Frontend Update

Information

• Frontend is responsible for: communication with Orchestrator(s), Accept deltas, Prepare Model, Control switches on LAN, Get all configuration from all DTNs/Agents. Minimum one Frontend is required for a single domain.

• Installation type supported: Docker, Podman, Kubernetes
• Certificates: Frontend requires cert, key certificates for its services. (Let’s Encrypt/InCommon)
• Networking: Frontend requires some ports open (Can be limited to a specific list of nodes. See list here

SiteRM-FE Installation First time (Docker/Podman)

• Prerequisites:
  • Make sure you have docker/podman installed and service is up and running.
  • Configuration files are present in Git Repo for your Site (Take a note of SiteName and MD5 Hash for Frontend Service). MD5 is optional - and if not specified, SiteRM will compute md5(hostname) by default
  • You have Certificate, Key generated.
• Clone the following repo: https://github.com/sdn-sense/siterm-startup
• It is recomended to use stable tag version. master branch is used as a developement. Look at Readme file here to identify stable version. Use git fetch --all --tags and git checkout <tag>
• Modify FE Contig File in cloned repo, path:fe/conf/etc/siterm.yaml and specify the SiteName and MD5 parameters for Frontend (based on your mapping.yalm file).
• Modify Environment file in cloned repo, path:fe/conf/environment and change MARIA_DB_PASSWORD. This can be anything secure and should not change between redeployments.
• Prepare ansible configuration file at fe/conf/etc/ansible-conf.yaml. For more details, see Supported network devices page
• Copy Certificates to correct location:
  • Certificate - copy to fe/conf/etc/httpd/certs/cert.pem and fe/conf/etc/grid-security/hostcert.pem
  • Key - copy to fe/conf/etc/httpd/certs/privkey.pem and fe/conf/etc/grid-security/hostkey.pem
• Start the service: cd fe/docker/ && ./run.sh -i latest
• NOTE -i (image) is latest (most stable image).
• NOTE If your network device use only IPv6 for access, add -n host parameter to Start the service command. Full command will be: cd fe/docker/ && ./run.sh -i latest -n host

SiteRM-FE Upgrade (Docker/Podman)

Please check the Release Notes for any configuration changes required for the new version before upgrading.

Upgrading from 1.6.0 or later

Pull the latest image and restart:

cd fe/docker/ && ./restart-new-image.sh -i latest

If you started the service with -n host, include that flag here too.

Upgrading from 1.5.x or older

The siterm-startup directory structure changed in 1.6.0 (certificate paths, mount names). A simple git pull is not sufficient — re-clone the repo and migrate your configuration:

1. Contact the SENSE team to cancel all active services for your site first.

2. Clean the Frontend config and database state (inside the container or on the host volume):

   rm -rf /opt/siterm/config/mysql/
   rm -rf /opt/siterm/config/*
   

3. Re-clone siterm-startup and migrate config:

   mv siterm-startup siterm-startup-old
   git clone https://github.com/sdn-sense/siterm-startup
   
   cd siterm-startup/fe/conf/etc/
   cp ~/siterm-startup-old/fe/conf/etc/siterm.yaml siterm.yaml
   # Certificates are now under secret-mount/ with new filenames
   cp ~/siterm-startup-old/fe/conf/etc/grid-security/hostcert.pem secret-mount/tls.crt
   cp ~/siterm-startup-old/fe/conf/etc/grid-security/hostkey.pem secret-mount/tls.key
   

4. Stop and remove old containers and volumes, then start fresh:

   docker ps -a
   docker stop <old-container-ids>
   docker rm <old-container-ids>
   docker volume ls
   docker volume remove <old-volume-names>
   
   cd ../../docker/
   ./restart-new-image.sh -i latest
   

5. Create the initial admin user (inside the Frontend container):

   siterm-usertool create <USERNAME>
   # Enter a strong password when prompted (minimum 12 characters)
   

6. Verify the Web UI is accessible and the status panel (top right) shows all services as Ready. See Common Issues if not.

SiteRM-FE Installation First time (Kubernetes cluster with Helm)

• Prerequisites:
  • Make sure you have Kubernetes cluster installed. You will need to have Kubernetes config and know namespace you want to use for deployment.
  • Configuration files are present in Git Repo for your Site (Take a note of SiteName and MD5 Hash). MD5 is optional - and if not specified, SiteRM will compute md5(hostname) by default
  • You have Certificate, Key available and valid (or you can use HELM Chart Certificate section if have cert-manager available).
• Get the following override values file: values.yaml
• Modify the downloaded file and specify the SiteName and MD5 parameters for that Specific Frontend and or any other parameters needed, e.g. Certificate Issuer details.
• If done first time, install helm repo: helm repo add siterm https://sdn-sense.github.io/helm-charts
• Update to latest helm repo charts: helm repo update
• Install the helm chart on your Kubernetes cluster: helm install siterm siterm/siterm-fe -f values.yaml

SiteRM-FE Upgrade (Using Kubernetes with Helm)

• Please look for any changes required to support new release here: Release Notes
• Update to latest helm repo charts: helm repo update
• Modify the values.yaml file with new parameters or changes as per new release. (if needed)
• Upgrade the helm chart on your Kubernetes cluster: helm upgrade siterm siterm/siterm-fe -f values.yaml

Note for sites upgrading from 1.5.x: Remove the haproxy-ingress.github.io/ssl-passthrough: "true" annotation from your Frontend ingress values if present — it is no longer needed and causes issues. Also clean the Frontend config before starting: rm -rf /opt/siterm/config/mysql/ && rm -rf /opt/siterm/config/*. After upgrade, create an admin user inside the Frontend container: siterm-usertool create <USERNAME> (minimum 12-character password).

Check if services are running correctly

After an upgrade, confirm the Frontend is healthy before informing the SENSE team:

# Docker/Podman — enter the container
docker exec -it siterm-fe bash

# Run health checks
siterm-readiness
siterm-liveness

# Kubernetes
kubectl exec -n sense <siterm-fe-pod> -- siterm-readiness
kubectl exec -n sense <siterm-fe-pod> -- siterm-liveness

Verify the Web UI is accessible at https://<your-frontend-fqdn>:<port> and the topology and model sections load correctly.

Check the release notes for any configuration changes required for the new version: Release Notes.

See SiteRM Operations for full details on CLI commands and monitoring.