Upgrade VeridiumID from 3.5.x to v3.6.0 (without OS Upgrade)
This document will provide a step by step procedure to upgrade to VeridiumID 3.6.0.
It is recommended to take a snapshot for the servers before update.
The procedure will provide information regarding both update methods:
using a configured YUM repository
using local packages
The update is done without downtime, one node at a time. Please start with WEBAPP nodes and after that do the installation on PERSISTENCE nodes. In order to have no impact, please take out from the balancer the node on which install is running.
WEBAPP node is a server where websecadmin is installed, PERSISTENCE node is a server where Cassandra is installed.
The application 3.x is compatible with 3.6.0 database schema.
Summary:
1) Download packages
2) Pre-requirements
3) Start Update
4) Post update steps
5) Other references
1) Download packages
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
|
| VeridiumID Update packages archive containing all RPMs, for local update procedure RHEL7 | |
|
| VeridiumID Update packages archive containing all RPMs, for local update procedure | |
|
| VeridiumID Update packages archive containing all RPMs, for local update procedure |
Download the package on the server and unzip it.
## download the package on each server; the below command can be used. Please fill in the proxy IP and username and password provided by Veridium.
## it is recommanded to execute these commands with the user that is going to do the installation.
## based on OS version, you have download the necessary package:
## RHEL7, Centos7
wget --user NEXUS_USER --password NEXUS_PASSWORD -e use_proxy=yes -e http_proxy=PROXY_IP:PROXY_PORT https://veridium-repo.veridium-dev.com/repository/VeridiumUtils/Veridium-3.6.0-update/veridiumid-update-packages-10.0.55.zip
## RHEL8, Rocky8
wget --user NEXUS_USER --password NEXUS_PASSWORD -e use_proxy=yes -e http_proxy=PROXY_IP:PROXY_PORT https://veridium-repo.veridium-dev.com/repository/VeridiumUtils/Veridium-3.6.0-update/veridiumid-update-packages-rhel8-10.0.55.zip
## RHEL9, Rocky9
wget --user NEXUS_USER --password NEXUS_PASSWORD -e use_proxy=yes -e http_proxy=PROXY_IP:PROXY_PORT https://veridium-repo.veridium-dev.com/repository/VeridiumUtils/Veridium-3.6.0-update/veridiumid-update-packages-rhel9-10.0.55.zip
Other option is to upload the update package to local repository, based on the OS the client is using - RHEL7,8 or 9.
2) Pre-requirements
2.1) (MANDATORY) User requirements
We recommend using any user with sudo rights or root directly.
Python 3 must be installed. To check if you have a working Python 3 version run the following command:
python3 --versionIf Python 3 is not installed, please see section 5.1 - How to install python 3
3) Start Update
Please execute all commands as root or with a user that has sudo privileges.
3.1) Update using local packages
Execute below commands on all nodes, first on WEBAPP and later on PERSITENCE nodes. Please execute the update one by one servers, not in parallel.
TMP_DEST="/home/veridiumid/update360"
#### please choose the one that apply, based on your OS:
##RHEL7
unzip veridiumid-update-packages-10.0.55.zip -d ${TMP_DEST}
##RHEL8
unzip veridiumid-update-packages-rhel8-10.0.55.zip -d ${TMP_DEST}
##RHEL9
unzip veridiumid-update-packages-rhel9-10.0.55.zip -d ${TMP_DEST}Starting with version 3.6.0, it is used JAVA 11 version. Please install this package before the update:
## PLEASE INSTALL JAVA 11 from local repositories; it should be OPENJDK distribution. Without this step the update will not be possible
sudo yum install java-11-openjdk -y
## before the update, java 8 still should be the default one; check by running:
java -version
## if JAVA 8 is not the current java, please change it using below command, and select option for JAVA8
sudo update-alternatives --config javaAfter this, update application:
TMP_DEST="/home/veridiumid/update360"
sudo yum localinstall -y ${TMP_DEST}/packages/veridiumid_update_procedure-10.0.55-20240425.x86_64.rpm
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 10.0.55 --rpm-path ${TMP_DEST}/packages/
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 10.0.55 --rpm-path ${TMP_DEST}/packages/
sudo bash /etc/veridiumid/scripts/check_services.shIn case of ElasticSearch migration failing (due to Kibana issues) please run the following commands:
KIBANA_LOG=$(dirname $(readlink /var/log/veridiumid/kibana))
KIBANA_DIR=$(dirname $(readlink /opt/veridiumid/kibana))
sudo rm -rf ${KIBANA_LOG}/kibana
sudo rm -rf ${KIBANA_DIR}/kibana
sudo rm -rf /opt/veridiumid/kibana
sudo rm -rf /etc/veridiumid/kibana
sudo rm -rf /var/log/veridiumid/kibana
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 10.0.55 --rpm-path ${TMP_DEST}/packages/After updating all nodes, please update Cassandra from 4.0.9 to 4.1.4 on persistence nodes. Please execute the update one by one servers, not in parallel. This procedure might be with a downtime until executed on all nodes.
