Upgrade VeridiumID Containers from 3.6.x to v3.7.0
1. Prerequisites
Please install the following software on the machine that will be used to deploy VeridiumID:
Helm 3. Please check your installed version by running
helm version
Starting with version 3.7, in order for the push notification to work on Android, the following URL should be whitelisted in proxy for outbound connections.
oauth2.googleapis.comUntil now the following 2 URLs were necessary to be whitelisted.
api.push.apple.com
fcm.googleapis.comHow to test:
export http_proxy=IP:PORT
export https_proxy=IP:PORT
curl https://api.push.apple.com:443
curl https://fcm.googleapis.com:443
curl https://oauth2.googleapis.com:443
##response 404 is fine, if it is received.2. Download docker images
If using a custom Docker registry, please download and unpack the following archive, then upload its contents to your Docker registry.
URL | SHA256 | MD5 |
|---|---|---|
98d88c6af356d693107013bfa2938118f270fa6476e1b48ea54ba9345238883f | 3108f1db173ae9908634ae20434570fa |
3. Change directory to the folder where veridium-containers folder is located
4. Download required files
wget --user <NEXUS_USER> --password <NEXUS_PASSWORD> https://veridium-repo.veridium-dev.com/repository/helm-releases/veridiumid-containers/3.7.0/veridiumid-laas-3.7.0.zip
unzip -o veridiumid-laas-3.7.0.zip -d 3.7.05. Begin upgrade
The NAMESPACE and ENV_NO variables depend on your existing installation.
In veridiumid-containers/k8ssandra-values.yaml file under cassandra.serverImage section, change the tag of vid-cassandra image to 11.0.39
# update Cassandra
helm upgrade --install -n <NAMESPACE> -f veridiumid-containers/k8ssandra-values.yaml k8ssandra-<ENV_NO> ./3.7.0/vid-k8ssandra-0.6.5.tgz
# upgrade VeridiumID
helm upgrade --install -n <NAMESPACE> -f veridiumid-containers/veridiumid-values.yaml veridiumid ./3.7.0/veridiumid-0.6.5.tgz6. Post upgrade config
6.1. This procedure will migrate all the data to Elasticsearch (devices, accounts) in order to have better reports.
Please execute the following command in the vid-maintenance pod:
## if websec and websecadmin is not starting, with error: org.apache.zookeeper.KeeperException$NoNodeException: KeeperErrorCode = NoNode for /shibboleth/oidc-veridium-clients.json
## run below script
/scripts/initialize-shibboleth.sh
## before migrating data, please modify in websecadmin elasticsearch.json -> socketTimeoutMs: 120000
/scripts/migrate_to_elk.sh6.2. If “Error message: [es/index] failed: [mapper_parsing_exception] failed to parse field [authenticationDeviceOsPatch] of type [date] in document with id“ error appears in vid-websec log, the bellow procedure should be applied:
index=veridium.sessions-$(date '+%Y-%m')
curl -k -X PUT https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/${index}/_block/write
curl -k -X POST https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/_reindex?wait_for_completion=false -H 'Content-Type: application/json' -d '{"source":{"index":"'${index}'"},"dest":{"index":"'${index}'_00001"}}'
# wait until task is completed
curl -k https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/_tasks/{TASK_ID}
curl -k -X POST https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/veridium.*/_flush
curl -k -X DELETE https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/${index}6.3. Increase number of replicas in Elasticsearch
First, using Websecadmin / Advanced section, edit the elasticsearch/index-templates.json and change all occurrences of number_of_replicas to 2.
Next, execute the following commands in the vid-maintenance pod:
curl -k https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/_cat/indices
curl -k https://elastic:$ELASTICSEARCH_PASSWORD@$ELASTICSEARCH_HOST:9200/veridium.*/_settings -H "Content-Type: application/json" -X PUT -d'{"index":{"number_of_replicas":2}}'6.4. If “Error Forbiden operation appears when accessing SSP”, the following workaround should be applied:
Please execute the following CQL query in any Cassandra pod (using cqlsh):
UPDATE veridium.wizard SET steps_statuses = { '/setup/setupBiometrics': False, '/setup/setupSspPermission': False}, ended = false, started = false, muted = false WHERE id = '34f73631-cfb1-452e-8687-c8fe8657846d';