Autonomous Identity 2022.11.11

Upgrade Autonomous Identity

Autonomous Identity provides an upgrade command to update your core software to the latest version while migrating your data.

Upgrade Considerations

  • Database Systems are the Same. If your current database is Apache Cassandra, you cannot upgrade to a MongoDB-based system. You will need to run a clean installation with the new version.

  • Host IPs should be the Same. Host IP addresses must be the same for existing components. You must update the ~/autoid-config/hosts file by adding the IP addresses for the Elasticsearch entries. Refer to the instructions below.

  • Registry Key Required. To download the deployment images for the upgrade, you still need your registry key to log into the ForgeRock Google Cloud Registry. Copy your registry key from your previous build to your new upgrade.

Make sure to test the upgrade on a staging or QA server before running it in production.

Upgrade Paths

The upgrade assumes the following upgrade paths depends on your current deployment version. The preferred upgrade path is to the latest patch release.

Clean installations of Autonomous Identity 2022.11.x (2022.11.0–2022.11.10) to 2022.11.11 use the new deployer pro script. Upgrades from version 2021.8.7 to 2022.11.x to 2022.11.11 use the older deployer script. The upgrade procedures differ slightly between the deployer pro and deployer versions, primarily in certificates directory creation (deployer versions) and using the proper image name during the create-template command (deployer pro and deployer versions).

The following chart summarizes these upgrade paths:

Table 1: Upgrade Paths
Version Upgrade To Refer to

2022.11.x (deployer-pro)

2022.11.11 (deployer-pro)

2022.11.x Air-Gapped (deployer-pro)

2022.11.11 Air-Gapped (deployer-pro)

2022.11.0 (deployer)

2022.11.11 (deployer)

2022.11.0 Air-Gapped (deployer)

2022.11.11 Air Gapped (deployer)

Upgrade from Autonomous Identity 2022.11.x to 2022.11.11 using deployer pro

The following instructions are for upgrading from Autonomous Identity version 2022.11.0–2022.11.10 to the latest version 2022.11.11 in non air-gapped deployments using the deployer pro.

The following steps assume you ran a fresh install of Autonomous Identity 2022.11.x, which uses deployer pro. Make sure you have upgraded your third-party software packages to the supported versions prior to upgrade.
Upgrade from 2022.11.x to 2022.11.11 (Non Air-Gap) using deployer pro:
  1. Start on the target server, and back up your /data/conf configuration file. The upgrade overwrites this file when updating, so you must restore this file after running the upgrade.

    sudo mv /data/conf ~/backup-data-conf-2022.11.x
  2. Next, if you changed any analytic settings on your deployment, make note of your configuration, so that you can replicate those settings on the upgraded server. Log in to Autonomous Identity, navigate to Administration > Analytic Settings, and record your settings.

  3. On the deployer machine, back up the 2022.11.x ~/autoid-config directory or move it to another location.

    mv ~/autoid-config ~/backup-2022.11.x
  4. Create a new ~/autoid-config directory.

    mkdir ~/autoid-config
  5. Copy your autoid_registry_key.json, ansible.cfg, and vault.yml files from your backup directory to ~/autoid-config. If your vault.yml file is encrypted, copy the .autoid_vault_password file to ~/autoid-config.

  6. Set up your certificate directories for Opensearch, MongoDB, or Cassandra for the deployer:

    1. Create a certificate directory Opensearch:

      mkdir -p autoid-config/certs/elastic
    2. Copy the Opensearch certificates and JKS files to autoid-config/certs/elastic.

    3. Create a certificate directory for MongoDB (if you use MongoDB):

      mkdir -p autoid-config/certs/mongo
    4. Copy the MongoDB certificates and JKS files to autoid-config/certs/mongo.

    5. Create a certificate directory for Cassandra (if you use Cassandra):

      mkdir -p autoid-config/certs/cassandra
    6. Copy the Cassandra certificates and JKS files to autoid-config/certs/cassandra.