TMP_DEST="/home/veridiumid/update360"
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/360/update_cassandra.sh ${TMP_DEST}/packages/
##check status
sudo /opt/veridiumid/cassandra/bin/nodetool status
sudo /opt/veridiumid/cassandra/bin/nodetool describecluster
## to edit crontab run:
## sudo crontab -e
## to list crontab run:
## sudo crontab -l
## also please comment this line on 2 out of 3 servers:
#0 1 * * 5 bash /opt/veridiumid/cassandra/conf/cassandra_maintenance.sh -c /opt/veridiumid/cassandra/conf/maintenance.conf
## this is running repair, but it should not run in parallel on all 3 nodes in the same datacenter.
## also there should be at least 3 hours difference between the repair operation and the other maintainence task, the one that ends with -k
## The line with -k should be in crontab on all 3 nodes, uncommented.
## if number of devices are not seen in websecadmin, please recreate lucene indices
bash /opt/veridiumid/cassandra/conf/recreateCassandraLuceneIndexes.sh -c /opt/veridiumid/cassandra/conf/maintenance.conf3.2) Update using a YUM repository
Starting with version 3.6.0, it is used JAVA 11 version. Please install this package before the update:
sudo yum install java-11-openjdk -y
## before the update, java 8 still should be the default one; check by running:
java --version
## if JAVA 8 is not the current java, please change it using below command, and select option for JAVA8
sudo update-alternatives --config javaCheck if packages are visible in the repository. If the packages are not visible, please upload them into your repository, based on the OS you are using.
## check installed package
sudo yum list installed veridiumid_update_procedure
## check availability of the new package; if this package is not available, please fix the issue with the repository
sudo yum list available veridiumid_update_procedure-10.0.55-20240425If the package is available, please execute below commands on all nodes, first on WEBAPP and later on PERSITENCE nodes. Please execute the update one by one servers, not in parallel.
sudo yum clean metadata
sudo yum install -y veridiumid_update_procedure-10.0.55
sudo python3 /etc/veridiumid/update-procedure/current/preUpdateSteps.py --version 10.0.55 --use-repo
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 10.0.55 --use-repo
sudo bash /etc/veridiumid/scripts/check_services.shIn case of ElasticSearch failing (due to Kibana issues), please run the following commands:
KIBANA_LOG=$(dirname $(readlink /var/log/veridiumid/kibana))
KIBANA_DIR=$(dirname $(readlink /opt/veridiumid/kibana))
sudo rm -rf ${KIBANA_LOG}/kibana
sudo rm -rf ${KIBANA_DIR}/kibana
sudo rm -rf /opt/veridiumid/kibana
sudo rm -rf /etc/veridiumid/kibana
sudo rm -rf /var/log/veridiumid/kibana
sudo python3 /etc/veridiumid/update-procedure/current/startUpdate.py --version 10.0.55 --use-repoAfter updating all nodes, please update Cassandra from 4.0.9 to 4.1.4 on persistence nodes. Please execute the update one by one servers, not in parallel. This procedure might be with a downtime until executed on all nodes.
