Table of Contents
Direct upgrades from 3.0.x and older are no longer supported on 4.1. If you are still running one of those, either on servers or nodes, please first upgrade to one of the supported versions above, and then upgrade to 4.1.
Migration from 3.1, 3.2 or 4.0 are supported, so you can upgrade directly to 4.1.
![[Warning]](common/images/admon-icons/warning.png){kind=icon} | Warning |
|---|---|
|
In Rudder 4.0, we changed the default communication protocol between agent and server, but still stay compatible with the old protocol. Hence, you can perfectly keep using pre-4.0 agents with a 4.0 or 4.1 server. However, some networking issues may appear when using 4.0 or 4.1 agents with older servers with the reverse DNS lookup option disabled in the settings (Security → Use reverse DNS lookups on nodes to reinforce authentication to policy server). Therefore, you need to upgrade your server to 4.1 before upgrading the nodes so that the configuration distributed to the nodes include the use of the new protocol. |
![[Caution]](common/images/admon-icons/caution.png){kind=icon} | Caution |
|---|---|
|
In Rudder 4.1, we changed the name of /opt/rudder/etc/ssl/rudder-webapp.crt to /opt/rudder/etc/ssl/rudder.crt and the name of /opt/rudder/etc/ssl/rudder-webapp.key to /opt/rudder/etc/ssl/rudder.key. These certificates are used for Rudder internal implementation, but if you are using them for anything else, please update the paths to the files. For example, if you were using these certificates for configuring sasl in slapd with: TLSCertificateFile /opt/rudder/etc/ssl/rudder-webapp.crt TLSCertificateKeyFile /opt/rudder/etc/ssl/rudder-webapp.key Then, you now need to use: TLSCertificateFile /opt/rudder/etc/ssl/rudder.crt TLSCertificateKeyFile /opt/rudder/etc/ssl/rudder.key |
Rudder agent 4.0.x are fully compatible with Rudder server 4.1.x. It is therefore not strictly necessary to update your agents to 4.1.x.
Rudder agent 3.1.x and 3.2.x are compatible with Rudder server 4.1.x, but they do not support the new "Audit" policy mode. It is therefore not strictly necessary to update your agents to 4.0.x, unless you want to be able to use the "Audit" policy mode.
These agents are not compatible with Rudder 4.1, and you have to upgrade them. Be careful to follow the upgrade path explained above.
Rudder 3.1 uses syslog messages over UDP by default for reporting, but if you upgraded your server from a previous version, you will keep the previous setting which uses syslog messages over TCP.
You should consider switching to UDP (in Administration → Settings → Protocol), as it will prevent breaking your server in case of networking or load issues, or if you want to manage a lot of nodes. The only drawback is that you can lose reports in these situations. It does not affects the reliability of policy enforcement, but may only temporarily affects reporting on the server. Read perfomance notes about rsyslog for detailed information.
With Rudder 2.11, there were no relay package and the configuration had to be done by hand.
To migrate a manually installed relay to 3.1 using the package, run the following intructions:
-
Delete the previous Apache configuration file:
-
/etc/httpd/conf.d/rudder-default.conf fileon RHEL-like -
/etc/apache2/sites-enabled/rudder-defaultfile on Debian-like -
/etc/apache2/vhosts.d/rudder-default.conffile on SuSE
-
- Install the relay package named rudder-server-relay.
This is enough to replace the relay configuration, and no change is needed on the root server.
