Upgrading Autonomous Identity
Autonomous Identity 2020.6.4 provides upgrade commands to update your core software to the latest version while migrating your data.
Important
If you use a custom role management accelerator, you must apply an update patch to fix a vulnerability in a third-party component. See Update the Custom Role Accelerator Patch.
Note
Make sure to test your upgrade on a staging or QA server before running it in production.
The upgrade assumes the following:
Database Systems are the Same. If your current database is Apache Cassandra, you cannot upgrade to a MongoDB-based system. You will need to run a clean installation with the new version.
Host IPs should the Same. Host IP addresses must be the same for existing components. You must update the ~/autoid-config/hosts file by adding the IP addresses for the Elasticsearch entries. See the instructions below.
Registry Key Required. To download the deployment images for the upgrade, you still need a registry key to log into the ForgeRock Google Cloud Registry (gcr.io). The registry key is only available to ForgeRock Autonomous Identity customers. You can copy it from your previous install to the new upgraded installment.
Upgrade Paths. The following upgrade paths are supported:
2020.6.0, 2020.6.1, 2020.6.2, or 2020.6.3 to 2020.6.4
Upgrading to Version 2020.6.4
Run the following procedure to upgrade your existing 2020.6.0, 2020.6.1, 2020.6.2, and 2020.6.3 deployments:
On the deployer machine, back up the 2020.6.x ~/autoid-config directory or move it to another location.
$
mv ~/autoid-config ~/backup-2020.6
Create a new
~/autoid-config
directory.$
mkdir ~/autoid-config
Copy your original SSH key into the new directory.
$
cp ~/.ssh/id_rsa ~/autoid-config
Change the permissions on the SSH key.
$
chmod 400 ~/autoid-config/id_rsa
Check if you can successfully SSH to the target server.
$
ssh -i id_rsa autoid@<Target-IP-Address>
Stop the stack.
$
docker stack rm configuration-service consul-server consul-client nginx openldap selfservice swagger-ui ui api
Take a backup of the
/data/conf
directory. This directory holds the configuration files used in 2020.6.x.$
cp -r /data/conf <backup_directory>
Remove the analytics container on the analytics node:
$
docker rm -f analytics
Enter exit to end your SSH session.
From the deployer, restart Docker:
$
sudo systemctl restart docker
On the deployer node, change to the
~/autoid-config
directory.$
cd ~/autoid-config
Copy the
autoid_registry_key.json
file and your SSH key, such asid_rsa
from~/backup-2020.6
to~/autoid-config
.Log in to the ForgeRock Google Cloud Registry (gcr.io) using the registry key.
$
docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoid
Run the create-template command to generate the
deployer.sh
script wrapper and configuration files.$
docker run --user=$(id -u) -v ~/autoid-config:/config -it gcr.io/forgerock-autoid/deployer:2020.6.4 create-template
Edit your
~/autoid-config/vars.yml
,~/autoid-config/hosts
, and~/autoid-config/ansible.cfg
files on the deployer machine.Important
Make sure to keep your IP configuration settings consistent from one system to another.
SSH to the target node.
Stop Apache Spark master and workers, so that the deployer can upgrade the version to 3.0.1.
$
/opt/autoid/spark/spark-2.4.4-bin-hadoop2.7/sbin/stop-all.sh
Exit your SSH session.
Change to the
~/autoid-config
directory.$
cd ~/autoid-config
Download the images. This step downloads software dependencies needed for the deployment and places them in the
autoid-packages
directory.$
./deployer.sh download-images
Run the upgrade.
$
./deployer.sh upgrade
Log out and then log in. SSH to the target server.
Create an analytics template. This step creates a template from the new analytics image.
$
analytics create-template
Edit the
/data/conf/analytics_init_config.yml
file if you made changes to this file in your previous deployment.Apply the analytics template.
$
analytics apply-template
Rerun your analytics pipeline steps.
$
analytics ingest
$analytics train
$analytics predict-as-is
$analytics predict-recommendation
$analytics publish
You have successfully upgraded your Autonomous Identity server to 2020.6.4.
As of December 2021, you must update your code if you use a custom role management accelerator to fix a vulnerability in a third-party component. Run the following procedure:
Pull the latest Activiti image. Replace <company-name> with your company ID name in lowercase, established at install. For example, "forgerock".
$
docker pull gcr.io/forgerock-autoid/<company-name>/roles/activiti:12202021
Edit the Activiti
docker-compose.deploy.yml
file to include the pulled image:version: '3' services: activiti: image: gcr.io/forgerock-autoid/<company-name>/roles/activiti:12202021
Remove the currently running Activiti container:
$
docker stack rm activiti
Deploy the new Activiti image:
$
docker stack deploy --with-registry-auth --compose-file </path/to/docker-compose.deploy.yml> activiti
Update the nginx service:
$
docker service update --force nginx nginx
Verify the successful startup of the Activiti container:
$
docker service logs activiti_activiti
You have successfully updated the new custom role management accelerator patch.