Installing and Upgrading PCA

Overview

This procedure describes how to install or upgrade TOS application extensions.

Upgrades

To upgrade an existing extension, download and install the latest version. You do not need to uninstall the existing version.

Upgrades to Policy Change Automation App for Cisco ACI (PCA) provide newly-supported features, bug fixes, and integrate changes from TOS.

  • Backward Compatibility: This extension is tested for backwards compatibility with the current and two previous versions of TOS.

  • Support and Bug Fixes:

    • Tufin provides customer support for the most recent version of this extension.

    • If there are issues related to TOS as well, support is provided if you are on the current version, or one of the previous two versions of TOS.

    • Bugs fixes are applied only to the latest version of this extension.

To check your current version, click > About.

Before Installation

  • Confirm that you have either a Google Chrome or Mozilla Firefox internet browser.

  • Extensions applications may require additional hardware and resources, depending on utilization. Consider expanding your resources if heavy use of the application is intended.

  • If you are not using TufinOS, we recommend that you open a support ticket for a walkthrough before installing an Extension application for the first time.

  • Ansible AWX or Tower must be installed with the following Cisco modules:

    • aci_epg_to_contract

    • cisco.aci.aci_l3out-extepg_to_contract

  • License for Cisco ACI.

  • In SecureChange, create a user with the permission Create and handle tickets on behalf of another user (via API only) and log into SecureChange with that user.

Install/Upgrade PCA

You can download all installation files from the Customer Portal Download Center, either locally or to a relevant server.

  1. From the Download Center, select the Extension to download.

  2. After downloading the file, log in to the primary data node using SSH.

  3. Create a directory called /opt/extensions, and do the following:

    1. Copy and paste the downloaded installer run file to the directory.

    2. Run the command:

      # sh reportpack-v<VERSION>.k3s.run

PCA is installed on the TOS cluster.

Troubleshooting Installation

Error Message

Next Steps
Error: TOS isn't running

Potential cause: You are not using TufinOS, and the issue may be related to operating system user permissions.

Solution:  Contact Tufin Support for instructions.