Secure Your WorkforceSecure Your CustomersAPI ReferenceEnd User GuideSupport

Upgrading from 6.2 to 6.3

Notable configuration changes

DB service account permissions narrowed

In previous releases, the DB service accounts were granted full permissions to the MySQL DB (GRANT ALL). This has been narrowed to a specific subset of permissions.

See: ServerInstaller > mysql/initScripts8015.sql.tmpl

DB init SQL generation script

ServerInstaller > generateMySQLInitScript.sh

has been added. This streamlines the DB init SQL generation by removing the needs to type in a set of individual commands. SQL scripts are generated for MySQL 8 and 5.7

Upgrade process

On master node

Step 1 Backup current <install dir> by making a copy <install dir>-copy
Step 2 Shut down dependencies and services via

  • ./stopHyprDependencies.sh
  • ./stopHyprServices.sh

Step 3 Switch to the <install dir>
Remove existing war files

rm -f CC/CC-*.jar UAF/HYPR-*.war FIDO2/fido2-*.war

Step 4
Un-tar the new <install pkg> (ServerInstaller-*.tar.gz) in the current <install dir>
This will:

  • replace scripts in the <install dir> with the new versions
  • replace war/jar files for relevant components
  • leave existing config in (mysql/mysql-8.0.18-linux-x86_64-minimal redis/redis-4.0.13 vault/vault-0.10.3) untouched
# Un-tar install pkg, overlay on existing
# Do not overwrite the nginx certs (hyprServer.crt, hyprServer.key)
# HYPR_GROUP:HYPR_USER. The should match the values defined in env.sh 

tar -xvf <install pkg> -C /opt/hypr/<install dir> --group=<HYPR_GROUP> --owner=<HYPR_USER> --exclude="hyprServer*"

Confirm that the .install file is still present in the <install dir>

Step 5
Restore env.sh file from the copy made in Step 1
Confirm that the following lines are present in your env.sh. Add if missing. These were added in 3.9 for FIDO2

# Replace the following line  
export UAF_DB_PASSWORD=${UAF_DB_PASSWORD=$(getPassword "UAF_PASSWORD" "${HYPR_INSTALL_INFO}")}
# With:
UAF_DB_PASSWORD=$(getPassword "UAF_PASSWORD" "${HYPR_INSTALL_INFO}")
exitOnInvalidReturnCode $? "Could not decrypt metadata file ${HYPR_INSTALL_INFO}. Ensure that the enc key matches encryption key"
export UAF_DB_PASSWORD

# Replace:
export FIDO2_DB_PASSWORD=${FIDO2_DB_PASSWORD=$(getPassword "FIDO2_PASSWORD" "${HYPR_INSTALL_INFO}")}
# With:
export FIDO2_DB_PASSWORD=$(getPassword "FIDO2_PASSWORD" "${HYPR_INSTALL_INFO}")

# Replace:
export EVENT_DB_PASSWORD=${EVENT_DB_PASSWORD=$(getPassword "EVENT_PASSWORD" "${HYPR_INSTALL_INFO}")}
# With:
export EVENT_DB_PASSWORD=$(getPassword "EVENT_PASSWORD" "${HYPR_INSTALL_INFO}")

# Replace:
export VAULT_DB_PASSWORD=${VAULT_DB_PASSWORD=$(getPassword "VAULT_PASSWORD" "${HYPR_INSTALL_INFO}")}
# With:
export VAULT_DB_PASSWORD=$(getPassword "VAULT_PASSWORD" "${HYPR_INSTALL_INFO}")

# Replace:
export REDIS_PASSWORD=${REDIS_PASSWORD=$(getPassword "REDIS_PASSWORD" "${HYPR_INSTALL_INFO}")}
# With:
export REDIS_PASSWORD=$(getPassword "REDIS_PASSWORD" "${HYPR_INSTALL_INFO}")

Step 5 Start UAF with re-init vault flag
This is needed to update the UAF vault config with settings for Redis. The Redis settings already exist from the previous install, needs to be updated in Vault

./startHyprServices --[cluster|single] --uaf --enc --reinit-vault

# You should see the following in the output

**** Loading loggingConfigs config into Vault ****
Curl cmd return code: 0

 ✅  Loaded /opt/hypr/UAF/loggingConfigs.json into Vault
Deleting /opt/hypr/UAF/loggingConfigs.json
Generating /opt/hypr/UAF/uafServerConfigBean.json

 **** Loading uafServerConfigBean config into Vault ****
Curl cmd return code: 0

 ✅  Loaded /opt/hypr/UAF/uafServerConfigBean.json into Vault
Deleting /opt/hypr/UAF/uafServerConfigBean.json

On each worker node

Repeat steps 1 - 4

Updated about 3 years ago