.png){kind=logo}
In Place Upgrade Procedure - Azure
Overview
This guide will upgrade a single node from EJBCA Enterprise version 7.3.1.2 to EJBCA Enterprise 7.3.1.4. In this example, the EJBCA host will have an IP Address of 172.16.17.130. Please change this IP address to be the IP Address that matches the EJBCA node being upgraded.
As of EJBCA Cloud version 3.4.0 several changes have been introduced into the system_backup.sh script. For backups, the primary method of encryption now used is “age”.
Procedure
Download the EJBCA Cloud Upgrade file from your customer download folder or obtain a copy from support at support@primekey.com.
Copy the upgrade package to the EJBCA node using the following method:
Using the CLI:
If using a Mac or Linux based computer use the following command to copy the file to the host (Note: If using AWS, ensure you specify the user as ec2-user with your SSH key and in Azure, specify the user provisioned with your instance)BASHscp ~/Downloads/EJBCA_Cloud_and_V1VM_4.3.7-EJBCA_EE_9_3_6_Upgrade.zip root@172.16.17.130:/opt/dist/If using a program such as WinSCP or CyberDuck:
Click "Open Connection":
Enter the host credentials and click connect:
Select the /opt/dist directory
Drag and drop the file to the EJBCA VM in the /opt/dist directory.
SSH to the EJBCA VM and login as root
BASHssh root@172.16.17.130
Change directory to the /opt directory
BASHcd /optUnzip the upgrade file into the /opt/ directory
BASHunzip dist/EJBCA_Cloud_and_V1VM_4.3.7-EJBCA_EE_9_3_6_Upgrade.zipEnsure the file extracted into the /opt/ directory by doing a directory listing
BASH[root@ejbca-node-01 opt]# ls -la total 0 drwxr-xr-x. 8 root root 148 May 15 17:34 . drwxr-xr-x. 17 root root 261 May 14 20:19 .. drwxr-xr-x. 2 root root 60 May 15 17:29 dist lrwxrwxrwx. 1 root root 22 May 14 18:20 ejbca -> /opt/ejbca_ee_7_3_1_2/ drwxr-xr-x. 7 wildfly wildfly 80 May 14 20:22 ejbca_ee_7_3_1_2 drwxr-xr-x 6 root root 52 May 14 12:20 ejbca_ee_7_3_1_4 drwxr-xr-x. 6 wildfly wildfly 90 May 14 20:23 PrimeKey drwxr-xr-x. 3 root root 21 May 14 17:54 rh lrwxrwxrwx. 1 root root 25 May 14 18:03 wildfly -> /opt/wildfly-10.1.0.Final drwxr-xr-x. 10 wildfly wildfly 237 May 14 18:20 wildfly-10.1.0.Final [root@ejbca-node-01 opt]#Copy the existing config files to the new EJBCA install folder overwriting the default files with the existing files
BASH/bin/cp -f ejbca/conf/*.properties ejbca_ee_7_3_1_4/conf/Stop WildFly
BASHsystemctl stop wildflyRemove "ejbca" symlink
BASHrm ejbcaNOTE: Ensure it asks you to remove symbolic link!
BASHrm: remove symbolic link ‘ejbca’?If sure, select "y" and press enter.
Create a new symbolic link
BASHln -s ejbca_ee_7_3_1_4 ejbcaEnsure the symbolic link points to the new EJBCA directory
BASHlrwxrwxrwx 1 root root 16 May 15 17:53 ejbca -> ejbca_ee_7_3_1_4Change the ownership of the new EJBCA files (ensure the trailing "/" in the command below so the permissions of the directory are changed and not the symlink itself)
BASHchown -R wildfly:wildfly /opt/ejbca/Copy the "ejbca.ear" file to the WildFly deployments directory
BASH/bin/cp -f ejbca/dist/ejbca.ear /opt/wildfly/standalone/deployments/If upgrading to newer versions of EJBCA at EJBCA 7.10.0 or above (EJBCA Cloud 2.X to 3.X), additional steps are needed to change the wildfly startup parameters.
Edit the /etc/systemd/system/wildfly.service file to change the startup serviceBASHfrom: ExecStart=/opt/wildfly/bin/standalone.sh to ExecStart=/bin/bash /opt/wildfly/bin/start.shRestart wildfly
BASHsystemctl start wildflyEnsure the new version of EJBCA is 7.3.1.4 (or the version you are upgrading to.
Apply the latest indexes for your upgraded version of EJBCA. The indexes are located at /opt/ejbca/doc/sql-scripts/create-index-ejbca.sql. Apply this index to the database. The indexes will be skipped that are already applied, and the new ones added for any new EJBCA features will be added to the database.