Powered by Algolia

    Upgrading from versions 4.2.1.x to version 4.2.1.14 in RPM

    The upgrading process to the newest OpenIAM version of 4.2.1.14 is simple and straightforward, following the steps below.

    Internet-based upgrade

    As a pre-requisite please ensure the following utilities are installed on the server:

    • wget;
    • unzip;
    • tar;
    • curl.
    1. Update version in configuration by modifying the env.conf file to specify the upgrade versions.
    vi /usr/local/openiam/env.conf

    Update the following variables:

    export UPGRADE_TO_VERSION="4.2.1.14"
    export VAULT_VERSION_UPGRADE="1.18.1"
    1. Run the upgrade script by executing the upgrade command.
    openiam-cli upgrade

    Non-internet-based upgrade

    As a pre-requisite please ensure the following utilities are installed on the server:

    • wget;
    • unzip;
    • tar;
    • curl.
    1. Update version in the env.conf file to specify the upgrade versions:
    vi /usr/local/openiam/env.conf

    Update the following variables:

    export UPGRADE_TO_VERSION="4.2.1.14"
    export VAULT_VERSION_UPGRADE="1.18.1"
    1. Download required files manually and place them in the /usr/src/ directory.
    cd /usr/src/
    

    wget -P /usr/src/ https://releases.hashicorp.com/vault/1.18.1/vault_1.18.1_linux_amd64.zip
    

    curl -o openiam-4.2.1.14.noarch.x86_64.rpm https://download.openiam.com/release/enterprise/4.2.1.14/rpm/openiam-4.2.1.13.noarch.x86_64.rpm
    

    wget https://download.openiam.com/release/enterprise/4.2.1.14/binaries/frontend.tar.gz
    

    wget https://download.openiam.com/release/enterprise/4.2.1.14/binaries/backend.tar.gz
    Note: If there is a disk space issue in the "/" partition, change the "/usr/src/" location to another partition with sufficient space and update the script accordingly.
    1. Run the upgrade script with the upgrade command as follows.
    openiam-cli upgrade
    Note: If the upgrade script has a different name, update it in the following location before executing.
    vi /bin/openiam-cli
    1. The current upgrade.sh script will work smoothly only if database is installed locally. However, if you are using an external database like MsSQL/Postgres/Oracle/MySQL, then manual update is required in the script for Flyway commands. We will provide the updated upgrade.sh script in OpenIAM version 4.2.1.15 and further you will only need to change parameters (export FLYWAY_DATABASE_TYPE="mysql") in env.conf as per your database name.

    However, for current upgrade, please use the script given below.

    Pre-requisite. Ensure the following environment variables are set in env.conf before running upgrade.sh.

    export FLYWAY_ACTIVITI_PORT=
    export FLYWAY_ACTIVITI_HOST=
    export FLYWAY_OPENIAM_PORT=
    export FLYWAY_OPENIAM_HOST=
    export FLYWAY_DATABASE_TYPE=" "
    Note: For customers who have changed the database names from the default ones, please also set the following variables accordingly.
    • export FLYWAY_OPENIAM_DATABASE_NAME=
    • export FLYWAY_ACTIVITI_DATABASE_NAME=

    The updated script for non-internet-based upgrade can be found in the Appendix below.

    Note: You must update connector if you use newer versions of the product. It is recommended to use the latest connector version.

    All .NET/PS connectors versions as at 5.24.0.0 version are backward compatible, hence updating it will not disrupt operation of OpenIAM versionAs 4.2.0 and higher.

    Appendix

    Below, there is a code for non-internet-based upgrade script. Please, run it manually in case you are using the external database like MsSQL/Postgres/Oracle/MySQL.

    #!/bin/bash
    #### THIS IS OPENIAM UPGRADE SCRIPT
    ####  Before running this script set UPGRADE_TO_VERSION and FLYWAY_DATABASE_TYPE in the env.conf
    

    #set -e
    set -x
    . /usr/local/openiam/env.conf
    

    if [ -z "$UPGRADE_TO_VERSION" ]; then
       echo "Set 'UPGRADE_TO_VERSION' variable in the env.conf equal to the version you are going to upgrade to"
       exit 1
    fi
    

    CURRENT_VERSION=$(cat ${HOME_DIR}/version)
    

    echo "Upgrading Openiam version from $CURRENT_VERSION to $UPGRADE_TO_VERSION ..."
    

