Hi,

Please note that not only that the name of the script was changed from migrate to migrate_server, but the entire management upgrade mechanism is new. Some of the benefits of the new upgrade mechanism can be found in this post.

Indeed the export file is smaller, there are two main reasons for that. First, only the latest revision is being upgraded and not the entire database as before. In future versions we may change that and allow upgrade of several revisions. Also, migrate export takes all data files from the database, while migrate_server introduced an optimization and takes only the required part of the data.   

Regarding to the upgrade process, we have plans to reduce the upgrade time in upcoming versions. A new HTML report was introduced, it shows the progress and status of the upgrade. The upgrade report helps us to get visibility for what took the major time, and improve. If you agree to share with us the report we could also learn from it.

Regarding upgrade logs, from R80.40 the new upgrade mechanism collects all upgrade logs by default. Once upgrade process is finished, either successfully or with a failure, all upgrade logs (including the HTML report) are being stored in the management server under /var/log/.

• /var/log/upgrade-export.<time stamp>.tgz
• /var/log/upgrade-import.<time stamp>.tgz

Indeed one of the great benefits of the new upgrade mechanism is the updatable upgrade tools package, which allows faster delivery of fixes and enhancements, independently from regular maintain release. Soon we will introduce an improved UI to the advanced upgrade (via CLI), it will be released as part of the updatable upgrade tools package. A video is attached.

Thanks,

Itai

Can you please confirm how to use this command and exclude the logs and then index files.  When I ran this command it took three days to finish which is not practical.

In a MDS environment we almost need a two step approach.  Step 1 would be to migrate the the main database quickly into a R81 server; step 2, a secondary process to then important the close logs files; which would need to be re-indexed somehow.

I do have a TAC case open, so lets see what the feed back is.

Precisely which command?
migrate_server does not get logs by default, as far as I know.
You can copy the log files over separately and force a reindex.

Correct, migrate_server does not migrate logs by default. 

To migrate logs run migrate_server with '-l', to index run with '-x',  

Just attempted to run the migrate_server command on on my Secondary MDS but the verification has failed; I assume that there should be no reason why this should not work?

Here's the message I received when running the verify.

 # $MDS_FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81
Verification failed:
1. Upgrade operation is not supported in current configuration. Make sure that Global Domain Management Server is in active state and primary and try again.

The above suggests the 'migrate_server' command cannot be used on a secondary MDS.

Believe I found the problem, looks like the MDS though it was active rather then standby.

cpprod_util FwIsActiveManagement !! View current status; 1 is Active, 0 is Standby
Status reported was 1 when it should be 0

cpprod_util FwSetActiveManagement 0

# $MDS_FWDIR/scripts/migrate_server verify -skip_upgrade_tools_check -v R81
The verify operation finished successfully.

I suspect the command provided included -l which would explain allot.  I will rerun with no parameter (as per the video).

You also mentioned force re-index, is this done automatically (perhaps after a reboot or stopping/starting services) or is there a specific command to run per CMA or at a MDS level?

Is it possible to watch the upgrade_report-<xxxxx>.html report in real-time?

Hi,

Can you please elaborate on the log file size and the machine HW (CPU, memory, etc)?

Also, Can you specify the task ID? I would like to follow.

Thanks in advance,

Ido S.

(SmartEvent and Logging team)

Second try 🙂

Thanks in advance,

Ido S.

(SmartEvent and Logging team)

Just attempted to migrate a R80.30 SMS to R81 (VM LAB).  Using the latest migration tool I found that the R81 tools for some reason is not exporting the data correct, at least this is what I think.

The migrate tool produced a file size of 60MB when using R81 as the target version.

On the LAB running the verify all succeeds, but the FWM process terminates when the process hits 4% (which just sits their).  If you do a find / -name migration_had_failed   notice this file was created which implies the migration process had failed and this is why the FWM process terminated (delete this file and then cprestart).

I have engaged TAC on this but still waiting on some real feed back from them (been over 24hrs).

In the mean time I followed the same process for R80.40 and this just worked!  The conclusion here is the migration tool used for R81 is not correctly exporting the data from the SMS.  File size on the exported file was 208MB.

Are you doing this with migrate export or migrate_server? 

migrate_server.

TAC have not even started to look at this yet, but will pass Itai the Ticket reference.

Hi, 

'migration_had_failed' file is being created in case upgrade fails. The purpose is to make sure users will not start working on the system which wasn't upgrade successfully.  (this is  done by keeping FWM down). You should not remove migration_had_failed file manually and start the server.

On the next upgrade attempt the upgrade code will remove this file automatically.  

I will be happy to check the failed upgrade to R81. 

Lets take it offline - please email me the upgrade logs and SR #.

Best regards, 

Itai

Itai - can you ping me your email please.  TAC have just asked me for the export file that I uploaded to the sftp on Sunday at the engineers request! (On Sunday).

Sure, its itaim@checkpoint.com

Thanks - pinged you an email.

Itai - not really seen any viable response from TAC yet,  pinged you an email again to see if the CFG task was actually being progressed.  I have noted that the R81 migrate tool has been updated today, will try this to see if the tool has been fixed.