Installing, Upgrading, and Uninstalling

Before installing and starting to work with Policy Change Automation for Cisco ACI (PCA), review the prerequisites.

Install

You may need to install a new version of PCA in these cases:

  • You are installing PCA on a new environment.

  • You uninstalled PCA.

  • You need to upgrade to a TOS Aurora version that requires a new installation.

  1. Log in using SSH to the SecureChange server.

  2. Copy the installer file to the root directory (/root).

  3. Go to the folder and run the installer file:

    # sh pca-v<VERSION>.k3s.run

PCA is installed in the TOS Aurora cluster on the data node.

Upgrade

Upgrades to Policy Change Automation App for Cisco ACI (PCA) provide newly-supported features, bug fixes, and integrate changes from TOS Aurora.

  • Backward Compatibility: This extension is tested for backwards compatibility with current version, and the two previous versions, of TOS Aurora.

  • Support and Bug Fixes: Tufin provides customer support for the most recent version of this extension. If there are issues related to TOS Aurora as well, support will be provided if you are on the current version, or one of the previous two versions, of TOS Aurora. Bugs fixes are applied in the latest version of the this extension only.

To check your current version, click > About.

To upgrade PCA, install the latest version on the server where the older version is installed. There is no need to uninstall your existing version first.

  1. Navigate to Policy Change Automation for Cisco ACI.

  2. Click to log in to the Tufin portal.

    3. After logging in, a pop-up appears with version information for the extension and the supported TOS versions.

  3. Click .

    The End User License Agreement dialog box appears.

  4. Select the check box and click I accept the terms in the license agreement.

  5. When the installation file finishes downloading, use SSH to log in to the TOS Aurora server.

  6. Copy the installation file to /opt/extensions.

  7. Run the command:

    # sh pca-v<VERSION>.k3s.run

Upgrade Tufin Orchestration Suite

If you are also upgrading Tufin Orchestration Suite (TOS), upgrade TOS and then upgrade PCA. See Tufin Extensions (formerly Marketplace) Lifecycle to verify that your extension version will run with your TOS version.

Uninstall

You may need to uninstall Policy Change Automation App for Cisco ACI to save resources such as disk space and memory. You cannot temporarily deactivate the extension.

Uninstalling PCA is a simple process – running a command in the SecureChange server. This stops the service; however, Tufin retains settings and other records required by the extension.

If you want to remove this information, contact Tufin support.

  1. Log in using SSH to the SecureChange server.
  2. Go to the root directory and run the following command:

    3. # sh pca-v<VERSION>.k3s.run --uninstall