Upgrading from 6.5 to 6.6

Notable configuration changes

DB service account permissions narrowed

In previous releases, the DB service accounts were granted full permissions to the MySQL DB (GRANT ALL). This has been narrowed to a specific subset of permissions.

See: ServerInstaller > mysql/initScripts8015.sql.tmpl

DB init SQL generation script

ServerInstaller > generateMySQLInitScript.sh

has been added. This streamlines the DB init SQL generation by removing the needs to type in a set of individual commands. SQL scripts are generated for MySQL 8 and 5.7

Upgrade process

On master node

Step 1 Backup current <install dir> by making a copy <install dir>-copy
Step 2 Shut down dependencies and services via

  • ./stopHyprDependencies.sh
  • ./stopHyprServices.sh

Step 3 Switch to the <install dir>
Remove existing war files

rm -f CC/CC-*.jar UAF/HYPR-*.war FIDO2/fido2-*.war

Step 4
Un-tar the new <install pkg> (ServerInstaller-*.tar.gz) in the current <install dir>
This will:

  • replace scripts in the <install dir> with the new versions
  • replace war/jar files for relevant components
  • leave existing config in (mysql/mysql-8.0.18-linux-x86_64-minimal redis/redis-4.0.13 vault/vault-0.10.3) untouched
# Un-tar install pkg, overlay on existing
# Do not overwrite the nginx certs (hyprServer.crt, hyprServer.key)
# HYPR_GROUP:HYPR_USER. The should match the values defined in env.sh 

tar -xvf <install pkg> -C /opt/hypr/<install dir> --group=<HYPR_GROUP> --owner=<HYPR_USER> --exclude="hyprServer*"

Confirm that the .install file is still present in the <install dir>

Step 5
Restore env.sh file from the copy made in Step 1

Step 6 Start services with re-init vault flag

./startHyprServices --[cluster|single] --uaf --enc --reinit-vault

# You should see the following in the output

**** Loading loggingConfigs config into Vault ****
Curl cmd return code: 0

 βœ…  Loaded /opt/hypr/UAF/loggingConfigs.json into Vault
Deleting /opt/hypr/UAF/loggingConfigs.json
Generating /opt/hypr/UAF/uafServerConfigBean.json

 **** Loading uafServerConfigBean config into Vault ****
Curl cmd return code: 0

 βœ…  Loaded /opt/hypr/UAF/uafServerConfigBean.json into Vault
Deleting /opt/hypr/UAF/uafServerConfigBean.json

Step 7 Remove FIDO2 service

rm -rf /etc/systemd/system/hypr-fido2*
rm -rf /etc/systemd/system/hypr-fido2.*
systemctl daemon-reload

On each worker node

Repeat steps 1 - 4