Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM
This document will guide the users on how to upgrade to version 4.2.1.10 from older 4.2.1.5-4.2.1.8 versions.
The common process is described in the document by this link. Specific steps for OpenIAM version 4.2.1.10 from earlier versions (4.2.1.5 - 4.2.1.8) are given below.
In 4.2.1.9 version of OpenIAM we've updated the RabbitMQ queue types to be resilient for HA. This means that in case your current version of OpenIAM is 4.2.1.8 and lower to operate 4.2.1.10 version you must perform the following manual steps after upgrading.
- Once
openiam-cli upgradeis completed, run the following commands.
openiam-cli stopsystemctl stop rabbitmq-serverrm -rf /var/lib/rabbitmq/mnesiasystemctl start rabbitmq-serverutils/rabbitmq/re_init_rabbitmq.shopeniam-cli start
- If you don't have
re_init_rabbitmq.shthen please createre_init_rabbitmq.shscript inutils/rabbitmq/.
The script content must be as follows.
#!/bin/bashset -e. /usr/local/openiam/env.confexport VAULT_CERTS="$HOME_DIR/vault/certs/"export JAVA_HOME="$HOME_DIR/jdk"export VAULT_HOME="$HOME_DIR/utils/vault/". ${VAULT_HOME}validate.vault.shexport RABBITMQ_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.rabbitmq.password)if [ -z "$RABBITMQ_PASSWORD" ] || [ "$RABBITMQ_PASSWORD" == "null" ]; thenecho "cannot get vault.secret.rabbitmq.password property from vault"exit 1;firabbitmqctl add_vhost openiam_amrabbitmqctl add_vhost openiam_idmrabbitmqctl add_vhost openiam_auditrabbitmqctl add_vhost openiam_commonrabbitmqctl add_vhost openiam_connectorrabbitmqctl add_vhost openiam_activitirabbitmqctl add_vhost openiam_userrabbitmqctl add_vhost openiam_groovy_managerrabbitmqctl add_vhost openiam_synchronizationrabbitmqctl add_vhost openiam_ext_lograbbitmqctl add_vhost openiam_bulk_synchronizationrabbitmqctl add_vhost openiam_reconciliationrabbitmqctl add_vhost openiam_bulk_reconciliationrabbitmqctl add_vhost openiam_business_rulerabbitmqctl add_vhost openiam_machine_learningrabbitmqctl add_vhost openiam_sasrabbitmqctl add_user openiam $RABBITMQ_PASSWORDrabbitmqctl set_user_tags openiam administratorrabbitmqctl set_permissions -p openiam_am openiam "." "." "."rabbitmqctl set_permissions -p openiam_idm openiam "." "." "."rabbitmqctl set_permissions -p openiam_audit openiam "." "." "."rabbitmqctl set_permissions -p openiam_common openiam "." "." "."rabbitmqctl set_permissions -p openiam_connector openiam "." "." "."rabbitmqctl set_permissions -p openiam_activiti openiam "." "." "."rabbitmqctl set_permissions -p openiam_user openiam "." "." "."rabbitmqctl set_permissions -p openiam_groovy_manager openiam "." "." "."rabbitmqctl set_permissions -p openiam_synchronization openiam "." "." "."rabbitmqctl set_permissions -p openiam_ext_log openiam "." "." "."rabbitmqctl set_permissions -p openiam_bulk_synchronization openiam "." "." "."rabbitmqctl set_permissions -p openiam_reconciliation openiam "." "." "."rabbitmqctl set_permissions -p openiam_bulk_reconciliation openiam "." "." "."rabbitmqctl set_permissions -p openiam_business_rule openiam "." "." "."rabbitmqctl set_permissions -p openiam_machine_learning openiam "." "." "."rabbitmqctl set_permissions -p openiam_sas openiam "." "." "."
- Afterwards, run the following command.
chmod +x re_init_rabbitmq.sh
and to run it
./re_init_rabbitmq.sh
- Check all the services are up and running, by running the following command.
openiam-cli status
- Once all the services are up and running, login to OpenIAM and navigate to Administration > About OpenIAM.
The build version must be updated to 4.2.1.10.
Note that you must update connectors and .net connectors if you use newer versions of the product. It is recommended to use the latest connector version. All .NET/PS connectors versions as at 5.24.0.0 version are backward compatible, hence updating it will not disrupt operation of OpenIAM versions 4.2.0 and higher.