Upgrading Autonomous Identity

Autonomous Identity 2020.6.4 provides upgrade commands to update your core software to the latest version while migrating your data.

Important

If you use a custom role management accelerator, you must apply an update patch to fix a vulnerability in a third-party component. See Update the Custom Role Accelerator Patch.

Note

Make sure to test your upgrade on a staging or QA server before running it in production.

The upgrade assumes the following:

  • Database Systems are the Same. If your current database is Apache Cassandra, you cannot upgrade to a MongoDB-based system. You will need to run a clean installation with the new version.

  • Host IPs should the Same. Host IP addresses must be the same for existing components. You must update the ~/autoid-config/hosts file by adding the IP addresses for the Elasticsearch entries. See the instructions below.

  • Registry Key Required. To download the deployment images for the upgrade, you still need a registry key to log into the ForgeRock Google Cloud Registry (gcr.io). The registry key is only available to ForgeRock Autonomous Identity customers. You can copy it from your previous install to the new upgraded installment.

  • Upgrade Paths. The following upgrade paths are supported:

    • 2020.6.0, 2020.6.1, 2020.6.2, or 2020.6.3 to 2020.6.4

Upgrading to Version 2020.6.4

Run the following procedure to upgrade your existing 2020.6.0, 2020.6.1, 2020.6.2, and 2020.6.3 deployments:

Upgrade to 2020.6.4
  1. On the deployer machine, back up the 2020.6.x ~/autoid-config directory or move it to another location.

    $ mv ~/autoid-config ~/backup-2020.6
  2. Create a new ~/autoid-config directory.

    $ mkdir ~/autoid-config
  3. Copy your original SSH key into the new directory.

    $ cp ~/.ssh/id_rsa ~/autoid-config
  4. Change the permissions on the SSH key.

    $ chmod 400 ~/autoid-config/id_rsa
  5. Check if you can successfully SSH to the target server.

    $ ssh -i id_rsa autoid@<Target-IP-Address>
  6. Stop the stack.

    $ docker stack rm configuration-service consul-server consul-client nginx openldap selfservice swagger-ui ui api
  7. Take a backup of the /data/conf directory. This directory holds the configuration files used in 2020.6.x.

    $ cp -r /data/conf <backup_directory>
  8. Remove the analytics container on the analytics node:

    $ docker rm -f analytics
  9. Enter exit to end your SSH session.

  10. From the deployer, restart Docker:

    $ sudo systemctl restart docker
  11. On the deployer node, change to the ~/autoid-config directory.

    $ cd ~/autoid-config
  12. Copy the autoid_registry_key.json file and your SSH key, such as id_rsa from ~/backup-2020.6 to ~/autoid-config.

  13. Log in to the ForgeRock Google Cloud Registry (gcr.io) using the registry key.

    $ docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoid
  14. Run the create-template command to generate the deployer.sh script wrapper and configuration files.

    $ docker run --user=$(id -u) -v ~/autoid-config:/config -it gcr.io/forgerock-autoid/deployer:2020.6.4 create-template
  15. Edit your ~/autoid-config/vars.yml , ~/autoid-config/hosts, and ~/autoid-config/ansible.cfg files on the deployer machine.

    Important

    Make sure to keep your IP configuration settings consistent from one system to another.

  16. SSH to the target node.

  17. Stop Apache Spark master and workers, so that the deployer can upgrade the version to 3.0.1.

    $ /opt/autoid/spark/spark-2.4.4-bin-hadoop2.7/sbin/stop-all.sh
  18. Exit your SSH session.

  19. Change to the ~/autoid-config directory.

    $ cd ~/autoid-config
  20. Download the images. This step downloads software dependencies needed for the deployment and places them in the autoid-packages directory.

    $ ./deployer.sh download-images
  21. Run the upgrade.

    $ ./deployer.sh upgrade
  22. Log out and then log in. SSH to the target server.

  23. Create an analytics template. This step creates a template from the new analytics image.

    $ analytics create-template
  24. Edit the /data/conf/analytics_init_config.yml file if you made changes to this file in your previous deployment.

  25. Apply the analytics template.

    $ analytics apply-template
  26. Rerun your analytics pipeline steps.

    $ analytics ingest
    $ analytics train
    $ analytics predict-as-is
    $ analytics predict-recommendation
    $ analytics publish

    You have successfully upgraded your Autonomous Identity server to 2020.6.4.

Update the Custom Role Management Accelerator Patch

As of December 2021, you must update your code if you use a custom role management accelerator to fix a vulnerability in a third-party component. Run the following procedure:

  1. Pull the latest Activiti image. Replace <company-name> with your company ID name in lowercase, established at install. For example, "forgerock".

    $ docker pull gcr.io/forgerock-autoid/<company-name>/roles/activiti:12202021
  2. Edit the Activiti docker-compose.deploy.yml file to include the pulled image:

         version: '3'
         services:
         activiti:
            image: gcr.io/forgerock-autoid/<company-name>/roles/activiti:12202021
        
  3. Remove the currently running Activiti container:

    $ docker stack rm activiti
  4. Deploy the new Activiti image:

    $ docker stack deploy --with-registry-auth --compose-file </path/to/docker-compose.deploy.yml> activiti
  5. Update the nginx service:

    $ docker service update --force nginx nginx
  6. Verify the successful startup of the Activiti container:

    $ docker service logs activiti_activiti

    You have successfully updated the new custom role management accelerator patch.

Read a different version of :