API tools faq
paste
Guest User

Untitled

a guest
Dec 14th, 2018
104
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.10 KB | None | 0 0
raw download clone embed print report
  1. ## Starting Configuration:
  2. ```
  3. server-1
  4. domain: conjur-master-1.mycompany.com
  5. container: Conjur v5.2.2
  6. configured as: Master
  7.  
  8. server-2
  9. domain: conjur-master-2.mycompany.com
  10. container: Conjur v5.2.2
  11. configured as: Synchronous-Standby
  12.  
  13. server-3
  14. domain: conjur-master-3.mycompany.com
  15. container: Conjur v5.2.2
  16. configured as: Standby
  17.  
  18. server-4
  19. domain: conjur-follower-1.mycompany.com
  20. container: Conjur v5.2.2
  21. configured as: Follower
  22. ```
  23. ## Upgrade Instructions
  24.  
  25. All steps assume the Conjur container is named `conjur`. The server a command is run on is denoted by `(<server-name>)`.
  26.  
  27. 1. Stop all replication on all servers but the master:
  28.  
  29. (server-2)
  30. ```
  31. $ docker exec conjur evoke replication stop
  32. ```
  33. (server-3)
  34. ```
  35. $ docker exec conjur evoke replication stop
  36. ```
  37. (server-4)
  38. ```
  39. $ docker exec conjur evoke replication stop
  40. ```
  41.  
  42. 2. (server-1) Remove all nodes from the from the cluster:
  43. ```
  44. $ docker exec conjur evoke cluster member remove conjur-master-2.mycompany.com
  45. $ docker exec conjur evoke cluster member remove conjur-master-3.mycompany.com
  46. $ docker exec conjur evoke cluster member remove conjur-master-1.mycompany.com
  47. ```
  48.  
  49. 3. (server-3) Stop and remove Conjur container:
  50. ```
  51. $ docker stop conjur
  52. $ docker rm conjur
  53. ```
  54.  
  55. 4. (server-1) Create a new seed file (alternatively, and old seed file can be used if certificates have not changed):
  56. ```
  57. $ docker exec conjur evoke seed standby conjur-master-3.mycompany.com conjur-master-1.mycompany.com > standby-seed.tar
  58. ```
  59.  
  60. 5. (server-3) Launch newer version (5.2.3) of Conjur container on server-3:
  61. ```
  62. $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" -p "5432:5432" -p "1999:1999" registry2.itci.conjur.net/conjur-appliance:5.2.3
  63. ```
  64.  
  65. 6. (server-3) Configure new version as promotable standby after unpacking the seed file:
  66. ```
  67. $ docker exec conjur evoke unpack seed standby-seed.tar
  68. $ docker exec conjur evoke configure upgradable
  69. ```
  70.  
  71. 7. (server-2) Stop the other standby:
  72. ```
  73. $ docker stop conjur
  74. ```
  75.  
  76. 8. (server-1) Stop the master (auto-failover will not occur because there is not a quorum)
  77. ```
  78. $ docker stop conjur
  79. ```
  80.  
  81. 9. (server-3) Promote the new master:
  82. ```
  83. $ docker exec conjur evoke role promote
  84. ```
  85.  
  86. 10. (server-3) Generate new seeds for the new standbys and the follower:
  87. ```
  88. $ docker exec conjur evoke seed standby conjur-master-1.mycompany.com conjur-master-3.mycompany.com > standby-seed-1.tar
  89. $ docker exec conjur evoke seed standby conjur-master-2.mycompany.com conjur-master-3.mycompany.com > standby-seed-2.tar
  90. $ docker exec conjur evoke seed follower conjur-master-4.mycompany.com conjur-master-3.mycompany.com > follower-seed-1.tar
  91. ```
  92.  
  93. 11. Re-provision former master and standby using new version (5.2.3):
  94.  
  95. (server-1)
  96. ```
  97. $ docker rm conjur
  98. $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" -p "5432:5432" -p "1999:1999" registry2.itci.conjur.net/conjur-appliance:5.2.3
  99. $ docker exec conjur evoke unpack seed standby-seed-1.tar
  100. $ docker exec conjur evoke configure standby
  101. ```
  102. (server-2)
  103. ```
  104. $ docker rm conjur
  105. $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" -p "5432:5432" -p "1999:1999" registry2.itci.conjur.net/conjur-appliance:5.2.3
  106. $ docker exec conjur evoke unpack seed standby-seed-2.tar
  107. $ docker exec conjur evoke configure standby
  108. ```
  109.  
  110. 12. (server-3) Re-enroll standbys in the cluster:
  111. ```
  112. $ docker exec conjur evoke cluster enroll -n conjur-master-3.mycompany.com conjur
  113. $ docker exec conjur evoke cluster enroll -n conjur-master-1.mycompany.com -m conjur-master-3.mycompany.com conjur
  114. $ docker exec conjur evoke cluster enroll -n conjur-master-2.mycompany.com -m conjur-master-3.mycompany.com conjur
  115. ```
  116.  
  117. 13. (server-4) Redeploy the follower using the new version (5.2.3):
  118. ```
  119. $ docker rm conjur
  120. $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" registry2.itci.conjur.net/conjur-appliance:5.2.3
  121. $ docker exec conjur evoke unpack seed follower-seed-1.tar
  122. $ docker exec conjur evoke configure follower
  123. ```
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!