CA API Gateway 9.1

9.4 9.1

Install Upgrade Files for RHEL/CentOS/SUSE

This topic describes how to upgrade a gateway in the Software form factor, where the host machine's operating system is either Red Hat Enterprise Linux (RHEL), CentOS, or SUSE Linux.
gateway
This topic describes how to upgrade a 
CA API Gateway
 in the Software form factor, where the host machine's operating system is either Red Hat Enterprise Linux (RHEL), CentOS, or SUSE Linux.
If your Software Gateway is running on a Solaris machine, refer to Install Upgrade Files for Solaris instead.
Prerequisite:
 Ensure that steps 1 to 3 in Upgrade a Software Gateway have been performed.
The upgrade differs depending on the database type of the Gateway:
MySQL Database
The MySQL database is used most commonly on Gateways.
To upgrade the Gateway with a MySQL database
:
  1. (Optional, but recommended)
     Back up the database.
  2. Stop the Gateway:
    # service ssg stop
  3. Ensure that a Java SE Development Kit (JDK) has been installed. You do not need to update your JDK at this point.
  4. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 from the Oracle web site. Unzip the files and then copy them to the following directory (assuming the JDK 1.8 was installed to the default directory
    /usr/j2se/
    ):
    # cp UnlimitedJCEPolicy/* /usr/j2se/jdk1.8.0_
    xx
    /jre/lib/security/
  5. Stop the slave in MySQL on all nodes in the cluster:
    # service mysql stop
  6. Change the permissions of all the upgrade files. These files were downloaded in Step 3 of Upgrade a Software Gateway and placed in the directory
    /opt/SecureSpan/Controller
    :
    # chmod 755 /opt/SecureSpan/Controller/*.L7P
    The upgrade files pertaining to this procedure are of the .L7P type only. Depending on your target version of Gateway, you may need to download multiple images and install them in a specific sequence - each image may contain other non-.L7P files that do not apply to the upgrade process. Refer to List of Update Files for more information on the specific image files and .L7P files needed for your Gateway upgrade.
  7. Perform these steps for each upgrade file:
    1. Upload the file with this command:
      # /opt/SecureSpan/Controller/bin/patch.sh upload /opt/SecureSpan/Controller/
      <patchFileName>
    2. Obtain the ID of the patch with this command:
      # /opt/SecureSpan/Controller/bin/patch.sh list
    3. Install the patch with this command: 
      # /opt/SecureSpan/Controller/bin/patch.sh install 
      <patchID>
      Be sure to install the patches in the order listed in List of Update Files
    4. Restart the Gateway if a message onscreen instructs you to do so. For more information, see Patch a Software Gateway.
  8. Open
    my.cnf
     for editing:
    # edit my.cnf
  9. If you have a cluster of Gateways, add the following property to
    my.cnf
    :
    log_bin_trust_function_creators=1
    The following property may also need to be added; contact your system administrator if it is required for your installation:
    slave_exec_mode=IDEMPOTENT
    The properties should be added to this section:
    # Uncommment log-bin and log-slave-update if a clustered
# db server
log-bin=/var/lib/mysql/ssgbin-log
log_bin_trust_function_creators=1
log-slave-update	
# uncomment the next item on 1st db master server
server-id=1
# uncomment the next item on 2nd db master servers
#server-id=2
relay-log = /var/lib/mysql/ssgrelay-bin
relay-log-index = /var/lib/mysql/ssgrelay-bin.index
relay-log-info-file = /var/lib/mysql/ssgrelay-bin.info

# Slave reliability items:
slave-skip-errors=126,1053,1105,1129,1158,1159,1160,1161
slave_compressed_protocol=1
slave-net-timeout=30
slave_exec_mode=IDEMPOTENT
    If your Gateway uses a MySQL database, also add these settings for improved performance:
    innodb_buffer_pool_size=(70% of available memory)M
max_connections=10000
    For example, if you have 10GB (10000M) of available memory, set:
    innodb_buffer_pool_size=7000M
  10. Restart the MySQL service on all nodes in the cluster.
  11. Upgrade the Gateway database on one node. To do this, use option
    1
     ("Upgrade the CA API Gateway database") on the Gateway Main Menu (Software).
    Database upgrade may fail if you are using a remote database. If this occurs, try this workaround:
    a) Run the following SQL statement on the target MySQL:
    GRANT ALL ON 
    .
     TO 'gateway'@'%'; FLUSH PRIVILEGES;
    b) Restart MySQL and then try the database upgrade again.
  12. Start the Gateway. The databases on the other nodes are replicated from the primary database.
  13. Update your JDK, if necessary.
  14. (Optional) If a JDK update was performed, complete the following:
    1. Access the Gateway main menu.
    2. Select option
      2
       (Configure the CA API Gateway) and then option
      1
       (Set Up the Gateway Java VM).
    3. Set the
      Java VM Path
       to the current path of JAVA_HOME.
    4. Exit the main menu and then access a command prompt on the host machine.
    5. Open
      /opt/SecureSpan/Controller/etc/host.properties
       in a text editor.
    6. Set
      Host.jre
       to the current path of JAVA_HOME.
The upgrade is now complete.
Embedded Database
The embedded database built into the Gateway provides greater convenience but less functionality compared to the MySQL database. For more information, see Using the Gateway Embedded Database.
To upgrade the Gateway with the embedded database:
  1. Stop the Gateway service with this command:
    text# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh stop
  2. Back up the previous embedded database by copying this directory to your local directory:
    /opt/SecureSpan/Gateway/node/default/var/db
  3. Remove this directory:
    /opt/SecureSpan
  4. Reboot the host computer.
  5. Extract the Gateway software RPM file from the "CA API Gateway Software Installer" archive. This file name has the format:
    ssg-
    <version>
    -
    <build>
    .noarch.rpm
  6. Install the Gateway software RPM file with this command:
    # rpm -Uvh ssg-
    <version>-<build>
    .noarch.rpm
  7. Next, run the following command to display the Gateway main menu:
    text# /opt/SecureSpan/Gateway/runtime/bin/setup.sh
  8. Select option 
    2
     (Configure the Gateway), and then option
    1
     (Java VM). Verify that the Java VM settings are correct.
  9. Select option
    2
     (Database Connection) and then configure the Gateway to use the embedded database.
  10. Exit the Gateway main menu and reboot the computer.
  11. Restore the database by copying the backup (created in Step 2) to this directory:
    /opt/SecureSpan/Gateway/node/default/var/
  12. Change the ownership and permissions back for the database directory and all of its subdirectories/files
    • Change the owner of database directory (in the previous step) from
      root
       to
      gateway
      .
    • Change the permissions of database directory to
      rwxrwxr-x
    • Change the permissions of the following directory and all its subdirectories to
      rwxrwxr-x
      /opt/SecureSpan/Gateway/node/default/var/db/ssgdb
    • Change the permissions of all files within the "ssgdb" directory (from above) to
      rw-rw-r- -
    • Change the permissions of the subdirectories within the "ssgdb" directory (from above) to
      rwxrwxr-x
    • Change the permissions of the following log file to
      rw-rw-r- -
      /opt/SecureSpan/Gateway/node/default/var/db/derby.log
  13. Start the Gateway:
    text# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh start
    The upgrade is now complete.

Content feedback and comments