Stage 3: Migration
  • Dark
    Light
  • PDF

Stage 3: Migration

  • Dark
    Light
  • PDF

Use these commands and scripts to complete the migration process.

  1. Run the following for Tags.

    # cd /opt/pronghorn/current/node_modules/@itential/tags/migration_scripts
    # node migrateTagRefs.js
    
  2. Audit (confirm) all Template Builder security dependencies (chroot, sudo, ldd) are installed and tested. These security dependencies are required for Template Builder to execute Jinja2 templates in a contained context.

    For more information, see Template Builder Dependencies in the IAP Installation guide.

  3. Install the shell utilities.

    yum -y install sudo chroot ldd
    
  4. Verify the user that is used to run the server (usually pronghorn) is permitted to run sudo chroot without a password prompt. An example command which accomplishes this is shown below, but the system admin is expected to tailor this command to their environment. As long as the server is permitted to run chroot through sudo without a password prompt, Template Builder can sandbox Jinja2 template execution.

    echo "pronghorn ALL=(ALL) NOPASSWD: $(command -v chroot)" >> /etc/sudoers
    
  5. Make sure Template Builder is permitted to copy in all dependencies required by Python. These dependencies are the output of the ldd command, as well as all paths in Python's internal sys.path constant. If file permissions prevent Template Builder from copying these files into its chroot jail directory, Python will not be able to execute within the sandbox subshell and Template Builder will execute in an insecure mode.

  6. Verify IAP is running and examine the logs.

    • Template Builder will report that it is creating a sandbox directory for Jinja2 template execution, and when it is finished, it will report either success or failure.

    • Once Template Builder has finished initializing the sandbox directory, run a Jinja2 template.

    • Examine the server logs and look to make sure there are no warnings stating that Jinja2 execution is running in an insecure mode.

  7. Run index validation and confirm the latest indexing metrics.

    • Login to IAP and confirm you are able to view job details from the Jobs dashboard within Operations Manager.

    Figure 1: Jobs in Operations Manager
    03-OpsManager-Jobs.png

    ⚠ If there are no job details and you get a Run Indexing Alert, resolve using the link below.

    How To Fix Indexing For
    Release 2021.2.x
    Release 2021.1.x

    Figure 2: Indexing Alert
    01-jobsIndexing-alert.png

  8. Navigate to the Job Details view to update and migrate jobs. This step uses a Just-in-Time (JIT)/ OnDemand migration strategy, which puts job migration into the getJobDetails API. This means whenever a user displays the Job Details page, job migration occurs only when needed.

  9. Confirm the Start Date, End Date and Assignee details are updated.

    Figure 3: Menu Button to View Job Details
    02-viewJobDetails.png


Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.