Upgrading from version 4.2.1.x to version 4.2.1.6
This document will guide the users on how to upgrade to version 4.2.1.6 from older 4.2.1.x versions.
Starting with OpenIAM version 4.2.1.4, upgrading doesn't need any add-ons. upgrade.sh
is a part of the RPM installation, so the upgrading process involves simple steps, as shown below.
- Set the parameter in the env.sh.
export UPGRADE_TO_VERSION=""
- Run the following command.
openiam-cli upgrade
- Check all the services are up and running, by running the following command.
openiam-cli status
- Once all the services are up and running, login to OpenIAM and navigate to Administration > About OpenIAM.
The build version must be updated to 4.2.1.6.
Note: In case having errors in the IDM and business log, stop OpenIAM, login into UI of RabbitMQ and do the following:
- delete queues PropertyValueCacheQueue and BusinessRuleCacheQueue.
- delete exchanges PROPERTY_VALUE_CACHE_EXCAHNGE and BUSINESS_RULE_CACHE_EXCHANGE.
In the event of no access to RabbitMQ UI for any reason, you can do the same from the console using the following commands.
cd /usr/lib/rabbitmq/lib/rabbitmq_server-3.9.21/plugins/rabbitmq_management-3.9.21/priv/www/cli/python rabbitmqadmin -u openiam -p passwd00 -V openiam_business_rule delete exchange name=BUSINESS_RULE_CACHE_EXCHANGEpython rabbitmqadmin -u openiam -p passwd00 -V openiam_common delete exchange name=PROPERTY_VALUE_CACHE_EXCAHNGErabbitmqctl delete_queue --vhost=openiam_common PropertyValueCacheQueuerabbitmqctl delete_queue --vhost=openiam_business_rule BusinessRuleCacheQueue
Make sure to use your credentials, since example provides the default ones. If you don't have Python installed, you can use any preferred way to run the rabbitmqadmin.
Afterwards, start OpenIAM. The error might appear due to the change in handlers for these objects. There will be no side effects of the actions above since these are objects used for cache. They will be re-created and re-populated upon the start of OpenIAM.
Note: .NET/PS connector versions to be used with OpenIAM version 4.2.1.6. should be at least 5.20.0.0 or higher. Please note that you must update connector if you use newer versions of the product. It is recommended to use the latest connector version. All .NET/PS connectors versions as at 5.24.0.0 version are backward compatible, hence updating it will not disrupt operation of OpenIAM versions 4.2.0 and higher.
Note: If you fail to access RabbitMQ UI then stop RabbitMQ service by running systemctl stop rabbitmq-server
and delete /var/lib/rabbitmq/mnesia
. After you removed mnesia successfully, as upon deletion of this directory the whole RabbitMQ data clears, you need to reinstall hosts and users on RabbitMQ.
Create re_init_rabbitmq.sh
script in utils/rabbitmq/
.
The script content has to be as follows:
#!/bin/bashset -e. /usr/local/openiam/env.confexport VAULT_CERTS="$HOME_DIR/vault/certs/"export JAVA_HOME="$HOME_DIR/jdk"export VAULT_HOME="$HOME_DIR/utils/vault/". ${VAULT_HOME}validate.vault.shexport RABBITMQ_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.rabbitmq.password)if [ -z "$RABBITMQ_PASSWORD" ] || [ "$RABBITMQ_PASSWORD" == "null" ]; thenecho "cannot get vault.secret.rabbitmq.password property from vault"exit 1;firabbitmqctl add_vhost openiam_amrabbitmqctl add_vhost openiam_idmrabbitmqctl add_vhost openiam_auditrabbitmqctl add_vhost openiam_commonrabbitmqctl add_vhost openiam_connectorrabbitmqctl add_vhost openiam_activitirabbitmqctl add_vhost openiam_userrabbitmqctl add_vhost openiam_groovy_managerrabbitmqctl add_vhost openiam_synchronizationrabbitmqctl add_vhost openiam_ext_lograbbitmqctl add_vhost openiam_bulk_synchronizationrabbitmqctl add_vhost openiam_reconciliationrabbitmqctl add_vhost openiam_bulk_reconciliationrabbitmqctl add_vhost openiam_business_rulerabbitmqctl add_vhost openiam_machine_learningrabbitmqctl add_vhost openiam_sasrabbitmqctl add_user openiam $RABBITMQ_PASSWORDrabbitmqctl set_user_tags openiam administratorrabbitmqctl set_permissions -p openiam_am openiam "." "." "."rabbitmqctl set_permissions -p openiam_idm openiam "." "." "."rabbitmqctl set_permissions -p openiam_audit openiam "." "." "."rabbitmqctl set_permissions -p openiam_common openiam "." "." "."rabbitmqctl set_permissions -p openiam_connector openiam "." "." "."rabbitmqctl set_permissions -p openiam_activiti openiam "." "." "."rabbitmqctl set_permissions -p openiam_user openiam "." "." "."rabbitmqctl set_permissions -p openiam_groovy_manager openiam "." "." "."rabbitmqctl set_permissions -p openiam_synchronization openiam "." "." "."rabbitmqctl set_permissions -p openiam_ext_log openiam "." "." "."rabbitmqctl set_permissions -p openiam_bulk_synchronization openiam "." "." "."rabbitmqctl set_permissions -p openiam_reconciliation openiam "." "." "."rabbitmqctl set_permissions -p openiam_bulk_reconciliation openiam "." "." "."rabbitmqctl set_permissions -p openiam_business_rule openiam "." "." "."rabbitmqctl set_permissions -p openiam_machine_learning openiam "." "." "."rabbitmqctl set_permissions -p openiam_sas openiam "." "." "."
Afterwards, run the following command.
chmod +x re_init_rabbitmq.sh
and
file ./re_init_rabbitmq.sh
Finally, to start the RabbitMQ service again run the following command.
systemctl start rabbitmq-server