
-
Remote SCP server: Enter the following command on the SCP server (you might need to omit
-O
if your Unix server does not support this parameter) or use WinSCP as an intermediary.sudo scp -O /path/to/<backupfilename.zip> admin@<new-Orch-IP>:/home/admin/
-
Remote FTP server: Enter the following command on the new Orchestrator.
sudo curl ftp://<remote_server_IP>/path/to/<backupfilename.zip> -u <username> -O /home/admin/<backupfilename.zip>
-
-
If your new Orchestrator is not running Rocky Linux, do one of the following:
-
Remote SCP server: Enter the following command on the SCP server (you might need to omit
-O
if your Unix server does not support this parameter) or use WinSCP as an intermediary.sudo scp -O /path/to/<backupfilename.zip> admin@<new-Orch-IP>:/home/gms/gms.zip
-
Remote FTP server: Enter the following command on the new Orchestrator.
sudo curl ftp://<remote_server_IP>/path/to/<backupfilename.zip> -u <username> -O /home/gms/gms.zip>
-
-
-
If the new Orchestrator is running Rocky Linux, enter the following command after the file transfer is completed.
sudo mv /home/admin/<backupfilename.zip> /home/gms/gms.zip
-
Enter the following command to change the ownership of the backup file on the new Orchestrator.
sudo chown gms.gms /home/gms/gms.zip
-
Shut down your current Orchestrator.
-
SSH as Admin into the new Orchestrator and do the following:
-
If you are running release 9.1.9, 9.2.10, 9.3.3, 9.4.x, or later, enter the following:
whoami
If the response is not
gms
, enter the following, and then provide the admin password.sudo su - gms
-
Switch to the root user and stop the Orchestrator service:
$
su
#
service gms stop
-
Log out of root and run the restore script:
#
exit
$
/home/gms/gms/setup/restore.sh 2>&1 | tee /tmp/restorelog
-
Switch to the root user and start the Orchestrator service:
$
su
#
service gms start
-