  7. Copy your original SSH key into the new directory.

    cp ~/.ssh/id_rsa ~/autoid-config
  8. Change the permission on the SSH key.

    chmod 400 ~/autoid-config/id_rsa
  9. Check if you can successfully SSH to the target server.

    ssh autoid@<Target-IP-Address>
    
    Last login: Mon Mar 19 12:20:18 2024
  10. On the deployer node, change to the ~/autoid-config directory.

    cd ~/autoid-config
  11. Log in to the ForgeRock Google Cloud Registry using the registry key. The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.

    docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoid

    You should see:

    Login Succeeded
  12. Run the create-template command to generate the deployer.sh script wrapper and configuration files. Note that the command sets the configuration directory on the target node to /config. The --user parameter eliminates the need to use sudo while editing the hosts file and other configuration files.

    docker run --user=$(id -u) -v ~/autoid-config:/config \
    -it gcr.io/forgerock-autoid/deployer-pro:2022.11.11 create-template
  13. Configure your upgraded system by editing the ~/autoid-config/vars.yml , ~/autoid-config/hosts , and ~/autoid-config/vault.yml files on the deployer machine.

    You must keep your configuration settings consistent from one system to another.
  14. Stop the stack.

    If you are upgrading a multi-node deployment, run this command on the Docker Manager node.
    docker stack rm configuration-service consul-server consul-client nginx jas swagger-ui ui api notebook

    You should see:

    Removing service configuration-service_configuration-service
    Removing service consul-server_consul-server
    Removing service consul-client_consul-client
    Removing service nginx_nginx
    Removing service jas_jasnode
    Removing service swagger-ui_swagger-ui
    Removing service ui_zoran-ui
    Removing service api_zoran-api
    Nothing found in stack: notebook
  15. Prune old Docker images before running the upgrade command:

    1. Get all of the Docker images:

      docker images
    2. Identify the images that are Autonomous Identity-related. They start with the URL of the ForgeRock Google Cloud Registry (ForgeRock GCR). For example:

      REPOSITORY                                    TAG         IMAGE ID       CREATED       SIZE
      <ForgeRock GCR>/ci/develop/deployer           650879186   075481cea4c2   2 hours ago   823MB
      <ForgeRock GCR>/ci/develop/offline-packages   650879186   e1a90f389ccc   2 hours ago   3.03GB
      <ForgeRock GCR>/ci/develop/zoran-ui           650879186   bd303a28b5df   2 hours ago   35.3MB
      <ForgeRock GCR>/ci/develop/zoran-api          650879186   114d1aca5b0a   2 hours ago   421MB
      <ForgeRock GCR>/ci/develop/nginx              650879186   43b410661269   2 hours ago   16.7MB
      <ForgeRock GCR>/ci/develop/jas                650879186   2821e5c365d8   2 hours ago   491MB
    3. Remove the old images using the docker rmi command. For example:

      docker rmi -f <image ID>
      
      Example:
      docker rmi -f 075481cea4c2
    4. Repeat the previous command to remove all of the Autonomous Identity-related Docker images.

  16. For multinode deployments, run the following on the Docker Worker node:

    docker swarm leave
  17. Enter exit to end your SSH session.

  18. From the deployer, restart Docker command:

    sudo systemctl restart docker
  19. Download the images. This step downloads software dependencies needed for the deployment and places them in the autoid-packages directory. Make sure you are in the ~/autoid-config directory.

    ./deployer.sh download-images
  20. On the Spark-Livy machine, run the following commands to install the python package dependencies:

    1. Change to the /opt/autoid directory:

      cd /opt/autoid
    2. Create a requirements.txt file with the following content:

      six==1.11
      certifi==2019.11.28
      python-dateutil==2.8.1
      jsonschema==3.2.0
      cassandra-driver
      numpy==1.22.0
      pyarrow==6.0.1
      wrapt==1.11.0
      PyYAML==6.0
      requests==2.31.0
      urllib3==1.26.18
      pymongo
      pandas==1.3.5
      tabulate
      openpyxl
      wheel
      cython
    3. Install the requirements file:

      pip3 install -r requirements.txt
  21. Run the upgrade:

    ./deployer.sh upgrade
  22. On the Spark-Livy machine, run the following commands to install the Python wheel distribution:

    1. Install the wheel file:

      cd /opt/autoid/eggs
      pip3.10 install autoid_analytics-2021.3-py3-none-any.whl
    2. Source the .bashrc file:

      source ~/.bashrc
    3. Restart Spark and Livy.

      ./spark/sbin/stop-all.sh
      ./livy/bin/livy-server stop
      
      ./spark/sbin/start-all.sh
      ./livy/bin/livy-server start
  23. SSH to the target server.