    export VAULT_HOME="$HOME_DIR/utils/vault/"
    export FLYWAY="$HOME_DIR/flyway/flyway"
    export FLYWAY_OPENIAM_USERNAME=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.jdbc.username)
    export FLYWAY_OPENIAM_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.jdbc.password)
    export FLYWAY_ACTIVITI_USERNAME=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.activiti.jdbc.username)
    export FLYWAY_ACTIVITI_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.activiti.jdbc.password)
    

    function downloadfile() {
      if [ -f $HOME_DIR/$1 ]; then
        echo "$1 exists. Remove..."
        rm -rf $HOME_DIR/$1
      fi
    

      curl -k -s -q "https://openiam.com/" > /dev/null
      if [[ "0" == "$?" ]]; then
        echo "Download file $1 from OpenIAM website"
        curl -k -q $2 --output $HOME_DIR/$1
        if [[ "0" == "$?" ]]; then
          return 0
        fi
        echo "Can't download file. Please download file $2 manually to location: $HOME_DIR/$1 and repeat the installation"
        return 1
      else
        echo "Can't route to openiam website. Please download file $2 manually to location: $HOME_DIR/$1 and repeat the installation"
        return 1
      fi
    }
    

    /usr/bin/openiam-cli stop
    

    # Waiting for esb process is exited
    while pgrep -f "/usr/local/openiam/jdk/bin/java -Dlogging.level.org.elasticsearch.client=ERROR -Dlogging.level.root=ERROR -Dlogging.level.org.openiam=ERROR -Dconfpath=/usr/local/openiam -jar -Xmx2048m -Djdk.tls.client.protocols=TLSv1.2 /usr/local/openiam/services/bin/openiam-esb.jar" > /dev/null; do sleep 2; done
    

    echo "ESB Stopped, continue updating..."
    

    REDIS_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.redis.password)
    redis-cli -a $REDIS_PASSWORD flushdb
    redis-cli -a $REDIS_PASSWORD flushall
    

    echo "stopping openiam-vault"
    systemctl stop openiam-vault
    

    # Backup openiam files
    cd $HOME_DIR
    tar -cvf /tmp/openiam-$CURRENT_VERSION-files.tar *
    if [ ! -d $HOME_DIR/backup ]; then
      mkdir $HOME_DIR/backup
    fi
    mv -f /tmp/openiam-$CURRENT_VERSION-files.tar $HOME_DIR/backup/
    

    # Cleanup folders
    rm -rf $HOME_DIR/services/bin/
    rm -rf $HOME_DIR/ui/webapps/
    rm -rf $HOME_DIR/health/*.health
    

    # Download files
    downloadfile backend.tar.gz https://download.openiam.com/${OPENIAM_ENV}/${OIAM_TYPE}/${UPGRADE_TO_VERSION}/binaries/backend.tar.gz
    downloadfile frontend.tar.gz https://download.openiam.com/${OPENIAM_ENV}/${OIAM_TYPE}/${UPGRADE_TO_VERSION}/binaries/frontend.tar.gz
    

    echo "Downloading openiam-$UPGRADE_TO_VERSION.noarch.x86_64.rpm"
    curl https://download.openiam.com/${OPENIAM_ENV}/enterprise/$UPGRADE_TO_VERSION/rpm/openiam-$UPGRADE_TO_VERSION.noarch.x86_64.rpm --output /usr/src/openiam-$UPGRADE_TO_VERSION.noarch.x86_64.rpm
    

    cd /usr/src
    echo "Extracting from openiam-$UPGRADE_TO_VERSION.noarch.x86_64.rpm ..."
    rpm2cpio openiam-$UPGRADE_TO_VERSION.noarch.x86_64.rpm | cpio -idmv
    tar -xvzf /usr/src/tmp/openiam-tmproot/openiam.tar.gz
    

    cd $HOME_DIR
    

    mkdir -p $HOME_DIR/services/bin/
    mkdir -p $HOME_DIR/ui/webapps/
    

    tar -xvf $HOME_DIR/backend.tar.gz --directory=$HOME_DIR/services/bin/
    tar -xvf $HOME_DIR/frontend.tar.gz --directory=$HOME_DIR/ui/webapps/
    chown -R openiam:openiam $HOME_DIR/services/bin/
    chown -R openiam:openiam $HOME_DIR/ui/webapps/
    

