Upgrading#
When upgrading the Curity Identity Server between minor or major versions, it is necessary to perform the upgrade in an upgrade campaign. Depending on the changes between the versions the preparation may look different.
The release notes for each version describes breaking changes between the current version and the previous closest version. Also, this section describes the changes that are required to move from one version to the next. For upgrading specific versions, see the following subsections:
| Current Version | Upgrading to Version | Information / Notes |
|---|---|---|
| 8.7.X | 9.0.0 | |
| 9.0.X | 9.1.0 | No changes needed to upgrade |
| 9.1.X | 9.2.0 | No changes needed to upgrade |
| 9.2.X | 9.3.0 | |
| 9.3.X | 9.4.0 | No changes needed to upgrade |
| 9.4.X | 9.5.0 | No changes needed to upgrade |
| 9.5.X | 9.6.0 | No changes needed to upgrade |
| 9.6.X | 9.7.0 | No changes needed to upgrade |
| 9.7.X | 10.0.0 | |
| 10.0.X | 10.1.0 | No changes needed to upgrade |
| 10.1.X | 10.2.0 | No changes needed to upgrade |
| 10.2.X | 10.3.0 | No changes needed to upgrade |
| 10.3.X | 10.4.0 | No changes needed to upgrade |
| 10.4.X | 10.5.0 | No changes needed to upgrade |
| 10.5.X | 10.6.0 | No changes needed to upgrade |
| 10.6.X | 10.7.0 | No changes needed to upgrade |
General Upgrade Procedure#
The binaries of Curity should be entirely replaced when upgrading from one version to the next. The only exception is when receiving a hotfix release which only contains a very small set of file (usually just one), then those files should replace the existing version of that file. In all other cases, the entire installation should be replaced.
The following files may be moved and upgraded between releases:
- Configuration dumped from the system
- JavaScript Procedures, license key, and certificates stored in the
$IDSVR_HOME/etc/init - Templates in
$IDSVR_HOME/usr/share/templates/overridesor$IDSVR_HOME/usr/share/templates/template-areas - Localization files in
$IDSVR_HOME/usr/share/messages/overrides - Plugins (including their dependencies)
- Database schema updates
- Images, CSS files, JavaScript and other resources located in
$IDSVR_HOME/usr/share/webroot
Each of these may require migration if the corresponding delivery states changes to the files are necessary. This will be described in the upgrade procedure in the corresponding section of this guide.
Preparing the upgrade#
1. Start by dumping the active configuration from the system#
From a running system, use the following command to dump the active configuration:
$IDSVR_HOME/bin/idsvr -d > config-backup.xml2. Upgrade the configuration to match the target version#
See the section in this guide matching your version to walk through the updates.
3. Upgrade customized templates to match changes in new version#
Migrate all templates. Curity don’t require the templates to match exactly the version that is in core. But the logic-templates such as templates loading JavaScript or running logic, needs to be updated if changes are made to these.
Form elements such as input field names etc. needs to match the core version of the same template.
4. Upgrade localization files#
New locales may be provided in the new core messages files, if your installation uses other languages than the default ones, these need to be updated with the new message keys for that language.
5. Plugins#
If the Java SDK version of Curity has changed, the plugins needs to be recompiled against the new version of the SDK before deployed in the updated environment. If any of the provided dependencies are used by a plugin and those dependencies’ versions have changed, the plugin should be updated to use the new version of the dependency.
${IDSVR_HOME}/lib/plugins/data.access.jdbc on each node.6. Database Schema updates#
Sometimes the DB schema needs updates, in order to make room for new functionality in Curity. This is accompanied with a migration script in $INSTALL_DIR/misc/upgrade/<Version> for each version. Either run this sql file or manually perform the steps described in the script.
Performing the upgrade#
When upgrading a production cluster it is important to upgrade the system in a campaign. The following section describes a common upgrade procedure that can be used with Curity clusters. The nodes need to be taken out of the cluster and upgraded in order. First the admin node, then the runtime nodes. For this to work, new cluster keys must be used for the upgraded cluster. The procedure works as follows:
Admin node procedure#
- Remove the admin node from the load balancer
- Shutdown the admin node
- Replace the admin node with the new version of Curity
- Run the install script from the new version of Curity to generate new keys for the cluster
- Add the templates, message files, web assets, plugins, etc. back
- Place the
config-backup.xmlfrom the prepare step 1 into$IDSVR_HOME/etc/init - Start the node as admin
At this point the currently running runtime nodes won’t connect to the new admin nodes since they are not using the correct keys. They will continue to operate on their current active config until replaced.
Runtime node procedure#
For each runtime node perform the following operation:
- Remove the runtime node from the load balancer
- Shutdown the node
- Upgrade the node to the new version of Curity
- Add the templates, message files, web assets, plugins, etc. back
- Generate a
startup.propertiesfor the new node. If not specified via the command line, change the server ID and set admin mode to false. Make this file on the admin node like this:
$IDSVR_HOME/bin/genspf -s NEW_NODE_SERVER_ID_1 > startup.properties.node-1- Place the file in
$IDSVR_HOME/etc/startup-propertieson the new runtime node - Start the run-time server node
Procedure Overview#
After the Upgrade#
Clearing the Browser Cache#
The administration Web UI may have changed in ways that requires the browser cache to be purged for the UI to function properly.