Upgrading from 6.7 to 6.8

Notable Configuration Changes
Extension API Changes
Upgrade Process

Notable Configuration Changes

Java 11 is Required

The HYPR services now require Java 11 to run. Please make sure Java 11 is the default on the server by installing as follows:

  1. Remove existing Java install(s):
yum list installed | grep jdk | xargs sudo yum remove -y
  1. Install Java 11:
sudo yum install java-11-openjdk-devel.x86_64 -y

Python 3 is Required

HYPR uses Python scripts for a more robust install process. If Python 3 is not present, install using:

sudo yum install -y python3

Note that Python is not needed during runtime.

Configuration Management Improvements

  • Vault properties have been consolidated under the <name space>/controlCenterConfigV68Plus key
  • The install process and env.sh config file are unchanged. The Install process will write the new controlCenterConfigV68Plus key into Vault. The existing keys will be left as is, but are not used any more.
  • Vault properties are documented here https://docs.hypr.com/installinghypr/page/server-propeprties
  • Configuration settings which are changed via the Control Center UI (such as License, Proxy, and SSL Pinning) are no longer stored in Vault. Instead, these settings are now stored in the rp_server_config database table. This will avoid situations where the license or other settings are lost because Vault was reset.

License, Proxy, and SSL Pinning settings need to be re-applied

Because these settings have been moved from Vault to the database they will need to be reapplied via the Control Center UI after the 6.8 upgrade.

Extension API Changes



Any existing Control Center extensions that use the AuthenticationExtensionPoint or
DeviceDeregistrationExtensionPoint endpoints will need to be recompiled to work with the 6.8 release due to changes in the PostOOBAuthStatusDto and DeviceDeleteDto definitions.

Code changes required:

  1. Modify the following import statements if used:
import com.hypr.server.rp.domain.client.RequestStatus;import com.hypr.server.rp.extensions.model.RequestStatus;
import com.hypr.server.rp.domain.device.DeviceType;import com.hypr.server.rp.extensions.model.DeviceType;
  1. Change the Control Center Extension API version in your pom.xml file.
<!-- HYPR -->
  <!-- IMPORTANT - provided the CC -->
<!-- END HYPR -->

Upgrade Process

On Master Node
On Each Worker Node
Post Install


Before You Start

Please make a full backup of the database before upgrading. If you run into issues, you can restore from the backup.

On Master Node

Step 1
Back up the current <install dir> by making a copy to <install dir>-copy

Step 2
Shut down dependencies and services:


Step 3
Switch to the <install dir> and remove the existing WAR files:

rm -f CC/CC-*.jar UAF/HYPR-*.war FIDO2/fido2-*.war

Step 4
Un-tar the new <install pkg> (ServerInstaller-*.tar.gz) in the current <install dir>

# Un-tar install pkg, overlay on existing
# Do not overwrite the nginx certs (hyprServer.crt, hyprServer.key)
# HYPR_GROUP:HYPR_USER. The should match the values defined in env.sh 

tar -xvf <install pkg> -C /opt/hypr/<install dir> --group=<HYPR_GROUP> --owner=<HYPR_USER> --exclude="hyprServer*"

This will:

  • replace the scripts in the <install dir> with the new versions
  • replace the WAR/JAR files for relevant components
  • leave the existing config in (mysql/mysql-8.0.18-linux-x86_64-minimal redis/redis-4.0.13 vault/vault-0.10.3) untouched

After the un-tar, confirm that the following files are present:

  • /.install file (by running ls -la)
  • /VaultHelper.py
  • /CC/controlCenterConfigV68Plus.sh

Step 5
Restore the env.sh file from the copy made in Step 1.

Step 6
Start dependencies as normal and start services with the reinit-vault flag:

./startHyprServices --[cluster|single] --rp --enc --reinit-vault

You should see the following in the output:

βœ…  Java version 11 available
Generating /opt/hypr/CC/controlCenterConfigV68Plus.properties
βœ… Finished writing to vault
**** Starting CC service. CC-6.8.0-SNAPSHOT.jar Debug: false ****
βœ…  Port 8009 is listening

Step 7
Confirm that Vault contains the new key controlCenterConfigV68Plus. The old keys will not be used by 6.8. Leave them in place for now, in case a rollback is needed.


Step 8
Reinstall the systemd services. Since UAF is gone, the systemd start order has to be modified:

cd <install folder>;

# Remove

# Re-install 

On Each Worker Node

Repeat Steps 1-4 from above.

Post Install

  • Reapply your License via the Control Center UI
  • Reapply Proxy and SSL Pinning settings via the Control Center UI, if you are using these