sudo sed -i 's|\${build_date}\ |\${build_date}\*\ |g' /etc/veridiumid/update-procedure/current/resources/scripts/360/update_cassandra.sh
sudo bash /etc/veridiumid/update-procedure/current/resources/scripts/360/update_cassandra.sh
##check status and wait till it starts before going to next node
sudo /opt/veridiumid/cassandra/bin/nodetool status
sudo /opt/veridiumid/cassandra/bin/nodetool describecluster
## to edit crontab run:
## sudo crontab -e
## to list crontab run:
## sudo crontab -l
## also please comment this line on 2 out of 3 servers:
#0 1 * * 5 bash /opt/veridiumid/cassandra/conf/cassandra_maintenance.sh -c /opt/veridiumid/cassandra/conf/maintenance.conf
## this is running repair, but it should not run in parallel on all 3 nodes in the same datacenter.
## also there should be at least 3 hours difference between the repair operation and the other maintainence task, the one that ends with -k
## The line with -k should be in crontab on all 3 nodes, uncommented.
## if number of devices are not seen in websecadmin, please recreate lucene indices
sudo bash /opt/veridiumid/cassandra/conf/recreateCassandraLuceneIndexes.sh -c /opt/veridiumid/cassandra/conf/maintenance.conf
4) Post update steps
Login to Websecadmin and go to → Applications. If the applications do not have assigned any groups, please connect to one of the persistence nodes and run below command. After that please re-login to Websecadmin to perform reinitialization.
bash /etc/veridiumid/update-procedure/current/resources/scripts/360/reinitApp.shAlso please limit the memory Kibana usage, by running the following commands on each webapp node.
sudo grep -q "max-old-space-size" /opt/veridiumid/kibana/config/node.options || sudo echo -ne "\n--max-old-space-size=512\n" >> /opt/veridiumid/kibana/config/node.options
systemctl restart ver_kibanaIn case applications are no longer visible in the Admin Dashboard, run the following commands on a single persistence node:
sudo /opt/veridiumid/cassandra/bin/cqlsh --cqlshrc=/opt/veridiumid/cassandra/conf/veridiumid_cqlshrc --ssl -e "UPDATE veridium.wizard SET steps_statuses = {'/setup/setupPermissions' :false,'/setup/setupMessages': false,'/setup/setupSmsTemplates' : false,'/setup/migrateMobileVersions' : false,'/integrations/updateEnrollmentStep' : false,'/setup/orchestrator/rules/cmd_otp_only/update' : false,'/setup/customApplication' : false},ended = false,started = false,muted = false WHERE id = 'bf0ed51e-337f-4b97-b4f5-d2b0caa74000';"After running the command reconnect to the Admin Dashboard.
5) Other references.
5.1) How to install python 3
In order to run the update procedure all nodes must have Python 3 installed .
To check if the VeridiumID Python 3 package (this is optional) is present use the following command as root:
## on RHEL7/Centos7 it should be used python 3.6
python3 --version
##Python 3.6.8
yum -y install python3.6
## on RHEL8/RHEL9 it should be used python3.9
sudo yum -y install python39 python39-pip
##Python 3.9.18
Veridium REPO LINKS:
Package URL | Description |
|---|---|
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM/packages/ | Repository with RHEL7 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM8/packages/ | Repository with RHEL8 packages |
https://veridium-repo.veridium-dev.com/repository/VeridiumRPM9/packages/ | Repository with RHEL9 packages |
RHEL7 MD5 of each package:
