View Source

The migration from opFlow 2 to 3 cannot be totally seamless, because opFlow 3 uses the database differently and relies on a different flow collection tool. This document briefly describes the recommended procedure for such an upgrade.

switch off the 'flowd' data collector
opFlow 3 uses 'nfdump/nfcapd' as collector, and the old flowd collector interferes with that and needs to be retired.
sudo service flowd stop sudo chkconfig --del flowd
shut down 'opflowd'
It is very inadvisable to modify the database while opflowd is running.
sudo service opflowd stop
drop the old incompatible database (optional: after a backup/export)
opFlow 3 uses a different database layout, and existing data won't work with the new application; depending on your configuration it will be required to remove the conflicting data.
1. Open the old configuration file /usr/local/opmantek/conf/opFlow.nmis and look for db_name.
  If the database is called "opFlow", it SHOULD be removed.
  If it is called "flows", it MUST be removed prior to upgrading to opFlow 3 (as opFlow 3 uses that database name by default).
  If it is called "nmis", then it MUST NOT be removed, but certain collections within it SHOULD be dropped.
2. Export the database for backup. You find instructions for this operation on the MongoDB Data Migration, Backup and Restore page.
3. Connect to the database server
  You need to connect to your mongoDB server using the mongo client, with username and password as given in your opFlow.nmis config file:
  # if your installation uses the default username and password: mongo -u opUserRW -p op42flow42 admin > show dbs admin 0.078GB local 0.078GB nmis 0.078GB opFlow 14.071GB >
- Drop the whole database or drop only the flow-related collections
  To drop the whole "opFlow" database, issue the following commands: "use opFlow" and "db.dropDatabase();" - if the db is named differently, substitute the correct name in the use statement.
  To drop just the relevant collections (primarily required if the database is called "nmis"), issue these commands instead:
  use nmis db.conversations.drop(); db.customapps.drop(); db.endpoints.drop(); db.flows.drop(); db.iana.drop(); db.reportConfig.drop(); db.reportData.drop(); db.sites.drop(); db.sumCache.drop();
disable all opFlow 2 cron jobs
The opFlow 3 installer will recreate suitable cron entries; until that stage is reached any jobs for opFlow 2 need to be disabled.
sudo rm -f /etc/cron.d/opflow
If you have any opFlow-related cron entries in root's crontab, comment those out as well:
sudo crontab -u root -e # ... and use the editor to remove or comment out anything matching "opflow"
download and run the opFlow 3 installer
You find the opFlow download on the Opmantek website. opFlow 3 ships as self-extracting interactive installer: simply download the run file, then tell your shell to execute it and you will be guided through the installation steps.
adjust either your flow exporters or the nfdump flow collector to use a suitable UDP port
opFlow 2 installation generally defaulted to using UDP port 12345 for receiving flow data; opFlow 3 uses nfdump and the currently more common port 9995.
You should check the old /usr/local/etc/flowd.conf file for the "Listen" directives, e.g. listen on 0.0.0.0:12345.
If the old installation did use a port other than 9995, then you have to decide whether you'd like to change your flow exporters to use the new port or change the nfdump configuration to use the "old" port. To adjust the nfdump configuration, edit /etc/sysconfig/nfdump (CentOS/RedHat) or /etc/default/nfdump (Debian/Ubuntu) after the opFlow 3 installation has completed, then restart the collector using sudo service nfdump restart.
optional: remove the old opFlow installation
Unless you are using other legacy products (e.g. opMaps, opReports 2.x, opConfig 1.x), you can remove /usr/local/opmantek completely.
If this is an Opmantek VM Appliance, you may also remove /data/opflow: the new nfdump flow capture infrastructure uses /var/lib/nfdump for capture files.