    dnf install wget unzip -y
    wget -P /usr/src/ "https://releases.hashicorp.com/vault/${VAULT_VERSION_UPGRADE}/vault_${VAULT_VERSION_UPGRADE}_linux_amd64.zip"
    unzip  /usr/src/vault_${VAULT_VERSION_UPGRADE}_linux_amd64.zip -d /usr/src/
    chmod +x /usr/src/vault
    mv -f /usr/src/vault /usr/bin/vault
    rm -rf "/usr/src/vault_${VAULT_VERSION_UPGRADE}_linux_amd64.zip"
    systemctl start openiam-vault
    

    openiam_jdbc_url=''
    activiti_jdbc_url=''
    db_host_url=''
    

    if ! command -v unzip &> /dev/null; then
      echo "Install unzip"
      dnf install unzip -y
    fi
    

    # Update Janusgraph
    systemctl stop janusgraph
    rm -rf $HOME_DIR/janusgraph
    cp -rf /usr/src/etc/systemd/system/janusgraph.service /etc/systemd/system/
    cp -rf /usr/src/openiam/janusgraph $HOME_DIR/
    chown -R openiam:openiam $HOME_DIR/janusgraph
    systemctl daemon-reload
    systemctl start janusgraph
    

    sleep 5
    ./cassandra_tombstones_issue_fix.sh
    

    if [ "$CURRENT_VERSION" == "4.2.1.2" ]; then
      echo "Update sas lib"
      mkdir -p $HOME_DIR/sas_lib/
      mv $HOME_DIR/services/bin/sas-lib.zip $HOME_DIR/sas_lib/
      unzip -o $HOME_DIR/sas_lib/sas-lib.zip -d /
      chmod 444 /usr/local/Thales/javaapi/bsidkey/Agent.bsidkey
      chmod 766 /usr/local/Thales/javaapi/log
      cp -rf /usr/src/etc/systemd/system/openiam-sas.service /etc/systemd/system/
      systemctl daemon-reload
      rabbitmqctl add_vhost openiam_sas
      rabbitmqctl set_permissions -p openiam_sas openiam ".*" ".*" ".*"
      # $HOME_DIR/utils/sas/init.sh
      # systemctl enable --now openiam-sas.service
    fi
    

    # ---------- NEW DB CONFIG BLOCK BASED ON FLYWAY_DATABASE_TYPE ----------
    if [ -z "$FLYWAY_DATABASE_TYPE" ]; then
      echo "FLYWAY_DATABASE_TYPE not set in env.conf. Exiting..."
      exit 1
    fi
    

