- We are using auto increment id generation for primary keys. This can break when we are replicating between multiple DB masters.
- Change PKs to be based on UUIDs generated by the application. This removes issues arising from auto increment
- When starting the 6.15.x server for the first time, DB schema changes will be automatically executed to improve scalability and support for multi-node systems
The tokens will be stored in the DB going forward. API tokens will use the same general mechanism used by the Endpoint tokens. These will have a scope of API. Tokens are stored in the rp_endpoint_api_token table. At runtime they will be cached in Java memory.
New tokens are always created in the DB. These will get replicated by usual means and replicate through the DB (and app) cluster
When an existing Vault token is used or renewed - we take that opportunity to automatically and transparently
- move the token to the DB
- remove it from Vault
From that point forward, this token is considered to be migrated. The change is transparent to the API token consumer, like Keycloak.
When the Access Tokens UI is loaded in CC, the following is logged:
CompositeTokenService.listTokens(49) : vaultTokenCount=0, dbTokenCount=0, rpAppId=delete615webApp, scope=API
Once all tokens are migrated, the vaultTokenCount goes to 0
Starting with this change, the DB generated tokens are prefixed with
hyp. That differentiates them from the legacy Vault tokens. Note that the tokens migrated from Vault to DB will retain the original token name and token identifier
Before You Start
Please make a full backup of the database before upgrading. If you run into issues, you can restore from the backup.
Back up the current
<install dir> by making a copy to
Shut down dependencies and services:
Switch to the
<install dir> and remove the existing WAR files:
rm -f CC/CC-*.jar
Un-tar the new
<install pkg> (ServerInstaller-*.tar.gz) in the current
# Un-tar install pkg, overlay on existing # Do not overwrite the nginx certs (hyprServer.crt, hyprServer.key) # HYPR_GROUP:HYPR_USER. The should match the values defined in env.sh tar -xvf <install pkg> -C /opt/hypr/<install dir> --group=<HYPR_GROUP> --owner=<HYPR_USER> --exclude="hyprServer*"
- replace the scripts in the
<install dir>with the new versions
- replace the WAR/JAR files for relevant components
- leave the existing config in (mysql/mysql-8.0.18-linux-x86_64-minimal redis/redis-4.0.13 vault/vault-0.10.3) untouched
envOverrides.sh file from the copy made in Step 1.
Start dependencies as normal and start services with the
./startHyprServices --[cluster|single] --rp --enc
You should see the following in the output:
✅ Java version 11 available Generating /opt/hypr/CC/controlCenterConfigV68Plus.properties ... ✅ Finished writing to vault ... **** Starting CC service. ... ✅ Port 8009 is listening
Reinstall the systemd services. Since UAF is gone, the systemd start order has to be modified:
cd <install folder>; # Remove systemdRemove.sh # Re-install systemdInstall.sh
Repeat Steps 1-4 from above.
- Reapply your License via the Control Center UI
- Reapply Proxy and SSL Pinning settings via the Control Center UI, if you are using these
Updated about 2 years ago