Upgrade Autonomous Identity
Autonomous Identity 2020.10.2 provides upgrade commands to update your core software to the latest version while migrating your data.
The upgrade assumes the following:
Database Systems are the Same. If your current database is Apache Cassandra, you cannot upgrade to a MongoDB-based system. You will need to run a clean installation with the new version.
Host IPs should be the Same. Host IP addresses must be the same for existing components. You must update the
~/autoid-config/hostsfile by adding the IP addresses for the Elasticsearch entries. See the instructions below.Registry Key Required. To download the deployment images for the upgrade, you still need a registry key to log into the ForgeRock Google Cloud Registry (gcr.io). The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.
Additional CSV Files Requires. The upgraded system requires the
app_attributes.csvandent_attributes.csvfor attribute filtering on the Applications page. Copy these files to the/data/inputdirectory. For more information on these files, see Data Preparation.Upgrade Paths. The upgrade paths are summarized as follows:
2020.10.x -> 2020.10.2
2020.6.4 -> 2020.10.2
Upgrade from 2020.10.x to 2020.10.2
On the deployer machine, back up the 2020.10.0 or 2020.10.1
~/autoid-configdirectory or move it to another location.$
mv ~/autoid-config ~/backup-2020.10.1Create a new
~/autoid-configdirectory.$
mkdir ~/autoid-configCopy your
autoid_registry_key.json,ansible.cfg, andvault.ymlfiles from your backup directory to~/autoid-config. If yourvault.ymlfile is encrypted, copy the.autoid_vault_passwordfile to ~/autoid-config.Remove your
known_files.$
rm ~/.ssh/known_hostsCopy your original SSH key into the new directory.
$
cp ~/.ssh/id_rsa ~/autoid-configChange the permission on the SSH key.
$
chmod 400 ~/autoid-config/id_rsaCheck if you can successfully SSH to the target server.
$
ssh autoid@<Target-IP-Address>Enter exit to end your SSH session.
On the deployer node, change to the
~/autoid-configdirectory.$
cd ~/autoid-configLog in to the ForgeRock Google Cloud Registry (gcr.io) using the registry key. The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.
$
docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoidYou should see:
Login SucceededRun the create-template command to generate the
deployer.shscript wrapper and configuration files. Note that the command sets the configuration directory on the target node to/config. The --user parameter eliminates the need to use sudo while editing the hosts file and other configuration files.$
docker run --user=`id -u` -v ~/autoid-config:/config -it gcr.io/forgerock-autoid/deployer:2020.10.2 create-templateMake the script executable.
$
chmod +x deployer.shCopy your
~/autoid-config/vars.yml,~/autoid-config/hosts, and~/autoid-config/vault.ymlfiles from your backup directory to the deployer machine.Important
You must keep your configuration settings consistent from one system to another.
Download the images. This step downloads software dependencies needed for the deployment and places them in the
autoid-packagesdirectory. Make sure you are in the~/autoid-configdirectory.$
./deployer.sh download-imagesRun the upgrade.
$
./deployer.sh debug patch_log4j
Upgrade from 2020.6.4 to 2020.10.2
Upgrade to version from 2020.6.4 to 2020.10.2
On the deployer machine, back up the 2020.6.4
~/autoid-configdirectory or move it to another location.$
mv ~/autoid-config ~/backup-2020.6Create a new
~/autoid-configdirectory.$
mkdir ~/autoid-configCopy your
autoid_registry_key.json,ansible.cfg,vault.yml, and SSH keys. files from your backup directory to~/autoid-config. If yourvault.ymlfile is encrypted, copy the.autoid_vault_passwordfile to ~/autoid-config.Remove your
known_files.$
rm ~/.ssh/known_hostsCopy your original SSH key into the new directory.
$
cp ~/.ssh/id_rsa ~/autoid-configChange the permission on the SSH key.
$
chmod 400 ~/autoid-config/id_rsaCheck if you can successfully SSH to the target server.
$
ssh autoid@<Target-IP-Address>Last login: Tue Jan 20 18:19:14 2022Enter exit to end your SSH session.
On the deployer node, change to the
~/autoid-configdirectory.$
cd ~/autoid-configLog in to the ForgeRock Google Cloud Registry (gcr.io) using the registry key. The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.
$
docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoidRun the create-template command to generate the
deployer.shscript wrapper and configuration files. Note that the command sets the configuration directory on the target node to/config. The --user parameter eliminates the need to use sudo while editing the hosts file and other configuration files.$
docker run --user=`id -u` -v ~/autoid-config:/config -it gcr.io/forgerock-autoid/deployer:2020.10.2 create-templateMake the script executable.
$
chmod +x deployer.shCopy your
~/autoid-config/vars.yml,~/autoid-config/hosts, and~/autoid-config/vault.ymlfiles from your backup directory to the deployer machine.Important
You must keep your configuration settings consistent from one system to another.
SSH to the target server.
Stop the stack.
$
docker stack rm configuration-service consul-server nginx openldap selfservice swagger-ui ui api consul-clientDelete the contents from the consul data. This step is required as the new consul server in the upgrade is not able to load the previous snapshots, because of a version incompatibility.
$
mv /opt/autoid/mounts/consul-data/* <backup-directory>Exit your SSH session.
Download the images. This step downloads software dependencies needed for the deployment and places them in the
autoid-packagesdirectory. Make sure you are in the~/autoid-configdirectory.$
./deployer.sh download-imagesRun the upgrade.
$
./deployer.sh upgradeLog out and then log in. SSH to the target server.
Take a backup of the /data/conf or move it to another directory. The directory stores the 2020.6 configuration files.
$
mv /data/conf <backup-directory>Create an analytics template. This step creates a template from the new analytics image.
$
analytics create-templateEdit the
/data/conf/analytics_init_config.ymlfile if you made changes to this file in your previous deployment.Apply the analytics template.
$
analytics apply-templateRun the analytics upgrade job.
$
analytics upgradeEdit the analytics_config file to set up the ingestion process. The change is required to account for the applications and entitlements tables.
etl: false reports: false ingestion: drop_if_create: true tables: app_attributes,ent_attributes catalog_step: false staging: false connector: type: csv connector-oim: type: oim timeout: 15 batchsize: 1000 change reconciliation: ...Run the analytics ingest job.
$
analytics ingestRun the analytics publish job.
$
analytics publishRun the create-assignment-index job.
$
analytics create-assignment-indexYou have successfully upgrade from 2020.6.x to 2020.10.2!
Access the Dashboard
Access the Autonomous Identity console UI:
Open a browser, and point it to
https://autoid-ui.forgerock.com/(or your customized URL:https://myid-ui.abc.com).Log in as a test user:
bob.rodgers@forgerock.com. Enter the password:Welcome123.