  24. On the target server, restore your /data/conf configuration data file from your previous installation.

    sudo mv ~/backup-data-conf-2022.11.x /data/conf
  25. Re-apply your analytics settings to your upgraded server if you made changes on your previous Autonomous Identity machine. Log in to Autonomous Identity, navigate to Administration > Analytics Settings, and edit your changes.

  26. Log out, and then log back in to Autonomous Identity.

You have successfully upgraded your Autonomous Identity server to 2022.11.11.

Upgrade from Autonomous Identity 2022.11.x to 2022.11.11 Air-Gapped using deployer pro

The following instructions are for upgrading from Autonomous Identity version 2022.11.0–2022.11.10 on air-gapped deployments using the deployer pro.

The following steps assume you ran a fresh install of Autonomous Identity 2022.11.x, which uses deployer pro. Make sure you have upgraded your third-party software packages to the supported versions prior to upgrade.
Upgrade from 2022.11.x to 2022.11.11 Air-Gapped using deployer pro:
  1. Start on the target server, and back up your /data/conf configuration file. The upgrade overwrites this file when updating, so you must restore this file after running the upgrade.

    sudo mv /data/conf ~/backup-data-conf-2022.11.x
  2. Next, if you changed any analytic settings on your deployment, make note of your configuration, so that you can replicate those settings on the upgraded server. Log in to Autonomous Identity, navigate to Administration > Analytic Settings, and record your settings.

  3. On the deployer machine, back up the 2022.11.x ~/autoid-config directory or move it to another location.

    mv ~/autoid-config ~/backup-2022.11.x
  4. Create a new ~/autoid-config directory.

    mkdir ~/autoid-config
  5. Copy your autoid_registry_key.json, ansible.cfg, and vault.yml files from your backup directory to ~/autoid-config. If your vault.yml file is encrypted, copy the .autoid_vault_password file to ~/autoid-config.

  6. Set up your certificate directories for Opensearch, MongoDB, or Cassandra for the deployer:

    1. Create a certificate directory Opensearch:

      mkdir -p autoid-config/certs/elastic
    2. Copy the Opensearch certificates and JKS files to autoid-config/certs/elastic.

    3. Create a certificate directory for MongoDB (if you use MongoDB):

      mkdir -p autoid-config/certs/mongo
    4. Copy the MongoDB certificates and JKS files to autoid-config/certs/mongo.

    5. Create a certificate directory for Cassandra (if you use Cassandra):

      mkdir -p autoid-config/certs/cassandra
    6. Copy the Cassandra certificates and JKS files to autoid-config/certs/cassandra.

  7. Copy your original SSH key into the new directory.

    cp ~/.ssh/id_rsa ~/autoid-config
  8. Change the permission on the SSH key.

    chmod 400 ~/autoid-config/id_rsa
  9. On the deployer node, change to the ~/autoid-config directory.

    cd ~/autoid-config
  10. Log in to the ForgeRock Google Cloud Registry using the registry key. The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.

    docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoid

    You should see:

    Login Succeeded
  11. Run the create-template command to generate the deployer.sh script wrapper and configuration files. Note that the command sets the configuration directory on the target node to /config. The --user parameter eliminates the need to use sudo while editing the hosts file and other configuration files.

    docker run --user=$(id -u) -v ~/autoid-config:/config \
    -it gcr.io/forgerock-autoid/deployer-pro:2022.11.11 create-template
  12. Configure your upgraded system by editing the ~/autoid-config/vars.yml , ~/autoid-config/hosts , and ~/autoid-config/vault.yml files on the deployer machine.

    You must keep your configuration settings consistent from one system to another.
  13. Download the images. This step downloads software dependencies needed for the deployment and places them in the autoid-packages directory. Make sure you are in the ~/autoid-config directory.

    ./deployer.sh download-images
  14. On the Spark-Livy machine, run the following commands to install the python package dependencies:

    1. Change to the /opt/autoid directory:

      cd /opt/autoid
    2. Create a requirements.txt file with the following content:

      six==1.11
      certifi==2019.11.28
      python-dateutil==2.8.1
      jsonschema==3.2.0
      cassandra-driver
      numpy==1.22.0
      pyarrow==6.0.1
      wrapt==1.11.0
      PyYAML==6.0
      requests==2.31.0
      urllib3==1.26.18
      pymongo
      pandas==1.3.5
      tabulate
      openpyxl
      wheel
      cython
    3. Install the requirements file:

      pip3 install -r requirements.txt
  15. Stop the stack.

