Upgrading from version 4.2.1.5-4.2-4.2.1.8 to version 4.2.1.10 in RPM

This document will guide the users on how to upgrade to version 4.2.1.10 from older 4.2.1.5-4.2.1.8 versions.

The common process is described in the document by this link. Specific steps for OpenIAM version 4.2.1.10 from earlier verions (4.2.1.5 - 4.2.1.8) are given below.

In 4.2.1.9 version of OpenIAM we've updated the RabbitMQ queue types to be resilient for HA. This means that in case your current version of OpenIAM is 4.2.1.8 and lower to operate 4.2.1.10 version you must perform the following manual steps after upgrading.

  1. Once openiam-cli upgrade is completed, run the following commands.
openiam-cli stop
systemctl stop rabbitmq-server
rm -rf /var/lib/rabbitmq/mnesia
systemctl start rabbitmq-server
utils/rabbitmq/re_init_rabbitmq.sh
openiam-cli start
  1. If you don't have re_init_rabbitmq.sh then please create re_init_rabbitmq.sh script in utils/rabbitmq/.

The script content has to be as follows.

#!/bin/bash
set -e
. /usr/local/openiam/env.conf
export VAULT_CERTS="$HOME_DIR/vault/certs/"
export JAVA_HOME="$HOME_DIR/jdk"
export VAULT_HOME="$HOME_DIR/utils/vault/"
. ${VAULT_HOME}validate.vault.sh
export RABBITMQ_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.rabbitmq.password)
if [ -z "$RABBITMQ_PASSWORD" ] || [ "$RABBITMQ_PASSWORD" == "null" ]; then
echo "cannot get vault.secret.rabbitmq.password property from vault"
exit 1;
fi
rabbitmqctl add_vhost openiam_am
rabbitmqctl add_vhost openiam_idm
rabbitmqctl add_vhost openiam_audit
rabbitmqctl add_vhost openiam_common
rabbitmqctl add_vhost openiam_connector
rabbitmqctl add_vhost openiam_activiti
rabbitmqctl add_vhost openiam_user
rabbitmqctl add_vhost openiam_groovy_manager
rabbitmqctl add_vhost openiam_synchronization
rabbitmqctl add_vhost openiam_ext_log
rabbitmqctl add_vhost openiam_bulk_synchronization
rabbitmqctl add_vhost openiam_reconciliation
rabbitmqctl add_vhost openiam_bulk_reconciliation
rabbitmqctl add_vhost openiam_business_rule
rabbitmqctl add_vhost openiam_machine_learning
rabbitmqctl add_vhost openiam_sas
rabbitmqctl add_user openiam $RABBITMQ_PASSWORD
rabbitmqctl set_user_tags openiam administrator
rabbitmqctl set_permissions -p openiam_am openiam "." "." "."
rabbitmqctl set_permissions -p openiam_idm openiam "." "." "."
rabbitmqctl set_permissions -p openiam_audit openiam "." "." "."
rabbitmqctl set_permissions -p openiam_common openiam "." "." "."
rabbitmqctl set_permissions -p openiam_connector openiam "." "." "."
rabbitmqctl set_permissions -p openiam_activiti openiam "." "." "."
rabbitmqctl set_permissions -p openiam_user openiam "." "." "."
rabbitmqctl set_permissions -p openiam_groovy_manager openiam "." "." "."
rabbitmqctl set_permissions -p openiam_synchronization openiam "." "." "."
rabbitmqctl set_permissions -p openiam_ext_log openiam "." "." "."
rabbitmqctl set_permissions -p openiam_bulk_synchronization openiam "." "." "."
rabbitmqctl set_permissions -p openiam_reconciliation openiam "." "." "."
rabbitmqctl set_permissions -p openiam_bulk_reconciliation openiam "." "." "."
rabbitmqctl set_permissions -p openiam_business_rule openiam "." "." "."
rabbitmqctl set_permissions -p openiam_machine_learning openiam "." "." "."
rabbitmqctl set_permissions -p openiam_sas openiam "." "." "."
  1. Afterwards, run the following command.
chmod +x re_init_rabbitmq.sh

and to run it

./re_init_rabbitmq.sh
  1. Check all the services are up and running, by running the following command.
openiam-cli status
  1. Once all the services are up and running, login to OpenIAM and navigate to Administration > About OpenIAM.

The build version must be updated to 4.2.1.10.

Note that you must update connectors and .net connectors if you use newer versions of the product. It is recommended to use the latest connector version. All .NET/PS connectors versions as at 5.24.0.0 version are backward compatible, hence updating it will not disrupt operation of OpenIAM versions 4.2.0 and higher.