In Place Upgrade Procedure
Overview
This guide will upgrade a single node from EJBCA Enterprise version 7.3.1.2 to EJBCA Enterprise 7.3.1.4. In this example, the EJBCA host will have an IP Address of 172.1617.130. Please change this IP address to be the IP Address that matches the EJBCA node being upgraded.
Download the EJBCA Cloud or Virtual Appliance Upgrade file from your customer download folder or obtain a copy from support at support@primekey.com.
- Copy the upgrade package to the EJBCA node using the following method:
Using the CLI:
If using a Mac or Linux based computer use the following command to copy the file to the host (Note: If using AWS, ensure you specify the user as ec2-user with your SSH key and in Azure, specify the user provisioned with your instance)BASHscp ~/Downloads/ejbca_ee_7_3_1_4_virtual_appliance_upgrade.zip root@172.16.17.130:/opt/dist/
- If using a program such as WinSCP or CyberDuck:
Click "Open Connection":
Enter the host credentials and click connect:
Select the /opt/dist directory
Drag and drop the file to the EJBCA VM in the /opt/dist directory.
SSH to the EJBCA VM and login as root
BASHssh root@172.16.17.130
Change directory to the /opt directory
BASHcd /opt
Unzip the upgrade file into the /opt/ directory
BASHunzip dist/ejbca_ee_7_3_1_4_virtual_appliance_upgrade.zip
Ensure the file extracted into the /opt/ directory by doing a directory listing
BASH[root@ejbca-node-01 opt]# ls -la total 0 drwxr-xr-x. 8 root root 148 May 15 17:34 . drwxr-xr-x. 17 root root 261 May 14 20:19 .. drwxr-xr-x. 2 root root 60 May 15 17:29 dist lrwxrwxrwx. 1 root root 22 May 14 18:20 ejbca -> /opt/ejbca_ee_7_3_1_2/ drwxr-xr-x. 7 wildfly wildfly 80 May 14 20:22 ejbca_ee_7_3_1_2 drwxr-xr-x 6 root root 52 May 14 12:20 ejbca_ee_7_3_1_4 drwxr-xr-x. 6 wildfly wildfly 90 May 14 20:23 PrimeKey drwxr-xr-x. 3 root root 21 May 14 17:54 rh lrwxrwxrwx. 1 root root 25 May 14 18:03 wildfly -> /opt/wildfly-10.1.0.Final drwxr-xr-x. 10 wildfly wildfly 237 May 14 18:20 wildfly-10.1.0.Final [root@ejbca-node-01 opt]#
Copy the existing config files to the new EJBCA install folder overwriting the default files with the existing files
BASH/bin/cp -f ejbca/conf/*.properties ejbca_ee_7_3_1_4/conf/
Stop WildFly
BASHsystemctl stop wildfly
Remove "ejbca" symlink
BASHrm ejbca
NOTE: Ensure it asks you to remove symbolic link!
BASHrm: remove symbolic link ‘ejbca’?
If sure, select "y" and press enter.
Create a new symbolic link
BASHln -s ejbca_ee_7_3_1_4 ejbca
Ensure the symbolic link points to the new EJBCA directory
BASHlrwxrwxrwx 1 root root 16 May 15 17:53 ejbca -> ejbca_ee_7_3_1_4
Change the ownership of the new EJBCA files (ensure the trailing "/" in the command below so the permissions of the directory are changed and not the symlink itself)
BASHchown -R wildfly:wildfly /opt/ejbca/
Copy the "ejbca.ear" file to the WildFly deployments directory
BASH/bin/cp -f ejbca/dist/ejbca.ear /opt/wildfly/standalone/deployments/
If upgrading to newer versions of EJBCA at EJBCA 7.10.0 or above, additional steps are needed if you see errors like the following:
BASH2023-02-09 01:46:20,847 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "ejbca.ear")]) - failure description: { "WFLYCTL0412: Required services that are not installed:" => ["jboss.naming.context.java.EjbcaDS"], "WFLYCTL0180: Services with missing/unavailable dependencies" => [ "jboss.persistenceunit.\"ejbca.ear#ejbca\".__FIRST_PHASE__ is missing [jboss.naming.context.java.EjbcaDS]", "jboss.persistenceunit.\"ejbca.ear#ejbca\" is missing [jboss.naming.context.java.EjbcaDS]" ] }
Perform the additional steps for the WildFly configuration. These settings need to be added because of changes in 3.0 of EJBCA Cloud and newer virtual appliances that support multiple database dialects.
1. Stop wildfly
CODEsystemctl stop wildfly
2. In standalone.xml, this value needs to be changed:
CODE<datasource jndi-name="java:/EjbcaDS" pool-name="ejbcads" use-ccm="true"> to <datasource jndi-name="java:/AppDS" pool-name="appds" use-ccm="true">
3. In standalone.xml, need to change this value:BASH<spec-descriptor-property-replacement>false</spec-descriptor-property-replacement> to <spec-descriptor-property-replacement>true</spec-descriptor-property-replacement>
4. In the standalone.conf you need to add to the JAVA_OPTS section, the following line:CODEJAVA_OPTS="${JAVA_OPTS} -Dcontainer.database.name=mysql -Dcontainer.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb"
Alternatively, if you are using an external database, you can upgrade nodes by getting a new node running and doing a cluster join via the wizard. For more information see the AWS cluster upgrade guide or Azure cluster upgrade guide.
Restart wildfly
BASHsystemctl start wildfly
- Ensure the new version of EJBCA is 7.3.1.4 (or the version you are upgrading to.
- Apply the latest indexes for your upgraded version of EJBCA. The indexes are located at /opt/ejbca/doc/sql-scripts/create-index-ejbca.sql. Apply this index to the database. The indexes will be skipped that are already applied, and the new ones added for any new EJBCA features will be added to the database.