    If you are upgrading a multi-node deployment, run this command on the Docker Manager node.
    docker stack rm configuration-service consul-server consul-client nginx jas swagger-ui ui api notebook

    You should see:

    Removing service configuration-service_configuration-service
    Removing service consul-server_consul-server
    Removing service consul-client_consul-client
    Removing service nginx_nginx
    Removing service jas_jasnode
    Removing service swagger-ui_swagger-ui
    Removing service ui_zoran-ui
    Removing service api_zoran-api
    Nothing found in stack: notebook
  16. Prune old Docker images before running the upgrade command:

    1. Get all of the Docker images:

      docker images
    2. Identify the images that are Autonomous Identity-related. They start with the URL of the ForgeRock Google Cloud Registry (ForgeRock GCR). For example:

      REPOSITORY                                    TAG         IMAGE ID       CREATED       SIZE
      <ForgeRock GCR>/ci/develop/deployer           650879186   075481cea4c2   2 hours ago   823MB
      <ForgeRock GCR>/ci/develop/offline-packages   650879186   e1a90f389ccc   2 hours ago   3.03GB
      <ForgeRock GCR>/ci/develop/zoran-ui           650879186   bd303a28b5df   2 hours ago   35.3MB
      <ForgeRock GCR>/ci/develop/zoran-api          650879186   114d1aca5b0a   2 hours ago   421MB
      <ForgeRock GCR>/ci/develop/nginx              650879186   43b410661269   2 hours ago   16.7MB
      <ForgeRock GCR>/ci/develop/jas                650879186   2821e5c365d8   2 hours ago   491MB
    3. Remove the old images using the docker rmi command. For example:

      docker rmi -f <image ID>
      
      Example:
      docker rmi -f 075481cea4c2
  17. For multinode deployments, run the following on the Docker Worker node:

    docker swarm leave
  18. From the deployer, restart Docker:

    sudo systemctl restart docker
  19. Create a tar file containing all of the Autonomous Identity binaries.

    tar czf autoid-packages.tgz deployer.sh autoid-packages/*
  20. Copy the autoid-packages.tgz, deployer.sh, and SSH key (id_rsa ) to a portable hard drive.

  21. On the air-gapped target machine, backup your previous ~/autoid-config directory, and then create a new ~/autoid-config directory.

    mkdir ~/autoid-config
  22. Copy the autoid-package.tgz tar file, deployer.sh, and SSH key from the portable storage device to the /autoid-config folder.

  23. Unpack the tar file.

    tar xf autoid-packages.tgz -C ~/autoid-config
  24. Set up your certificate directories for Opensearch, MongoDB, or Cassandra for the deployer:

    1. Create a certificate directory Opensearch:

      mkdir -p autoid-config/certs/elastic
    2. Copy the Opensearch certificates and JKS files to autoid-config/certs/elastic.

    3. Create a certificate directory for MongoDB (if you use MongoDB):

      mkdir -p autoid-config/certs/mongo
    4. Copy the MongoDB certificates and JKS files to autoid-config/certs/mongo.

    5. Create a certificate directory for Cassandra (if you use Cassandra):

      mkdir -p autoid-config/certs/cassandra
    6. Copy the Cassandra certificates and JKS files to autoid-config/certs/cassandra.

  25. Copy the SSH key to the ~/autoid-config directory.

  26. Change the privileges to the file.

    chmod 400 ~/autoid-config/id_rsa
  27. Change to the configuration directory.

    cd ~/autoid-config
  28. Import the deployer image.

    ./deployer.sh import-deployer

    You should see:

    …​
    db631c8b06ee: Loading layer [=============================================⇒]   2.56kB/2.56kB
    2d62082e3327: Loading layer [=============================================⇒]  753.2kB/753.2kB
    Loaded image: <ForgeRock Google cloud registry URl>/deployer:2022.11.11
  29. Create the configuration template using the create-template command. This command creates the configuration files: ansible.cfg , vars.yml , vault.yml and hosts.

    ./deployer.sh create-template

    You should see:

    Config template is copied to host machine directory mapped to /config
  30. Configure your upgraded system by editing the ~/autoid-config/vars.yml , ~/autoid-config/hosts , and ~/autoid-config/vault.yml files on the deployer machine.