    case "$FLYWAY_DATABASE_TYPE" in
      mysql)
        rm -rf "$HOME_DIR/conf/schema/mysql/openiam"
        cp -rf /usr/src/openiam/conf/schema/mysql/openiam "$HOME_DIR/conf/schema/mysql/"
        db_host_url="jdbc:mysql://${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT}"
        openiam_jdbc_url="jdbc:mysql://${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT}/${FLYWAY_OPENIAM_DATABASE_NAME}?autoReconnect=true&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8_general_ci&serverTimezone=UTC"
        activiti_jdbc_url="jdbc:mysql://${FLYWAY_ACTIVITI_HOST}:${FLYWAY_ACTIVITI_PORT}/${FLYWAY_ACTIVITI_DATABASE_NAME}?autoReconnect=true&useUnicode=true&characterEncoding=utf8&connectionCollation=utf8_general_ci&serverTimezone=UTC"
        ;;
      postgres)
        rm -rf "$HOME_DIR/conf/schema/postgres/openiam"
        cp -rf /usr/src/openiam/conf/schema/postgres/openiam "$HOME_DIR/conf/schema/postgres/"
        db_host_url="jdbc:postgresql://${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT}"
        openiam_jdbc_url="jdbc:postgresql://${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT}/${FLYWAY_OPENIAM_DATABASE_NAME}?useUnicode=true&characterEncoding=UTF-8"
        activiti_jdbc_url="jdbc:postgresql://${FLYWAY_ACTIVITI_HOST}:${FLYWAY_ACTIVITI_PORT}/${FLYWAY_ACTIVITI_DATABASE_NAME}?useUnicode=true&characterEncoding=UTF-8"
        ;;
      mssql)
        rm -rf "$HOME_DIR/conf/schema/mssql/openiam"
        cp -rf /usr/src/openiam/conf/schema/mssql/openiam "$HOME_DIR/conf/schema/mssql/"
        db_host_url="jdbc:sqlserver://${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT};encrypt=true;trustServerCertificate=true"
        openiam_jdbc_url="jdbc:sqlserver://${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT};databaseName=${FLYWAY_OPENIAM_DATABASE_NAME};encrypt=true;trustServerCertificate=true"
        activiti_jdbc_url="jdbc:sqlserver://${FLYWAY_ACTIVITI_HOST}:${FLYWAY_ACTIVITI_PORT};databaseName=${FLYWAY_ACTIVITI_DATABASE_NAME};encrypt=true;trustServerCertificate=true"
        ;;
      oracle)
        rm -rf "$HOME_DIR/conf/schema/oracle/openiam"
        cp -rf /usr/src/openiam/conf/schema/oracle/openiam "$HOME_DIR/conf/schema/oracle/"
        if [ ! -z "$FLYWAY_ORACLE_SID" ]; then
          openiam_jdbc_url="jdbc:oracle:thin:@${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT}:${FLYWAY_ORACLE_SID}"
          activiti_jdbc_url="jdbc:oracle:thin:@${FLYWAY_ACTIVITI_HOST}:${FLYWAY_ACTIVITI_PORT}:${FLYWAY_ORACLE_SID}"
          cp "${FLYWAY_UTIL_HOME}oracle.sid.properties.m4" "${FLYWAY_UTIL_HOME}${FLYWAY_DATABASE_TYPE}.properties.m4"
        elif [ ! -z "$FLYWAY_ORACLE_SERVICE_NAME" ]; then
          openiam_jdbc_url="jdbc:oracle:thin:@${FLYWAY_OPENIAM_HOST}:${FLYWAY_OPENIAM_PORT}/${FLYWAY_ORACLE_SERVICE_NAME}"
          activiti_jdbc_url="jdbc:oracle:thin:@${FLYWAY_ACTIVITI_HOST}:${FLYWAY_ACTIVITI_PORT}/${FLYWAY_ORACLE_SERVICE_NAME}"
          cp "${FLYWAY_UTIL_HOME}oracle.service.properties.m4" "${FLYWAY_UTIL_HOME}${FLYWAY_DATABASE_TYPE}.properties.m4"
        else
          echo "Oracle SID or Service Name not set. Exiting..."
          exit 1
        fi
        ;;
      *)
        echo "Unsupported FLYWAY_DATABASE_TYPE: $FLYWAY_DATABASE_TYPE. Exiting..."
        exit 1
        ;;
    esac
    

    # Run Flyway migrations
    $FLYWAY -url="${openiam_jdbc_url}" \
      -user=${FLYWAY_OPENIAM_USERNAME} \
      -password=${FLYWAY_OPENIAM_PASSWORD} \
      -baselineVersion=$FLYWAY_BASELINE_VERSION baseline \
      -locations="filesystem:${HOME_DIR}/conf/schema/${FLYWAY_DATABASE_TYPE}/openiam/" \
      -mixed=true \
      -placeholderReplacement=false repair
    

    $FLYWAY -url="${openiam_jdbc_url}" \
      -user=${FLYWAY_OPENIAM_USERNAME} \
      -password=${FLYWAY_OPENIAM_PASSWORD} \
      -baselineVersion=$FLYWAY_BASELINE_VERSION baseline \
      -locations="filesystem:${HOME_DIR}/conf/schema/${FLYWAY_DATABASE_TYPE}/openiam/" \
      -mixed=true \
      -placeholderReplacement=false migrate
    

    $FLYWAY -url="${activiti_jdbc_url}" \
      -user=${FLYWAY_ACTIVITI_USERNAME} \
      -password=${FLYWAY_ACTIVITI_PASSWORD} \
      -baselineVersion=$FLYWAY_BASELINE_VERSION baseline \
      -locations="filesystem:${HOME_DIR}/conf/schema/${FLYWAY_DATABASE_TYPE}/activiti" \
      -mixed=true \
      -placeholderReplacement=false migrate
    

    openiam-cli start
    

    echo "$UPGRADE_TO_VERSION" > ${HOME_DIR}/version
    

    # Clean up upgrading trash
    rm -rf /usr/src/*
    

    echo "Done"
    echo "Backup of old version: ${HOME_DIR}/backup/openiam-$CURRENT_VERSION-files.tar"
    echo "Upgrading log: ${HOME_DIR}/upgrade.log"
    Previous
    Infrastructure upgrade
    Next
    Infrastructure upgrade in v4.2.1.13