Upgrading from version 4.2.1.x to version 4.2.1.7

This document will guide the users on how to upgrade to version 4.2.1.7 from older 4.2.1.x versions.

Starting with OpenIAM version 4.2.1.4, upgrading doesn't need any add-ons. upgrade.sh is a part of the RPM installation, so the upgrading process involves simple steps, as shown below.

  1. Set the parameter in the env.sh.
export UPGRADE_TO_VERSION=""
  1. Run the following command.
openiam-cli upgrade
  1. Check all the services are up and running, by running the following command.
openiam-cli status
  1. Once all the services are up and running, login to OpenIAM and navigate to Administration > About OpenIAM.

The build version must be updated to 4.2.1.7.

Note: In case having errors in the IDM and business log, stop OpenIAM, login into UI of RabbitMQ and do the following:

  • delete queues PropertyValueCacheQueue and BusinessRuleCacheQueue.
  • delete exchanges PROPERTY_VALUE_CACHE_EXCAHNGE and BUSINESS_RULE_CACHE_EXCHANGE.

In the event of no access to RabbitMQ UI for any reason, you can do the same from the console using the following commands.

cd /usr/lib/rabbitmq/lib/rabbitmq_server-3.9.21/plugins/rabbitmq_management-3.9.21/priv/www/cli/
python rabbitmqadmin -u openiam -p passwd00 -V openiam_business_rule delete exchange name=BUSINESS_RULE_CACHE_EXCHANGE
python rabbitmqadmin -u openiam -p passwd00 -V openiam_common delete exchange name=PROPERTY_VALUE_CACHE_EXCAHNGE
rabbitmqctl delete_queue --vhost=openiam_common PropertyValueCacheQueue
rabbitmqctl delete_queue --vhost=openiam_business_rule BusinessRuleCacheQueue

Make sure to use your credentials, since example provides the default ones. If you don't have Python installed, you can use any preferred way to run the rabbitmqadmin.

Afterwards, start OpenIAM. The error might appear due to the change in handlers for these objects. There will be no side effects of the actions above since these are objects used for cache. They will be re-created and re-populated upon the start of OpenIAM.

Note: .NET/PS connector versions to be used with OpenIAM version 4.2.1.7. should be at least 5.20.0.0 or higher. Please note that you must update connector if you use newer versions of the product. It is recommended to use the latest connector version. All .NET/PS connectors versions as at 5.24.0.0 version are backward compatible, hence updating it will not disrupt operation of OpenIAM versions 4.2.0 and higher.

Note: If you fail to access RabbitMQ UI then stop RabbitMQ service by running systemctl stop rabbitmq-server and delete /var/lib/rabbitmq/mnesia. After you removed mnesia successfully, as upon deletion of this directory the whole RabbitMQ data clears, you need to reinstall hosts and users on RabbitMQ.

Create re_init_rabbitmq.sh script in utils/rabbitmq/.

The script content has to be as follows:

#!/bin/bash
set -e
. /usr/local/openiam/env.conf
export VAULT_CERTS="$HOME_DIR/vault/certs/"
export JAVA_HOME="$HOME_DIR/jdk"
export VAULT_HOME="$HOME_DIR/utils/vault/"
. ${VAULT_HOME}validate.vault.sh
export RABBITMQ_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.rabbitmq.password)
if [ -z "$RABBITMQ_PASSWORD" ] || [ "$RABBITMQ_PASSWORD" == "null" ]; then
echo "cannot get vault.secret.rabbitmq.password property from vault"
exit 1;
fi
rabbitmqctl add_vhost openiam_am
rabbitmqctl add_vhost openiam_idm
rabbitmqctl add_vhost openiam_audit
rabbitmqctl add_vhost openiam_common
rabbitmqctl add_vhost openiam_connector
rabbitmqctl add_vhost openiam_activiti
rabbitmqctl add_vhost openiam_user
rabbitmqctl add_vhost openiam_groovy_manager
rabbitmqctl add_vhost openiam_synchronization
rabbitmqctl add_vhost openiam_ext_log
rabbitmqctl add_vhost openiam_bulk_synchronization
rabbitmqctl add_vhost openiam_reconciliation
rabbitmqctl add_vhost openiam_bulk_reconciliation
rabbitmqctl add_vhost openiam_business_rule
rabbitmqctl add_vhost openiam_machine_learning
rabbitmqctl add_vhost openiam_sas
rabbitmqctl add_user openiam $RABBITMQ_PASSWORD
rabbitmqctl set_user_tags openiam administrator
rabbitmqctl set_permissions -p openiam_am openiam "." "." "."
rabbitmqctl set_permissions -p openiam_idm openiam "." "." "."
rabbitmqctl set_permissions -p openiam_audit openiam "." "." "."
rabbitmqctl set_permissions -p openiam_common openiam "." "." "."
rabbitmqctl set_permissions -p openiam_connector openiam "." "." "."
rabbitmqctl set_permissions -p openiam_activiti openiam "." "." "."
rabbitmqctl set_permissions -p openiam_user openiam "." "." "."
rabbitmqctl set_permissions -p openiam_groovy_manager openiam "." "." "."
rabbitmqctl set_permissions -p openiam_synchronization openiam "." "." "."
rabbitmqctl set_permissions -p openiam_ext_log openiam "." "." "."
rabbitmqctl set_permissions -p openiam_bulk_synchronization openiam "." "." "."
rabbitmqctl set_permissions -p openiam_reconciliation openiam "." "." "."
rabbitmqctl set_permissions -p openiam_bulk_reconciliation openiam "." "." "."
rabbitmqctl set_permissions -p openiam_business_rule openiam "." "." "."
rabbitmqctl set_permissions -p openiam_machine_learning openiam "." "." "."
rabbitmqctl set_permissions -p openiam_sas openiam "." "." "."

Afterwards, run the following command.

chmod +x re_init_rabbitmq.sh

and

file ./re_init_rabbitmq.sh

Finally, to start the RabbitMQ service again run the following command.

systemctl start rabbitmq-server