    You must keep your configuration settings consistent from one system to another.
  31. Run the upgrade:

    ./deployer.sh upgrade
  32. On the Spark-Livy machine, run the following commands to install the Python wheel distribution:

    1. Install the wheel file:

      cd /opt/autoid/eggs
      pip3.10 install autoid_analytics-2021.3-py3-none-any.whl
    2. Source the .bashrc file:

      source ~/.bashrc
    3. Restart Spark and Livy.

      ./spark/sbin/stop-all.sh
      ./livy/bin/livy-server stop
      
      ./spark/sbin/start-all.sh
      ./livy/bin/livy-server start
  33. SSH to the target server.

  34. On the target server, restore your /data/conf configuration data file from your previous installation.

    sudo mv ~/backup-data-conf-2022.11.x /data/conf
  35. Re-apply your analytics settings to your upgraded server if you made changes on your previous Autonomous Identity machine. Log in to Autonomous Identity, navigate to Administration > Analytics Settings, and edit your changes.

  36. Log out, and then log back in to Autonomous Identity.

You have successfully upgraded your Autonomous Identity server to 2022.11.11.

Upgrade from Autonomous Identity 2022.11.x to 2022.11.11 using the deployer

The following instructions are for upgrading from Autonomous Identity version 2022.11.0–2022.11.10 to the latest version 2022.11.11 in non air-gapped deployments using the deployer.

If you upgraded from any Autonomous Identity version 2021.8.7 or earlier to version 2022.11.x, then you are using the deployer.
Upgrade from 2022.11.x to 2022.11.11 (Non Air-Gap) using deployer:
  1. Start on the target server, and back up your /data/conf configuration file. The upgrade overwrites this file when updating, so you must restore this file after running the upgrade.

    sudo mv /data/conf ~/backup-data-conf-2022.11.x
  2. Next, if you changed any analytic settings on your deployment, make note of your configuration, so that you can replicate those settings on the upgraded server. Log in to Autonomous Identity, navigate to Administration > Analytic Settings, and record your settings.

  3. On the deployer machine, back up the 2022.11.x ~/autoid-config directory or move it to another location.

    mv ~/autoid-config ~/backup-2022.11.x
  4. Create a new ~/autoid-config directory.

    mkdir ~/autoid-config
  5. Copy your autoid_registry_key.json from your backup directory to ~/autoid-config.

  6. Copy your original SSH key into the new directory.

    cp ~/.ssh/id_rsa ~/autoid-config
  7. Change the permission on the SSH key.

    chmod 400 ~/autoid-config/id_rsa
  8. Check if you can successfully SSH to the target server.

    ssh autoid@<Target-IP-Address>
    
    Last login: Mon Jan 23 12:20:18 2024
  9. On the deployer node, change to the ~/autoid-config directory.

    cd ~/autoid-config
  10. Log in to the ForgeRock Google Cloud Registry using the registry key. The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.

    docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoid

    You should see:

    Login Succeeded
  11. Run the create-template command to generate the deployer.sh script wrapper and configuration files. Note that the command sets the configuration directory on the target node to /config. The --user parameter eliminates the need to use sudo while editing the hosts file and other configuration files.

    docker run --user=$(id -u) -v ~/autoid-config:/config \
    -it gcr.io/forgerock-autoid/deployer:2022.11.11 create-template
  12. Configure your upgraded system by editing the ~/autoid-config/vars.yml , ~/autoid-config/hosts , and ~/autoid-config/vault.yml files on the deployer machine.

    You must keep your configuration settings consistent from one system to another.
  13. Stop the stack.

    If you are upgrading a multi-node deployment, run this command on the Docker Manager node.
    docker stack rm configuration-service consul-server consul-client nginx jas swagger-ui ui api notebook

    You should see:

    Removing service configuration-service_configuration-service
    Removing service consul-server_consul-server
    Removing service consul-client_consul-client
    Removing service nginx_nginx
    Removing service jas_jasnode
    Removing service swagger-ui_swagger-ui
    Removing service ui_zoran-ui
    Removing service api_zoran-api
    Nothing found in stack: notebook
  14. Prune old Docker images before running the upgrade command:

    1. Get all of the Docker images:

      docker images
    2. Identify the images that are Autonomous Identity-related. They start with the URL of the ForgeRock Google cloud registry (ForgeRock GCR). For example:

      REPOSITORY                                    TAG         IMAGE ID       CREATED       SIZE
      <ForgeRock GCR>/ci/develop/deployer           650879186   075481cea4c2   2 hours ago   823MB
      <ForgeRock GCR>/ci/develop/offline-packages   650879186   e1a90f389ccc   2 hours ago   3.03GB
      <ForgeRock GCR>/ci/develop/zoran-ui           650879186   bd303a28b5df   2 hours ago   35.3MB
      <ForgeRock GCR>/ci/develop/zoran-api          650879186   114d1aca5b0a   2 hours ago   421MB
      <ForgeRock GCR>/ci/develop/nginx              650879186   43b410661269   2 hours ago   16.7MB
      <ForgeRock GCR>/ci/develop/jas                650879186   2821e5c365d8   2 hours ago   491MB
    3. Remove the old images using the docker rmi command. For example:

      docker rmi -f <image ID>
      
      Example:
      docker rmi -f 075481cea4c2
    4. Repeat the previous command to remove all of the Autonomous Identity-related Docker images.

  15. For multinode deployments, run the following on the Docker Worker node:

    docker swarm leave
  16. Enter exit to end your SSH session.

  17. From the deployer, restart Docker command:

    sudo systemctl restart docker
  18. Download the images. This step downloads software dependencies needed for the deployment and places them in the autoid-packages directory. Make sure you are in the /autoid-config directory.

    ./deployer.sh download-images
  19. Run the upgrade:

    ./deployer.sh upgrade
  20. SSH to the target server.

  21. On the target server, restore your /data/conf configuration data file from your previous installation.

    sudo mv ~/backup-data-conf-2022.11.x /data/conf
  22. Re-apply your analytics settings to your upgraded server if you made changes on your previous Autonomous Identity machine. Log in to Autonomous Identity, navigate to Administration > Analytics Settings, and edit your changes.

  23. Log out, and then log back in to Autonomous Identity.

You have successfully upgraded your Autonomous Identity server to 2022.11.11.

Upgrade from Autonomous Identity 2022.11.x to 2022.11.11 Air-Gapped using the deployer

The following instructions are for upgrading from Autonomous Identity version 2022.11.0–2022.11.10 to the latest version 2022.11.11 on air-gapped deployments using the deployer.

Upgrade from 2022.11.x to 2022.11.11 Air-Gapped using deployer:
  1. Start on the target server, and back up your /data/conf configuration file. The upgrade overwrites this file when updating, so you must restore this file after running the upgrade.

    sudo mv /data/conf ~/backup-data-conf-2022.11.x
  2. Next, if you changed any analytic settings on your deployment, make note of your configuration, so that you can replicate those settings on the upgraded server. Log in to Autonomous Identity, navigate to Administration > Analytic Settings, and record your settings.

  3. On the deployer machine, back up the 2022.11.x ~/autoid-config directory or move it to another location.

    mv ~/autoid-config ~/backup-2022.11.x
  4. Create a new ~/autoid-config directory.

    mkdir ~/autoid-config
  5. Copy your autoid_registry_key.json from your backup directory to ~/autoid-config.

  6. Copy your original SSH key into the new directory.

    cp ~/.ssh/id_rsa ~/autoid-config
  7. Change the permission on the SSH key.

    chmod 400 ~/autoid-config/id_rsa
  8. On the deployer node, change to the ~/autoid-config directory.

    cd ~/autoid-config
  9. Log in to the ForgeRock Google Cloud Registry using the registry key. The registry key is only available to ForgeRock Autonomous Identity customers. For specific instructions on obtaining the registry key, see How To Configure Service Credentials (Push Auth, Docker) in Backstage.

    docker login -u _json_key -p "$(cat autoid_registry_key.json)" https://gcr.io/forgerock-autoid

    You should see:

    Login Succeeded
  10. Run the create-template command to generate the deployer.sh script wrapper and configuration files. Note that the command sets the configuration directory on the target node to /config. The --user parameter eliminates the need to use sudo while editing the hosts file and other configuration files.

    docker run --user=$(id -u) -v ~/autoid-config:/config \
    -it gcr.io/forgerock-autoid/deployer:2022.11.11 create-template
  11. Configure your upgraded system by editing the ~/autoid-config/vars.yml , ~/autoid-config/hosts , and ~/autoid-config/vault.yml files on the deployer machine.