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
a481f196fd9e81d12d7bf1a1460525f0 | 4e013296fbd6ccaf7b28aa220dd35c41a553f7c1 | VeridiumID Admin Dashboard | |
81343628a13080d6f5929da5dbbf4ec2 | bf5325c8faa7549d1ab1f588004ee1301cf82d2d | VeridiumID migration tool | |
938fcea4b6bdf60598d7d7a0500d73be | 17bcd7f7b1c81435ce90889598b9b28dcca2f02b | VeridiumID Websec | |
17abb6b69214b7caec6ec8900edee73c | 3a92d627017432f6c92b32db680817f77422f79b | VeridiumID Directory Service component | |
4d7f9aad6b058f6fd73be1ae9b2bc8ef | d04fbe23544b27f1a620fc6d32dcf6c4a0adce71 | VeridiumID DMZ service | |
efc63a32235e23f0eb2dbe1d86edd17a | 832a6837cdb4f5c7c665e659eb33fd5d347ea256 | VeridiumID Data Retention service | |
9e2bdf3e619138d4d7943370b0f667a3 | 2907d46bbffa8f8f14e615b285b067ed81814eb8 | VeridiumID Fido service | |
36ee986fd5d22bb4be53013464bd4750 | 98520cb785fa11f35afb6943bcc7ff3bb08a0d7d | VeridiumID Open Policy Agent | |
6b74cae42a7bdca0c5223e4043200af9 | 086f80a8b34dee7e7063a5b310936845429d999e | VeridiumID Elasticsearch | |
3c84bf973af7d4d48a37fc411b834240 | a78644edae7dc0345980d5f78d4b2fdfa8be3f22 | VeridiumID Kibana | |
6562e89b79cdad129ae4e94b9bd2a668 | 7708835938d6c574bf20332fcac93ad1e11cd1b3 | VeridiumID Zookeeper | |
60f1cdf5b6e419bb265c35756576c853 | f97528f5b738c2bdcfb43c1e5f75b233396f6c5d | VeridiumID Cassandra | |
8f479b3c93bd0335edf127e186fbb918 | 78330372c35ed3e3b185cb92bbbb5b226cf34bd1 | VeridiumID Haproxy | |
7c244cfc99d9d6b86ca32fd7cc776a5c | 69820fe98afe85974d7b2717817cac3a685c320c | VeridiumID Self Service Portal | |
0808cd806890447079f4ef3051ed70c1 | 1c78b962550c3ae745169adc5ffda48277ab01c6 | VeridiumID Shibboleth Identity Provider | |
88fa0f8b115773293f3852166deb981f | 0236d3d98753b5961cd61291cf91cd7a7232b695 | VeridiumID Tomcat | |
513e1f29802d6c94837f1f79eed13a4f | 2fefbe762997541f24f0c6fde05b2cc1b2cd39c3 | VeridiumID FreeRadius | |
e6fdc4e2039983039fc6e2938904c2b0 | ab150b70bf60110a3516845f9d9a5e5598ff4367 | VeridiumID 4F biometric library | |
bdc58647647df24ff7742ef1f632b624 | 6c7513e6fbc846e7d8729cb93b2ad844431da1b0 | VeridiumID VFace biometric library | |
aa793ac62c6594ec6341fc5fe791df6d | becd809bd90bfdadf69964c8ab115d0ec584102d | Update scripts |
RHEL8 MD5 of each package:
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
7d187d173d739da3c8f9d9d769dd3527 | 0e99998b14a74b5578506ea32847c3b3aba9f8ae | VeridiumID Admin Dashboard | |
d2341f3b0c35f5daa1782066d282ab04 | 59eb002f8d15789f6c7c8327303963dcdc42c840 | VeridiumID migration tool | |
df839256de318f5b17bd92842fd296aa | fa0b5a60e04fda8698247abac9e41f29fd898304 | VeridiumID Websec | |
d3fa9bd6692f52d37246ec657843ad4d | f1d5cfacb981ae8a18c587c031220fa69fc0dfe7 | VeridiumID Directory Service component | |
99136c16765331aecabfe5fed0610142 | 45d6a4fbe7ae5e8d6d20627c384bd2221da03c7e | VeridiumID DMZ service | |
66e797f52a24660157d75f5ca3d4325c | 5b6bba6af64966a37218492b24b40a71e2ce4c42 | VeridiumID Data Retention service | |
ec568cd489a4d524b90d5414f9e336ed | 869c09f2a5f267a98653d8c181d0a60454d61a02 | VeridiumID Fido service | |
a1f6473b7da902d1c971d07366daefcc | 4ab064a2f7e68b19d5edd7846ad517301a0ccf81 | VeridiumID Open Policy Agent | |
ab003b195237f4db424164894f0d638a | 473f993ee0212b3379b18233061afa44fc053e76 | VeridiumID Elasticsearch | |
2073eb6e6184e3d33244a653d5546a77 | f5549ece8dc3defcf2e6c3d751931c9b2d0b2214 | VeridiumID Kibana | |
