Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Starting Configuration:
- ```
- server-1
- domain: conjur-master-1.mycompany.com
- container: Conjur v5.2.2
- configured as: Master
- server-2
- domain: conjur-master-2.mycompany.com
- container: Conjur v5.2.2
- configured as: Synchronous-Standby
- server-3
- domain: conjur-master-3.mycompany.com
- container: Conjur v5.2.2
- configured as: Standby
- server-4
- domain: conjur-follower-1.mycompany.com
- container: Conjur v5.2.2
- configured as: Follower
- ```
- ## Upgrade Instructions
- All steps assume the Conjur container is named `conjur`. The server a command is run on is denoted by `(<server-name>)`.
- 1. Stop all replication on all servers but the master:
- (server-2)
- ```
- $ docker exec conjur evoke replication stop
- ```
- (server-3)
- ```
- $ docker exec conjur evoke replication stop
- ```
- (server-4)
- ```
- $ docker exec conjur evoke replication stop
- ```
- 2. (server-1) Remove all nodes from the from the cluster:
- ```
- $ docker exec conjur evoke cluster member remove conjur-master-2.mycompany.com
- $ docker exec conjur evoke cluster member remove conjur-master-3.mycompany.com
- $ docker exec conjur evoke cluster member remove conjur-master-1.mycompany.com
- ```
- 3. (server-3) Stop and remove Conjur container:
- ```
- $ docker stop conjur
- $ docker rm conjur
- ```
- 4. (server-1) Create a new seed file (alternatively, and old seed file can be used if certificates have not changed):
- ```
- $ docker exec conjur evoke seed standby conjur-master-3.mycompany.com conjur-master-1.mycompany.com > standby-seed.tar
- ```
- 5. (server-3) Launch newer version (5.2.3) of Conjur container on server-3:
- ```
- $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" -p "5432:5432" -p "1999:1999" registry2.itci.conjur.net/conjur-appliance:5.2.3
- ```
- 6. (server-3) Configure new version as promotable standby after unpacking the seed file:
- ```
- $ docker exec conjur evoke unpack seed standby-seed.tar
- $ docker exec conjur evoke configure upgradable
- ```
- 7. (server-2) Stop the other standby:
- ```
- $ docker stop conjur
- ```
- 8. (server-1) Stop the master (auto-failover will not occur because there is not a quorum)
- ```
- $ docker stop conjur
- ```
- 9. (server-3) Promote the new master:
- ```
- $ docker exec conjur evoke role promote
- ```
- 10. (server-3) Generate new seeds for the new standbys and the follower:
- ```
- $ docker exec conjur evoke seed standby conjur-master-1.mycompany.com conjur-master-3.mycompany.com > standby-seed-1.tar
- $ docker exec conjur evoke seed standby conjur-master-2.mycompany.com conjur-master-3.mycompany.com > standby-seed-2.tar
- $ docker exec conjur evoke seed follower conjur-master-4.mycompany.com conjur-master-3.mycompany.com > follower-seed-1.tar
- ```
- 11. Re-provision former master and standby using new version (5.2.3):
- (server-1)
- ```
- $ docker rm conjur
- $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" -p "5432:5432" -p "1999:1999" registry2.itci.conjur.net/conjur-appliance:5.2.3
- $ docker exec conjur evoke unpack seed standby-seed-1.tar
- $ docker exec conjur evoke configure standby
- ```
- (server-2)
- ```
- $ docker rm conjur
- $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" -p "5432:5432" -p "1999:1999" registry2.itci.conjur.net/conjur-appliance:5.2.3
- $ docker exec conjur evoke unpack seed standby-seed-2.tar
- $ docker exec conjur evoke configure standby
- ```
- 12. (server-3) Re-enroll standbys in the cluster:
- ```
- $ docker exec conjur evoke cluster enroll -n conjur-master-3.mycompany.com conjur
- $ docker exec conjur evoke cluster enroll -n conjur-master-1.mycompany.com -m conjur-master-3.mycompany.com conjur
- $ docker exec conjur evoke cluster enroll -n conjur-master-2.mycompany.com -m conjur-master-3.mycompany.com conjur
- ```
- 13. (server-4) Redeploy the follower using the new version (5.2.3):
- ```
- $ docker rm conjur
- $ docker run --name conjur -d --restart=always --security-opt seccomp:<profile> -p "443:443" registry2.itci.conjur.net/conjur-appliance:5.2.3
- $ docker exec conjur evoke unpack seed follower-seed-1.tar
- $ docker exec conjur evoke configure follower
- ```
Add Comment
Please, Sign In to add comment