    You must keep your configuration settings consistent from one system to another.
  12. Download the images. This step downloads software dependencies needed for the deployment and places them in the autoid-packages directory. Make sure you are in the ~/autoid-config directory.

    ./deployer.sh download-images
  13. Stop the stack.

    If you are upgrading a multi-node deployment, run this command on the Docker Manager node.
    docker stack rm configuration-service consul-server consul-client nginx jas swagger-ui ui api notebook

    You should see:

    Removing service configuration-service_configuration-service
    Removing service consul-server_consul-server
    Removing service consul-client_consul-client
    Removing service nginx_nginx
    Removing service jas_jasnode
    Removing service swagger-ui_swagger-ui
    Removing service ui_zoran-ui
    Removing service api_zoran-api
    Nothing found in stack: notebook
  14. Prune old Docker images before running the upgrade command:

    1. Get all of the Docker images:

      docker images
    2. Identify the images that are Autonomous Identity-related. They start with the URL of the ForgeRock Google Cloud Registry (ForgeRock GCR). For example:

      REPOSITORY                                    TAG         IMAGE ID       CREATED       SIZE
      <ForgeRock GCR>/ci/develop/deployer           650879186   075481cea4c2   2 hours ago   823MB
      <ForgeRock GCR>/ci/develop/offline-packages   650879186   e1a90f389ccc   2 hours ago   3.03GB
      <ForgeRock GCR>/ci/develop/zoran-ui           650879186   bd303a28b5df   2 hours ago   35.3MB
      <ForgeRock GCR>/ci/develop/zoran-api          650879186   114d1aca5b0a   2 hours ago   421MB
      <ForgeRock GCR>/ci/develop/nginx              650879186   43b410661269   2 hours ago   16.7MB
      <ForgeRock GCR>/ci/develop/jas                650879186   2821e5c365d8   2 hours ago   491MB
    3. Remove the old images using the docker rmi command. For example:

      docker rmi -f <image ID>
      
      Example:
      docker rmi -f 075481cea4c2
  15. For multinode deployments, run the following on the Docker Worker node:

    docker swarm leave
  16. From the deployer, restart Docker:

    sudo systemctl restart docker
  17. Create a tar file containing all of the Autonomous Identity binaries.

    tar czf autoid-packages.tgz deployer.sh autoid-packages/*
  18. Copy the autoid-packages.tgz, deployer.sh, and SSH key (id_rsa ) to a portable hard drive.

  19. On the air-gapped target machine, backup your previous ~/autoid-config directory, and then create a new ~/autoid-config directory.

    mkdir ~/autoid-config
  20. Copy the autoid-package.tgz tar file, deployer.sh, and SSH key from the portable storage device to the /autoid-config folder.

  21. Unpack the tar file.

    tar xf autoid-packages.tgz -C ~/autoid-config
  22. Copy the SSH key to the ~/autoid-config directory.

  23. Change the privileges to the file.

    chmod 400 ~/autoid-config/id_rsa
  24. Change to the configuration directory.

    cd ~/autoid-config
  25. Import the deployer image.

    ./deployer.sh import-deployer

    You should see:

    …​
    db631c8b06ee: Loading layer [=============================================⇒]   2.56kB/2.56kB
    2d62082e3327: Loading layer [=============================================⇒]  753.2kB/753.2kB
    Loaded image: https://gcr.io/forgerock-autoid/deployer:2022.11.11
  26. Create the configuration template using the create-template command. This command creates the configuration files: ansible.cfg , vars.yml , vault.yml and hosts.

    ./deployer.sh create-template

    You should see:

    Config template is copied to host machine directory mapped to /config
  27. Configure your upgraded system by editing the ~/autoid-config/vars.yml , ~/autoid-config/hosts , and ~/autoid-config/vault.yml files on the deployer machine.

    You must keep your configuration settings consistent from one system to another.
  28. Run the upgrade:

    ./deployer.sh upgrade
  29. On the target server, restore your /data/conf configuration data file from your previous installation.

    sudo mv ~/backup-data-conf-2022.11.x /data/conf
  30. Re-apply your analytics settings to your upgraded server if you made changes on your previous Autonomous Identity machine. Log in to Autonomous Identity, navigate to Administration > Analytics Settings, and edit your changes.

  31. Log out, and then log back in to Autonomous Identity.

You have successfully upgraded your Autonomous Identity server to 2022.11.11.