Upgrading from 6.6 to 6.7

Notable configuration changes

DB service account permissions narrowed

In previous releases, the DB service accounts were granted full permissions to the MySQL DB (GRANT ALL). This has been narrowed to a specific subset of permissions.

See: ServerInstaller > mysql/initScripts8015.sql.tmpl

DB init SQL generation script

ServerInstaller > generateMySQLInitScript.sh

has been added. This streamlines the DB init SQL generation by removing the needs to type in a set of individual commands. SQL scripts are generated for MySQL 8 and 5.7

Upgrade process

Before you start

:warning:
Due to the merging of the CC & UAF services a significant number of structural changes have been made. This makes it difficult to rollback by replacing war files directly.

Please make a full backup of the DB and install directories before upgrading to 6.7.0. If you run into issues, restore from backup.

On master node

Step 1 Backup current <install dir> by making a copy <install dir>-copy
Step 2 Shut down dependencies and services via

  • ./stopHyprDependencies.sh
  • ./stopHyprServices.sh

Step 3 Switch to the <install dir>
Remove existing war files

rm -f CC/CC-*.jar UAF/HYPR-*.war FIDO2/fido2-*.war

Step 4
Un-tar the new <install pkg> (ServerInstaller-*.tar.gz) in the current <install dir>
This will:

  • replace scripts in the <install dir> with the new versions
  • replace war/jar files for relevant components
  • leave existing config in (mysql/mysql-8.0.18-linux-x86_64-minimal redis/redis-4.0.13 vault/vault-0.10.3) untouched
# Un-tar install pkg, overlay on existing
# Do not overwrite the nginx certs (hyprServer.crt, hyprServer.key)
# HYPR_GROUP:HYPR_USER. The should match the values defined in env.sh 

tar -xvf <install pkg> -C /opt/hypr/<install dir> --group=<HYPR_GROUP> --owner=<HYPR_USER> --exclude="hyprServer*"

Confirm that the .install file is still present in the <install dir>

Step 5
Restore env.sh file from the copy made in Step 1

Step 6

  • Start dependencies as normal
  • Start services with re-init vault flag
./startHyprServices --[cluster|single] --rp --enc --reinit-vault

# You should see the following in the output

**** Loading loggingConfigs config into Vault ****
Curl cmd return code: 0

 ✅  Loaded /opt/hypr/UAF/loggingConfigs.json into Vault
Deleting /opt/hypr/UAF/loggingConfigs.json
Generating /opt/hypr/UAF/uafServerConfigBean.json

 **** Loading uafServerConfigBean config into Vault ****
Curl cmd return code: 0

 ✅  Loaded /opt/hypr/UAF/uafServerConfigBean.json into Vault
Deleting /opt/hypr/UAF/uafServerConfigBean.json

Step 7 Systemd services need to be re-installed. Since UAF is gone, the systemd start order has to be modified

cd <install folder>;

# Remove
systemdRemove.sh

# Re-install 
systemdInstall.sh

On each worker node

Repeat steps 1 - 4