6c84ae6bde89a7c98e4be073e92a4fb2 | 383afc52046dd637a07ede693c549d635857d6e0 | VeridiumID Zookeeper | |
9863d8113c0ad55bd26376cd4fa7ab46 | d10d44d6443ddc6b98e153ca722e044e84da5888 | VeridiumID Cassandra | |
98889cb1e1988c6d50b9e357717f71af | 8c48d96145e7a0a0af8f118e549710d0948ba76a | VeridiumID Haproxy | |
9aeb032a9d8ce76b78e0b52d5d8a1500 | b6fc42123fac7c8b1aff0ace9eea06a79f9bf769 | VeridiumID Self Service Portal | |
a685adb6e069bc9e77cc5965465f61c6 | d85f02079138cb7fd59622c54aaadd5a93f08b58 | VeridiumID Shibboleth Identity Provider | |
72cacf72db25d98fe40164158e4603e4 | f201bef4c22fec1c8209df2e195e7264606140d7 | VeridiumID Tomcat | |
816c48b87a30f15a1bf0a18840fb7809 | ed9ec00580dd1397c14a925563e3b20ef5078e4d | VeridiumID FreeRadius | |
a00812becf97f26d119851d958767228 | c4705b4873b986bab539e69648ee30e7cdccce0c | VeridiumID 4F biometric library | |
36ec992844ad42d5e6016b3a085df1c7 | 736c07975e00c10fa7eaf1515d518e2156e07abe | VeridiumID VFace biometric library | |
94d26c95b175e75361b7e056a69fa481 | ea6a8dc4a9c939322df1416bbb4166c89b347ef4 | Update scripts |
RHEL9 MD5 of each package:
Package URL | MD5 | SHA1 | Description |
|---|
Package URL | MD5 | SHA1 | Description |
|---|---|---|---|
b9c962fb559943552a076ab0bd252c09 | 6ae22602e5c30e55fdc474757fabe58be79af5ae | VeridiumID Admin Dashboard | |
3d5ab5a4d9d0507289f9f2fb74de5ed0 | 59a186ed0cc54a49aae859366124378bcc83a181 | VeridiumID migration tool | |
6f6348590c6b3547fb7c872cbd07d381 | 1f305c221fcb20e8923291cb09a9baed5869a442 | VeridiumID Websec | |
37cb04e2caa6f08dd0c9cdd436863b7c | 4e362249227d6922c166da880980ccba6432c0bc | VeridiumID Directory Service component | |
f27d625cc9339d5b33137409b422bf81 | ee8b719e7a81e1a815d3a736ee94d86669a8c05e | VeridiumID DMZ service | |
84a1a1cff75cd6c73065d5a4a44b8596 | 0b05dfd6004a9a498f61a41e0181d90975576ec7 | VeridiumID Data Retention service | |
71d27d0ce8d3f83d9cff77b4ff7ed6f1 | f9eeb365f93d7a54b212553e6639de9974d4809f | VeridiumID Fido service | |
77d6a12b9ff81393f1b070f25cad0b2f | 43cdd33b7c7434f2f57ba3a307c8702653e3d28c | VeridiumID Open Policy Agent | |
296419ca46d6ffcbe3ed7eb73e1e6a36 | f5faf48ec1f4e615feb3f036067edc514db71703 | VeridiumID Elasticsearch | |
e95aee11ba3f4def30a68f28240cd36b | 89ca2d905e9509d9fcd3e5ced39a8dc0d5c7b2b0 | VeridiumID Kibana | |
7f6d6b14f38f608b0418103f564734cb | a33be336f4511de243e501afbeadf95e128e8093 | VeridiumID Zookeeper | |
0d51496ccd293e9bcb3fe5ee324cb74d | 0835828e47f5cc99d4d7222f6400b264250fce26 | VeridiumID Cassandra | |
755e032822b0990569950c7c86133ea1 | b87cff251e391a03473933bf4a053e98f6e39351 | VeridiumID Haproxy | |
f5fd08d569b5d30f8f0bbafde720b89a | 4a36909353d659c54589f1a0158b7d69b9359ef9 | VeridiumID Self Service Portal | |
881440f803d5e30a588a4185d728f204 | 1779b4f65c4316c212444c9eecf1879fcc96a8e6 | VeridiumID Shibboleth Identity Provider | |
ffc0e75902dfb0e5475a19c0c99e613d | f2c2de4c326abcaa8da3daa1d560038106d40a0d | VeridiumID Tomcat | |
b1dcff3393d6d5ca21a7aa4275e593e4 | 038e0ce6bcbd92b3fee3e3f044dd7f9e194a9170 | VeridiumID FreeRadius | |
f6e783ce134f46dd19229d41c37de316 | 47d4b70f0f54ad4ec123694243d90e0d7310a9db | VeridiumID 4F biometric library | |
9ee5ad546a652339f135f7d29f674a71 | 6eedf65a3cef705546392122a5dfd0e245dd26a0 | VeridiumID VFace biometric library | |
f52814dc47435383652886ea92afc939 | 738641d015f4450f91183946f1ac435ffd96dc27 | Update scripts |