PingIntelligence

Step-3 Upgrading ABS AI Engine

This section discusses the steps to upgrade ABS 5.0 to 5.1

Before you begin

About this task

Complete the following steps on all the ABS nodes in a cluster.

Steps

  1. Download the ABS 5.1 binary. Copy the binary to a temporary directory and extract it.

    # cp pi-api-abs-5.1.tar.gz ~/pi-tmp/
    # cd ~/pi-tmp/
    # tar -xvf pi-api-abs-5.1.tar.gz
  2. Navigate to ~/pi-tmp/pingidentity/upgrade/abs/and copy the ABS upgrade script to the ~/pi-tmp/pingidentity/abs/util/directory in the temporary directory.

    # cd ~/pi-tmp/pingidentity/upgrade/abs/
    # cp abs-upgrade.sh ~/pi-tmp/pingidentity/abs/util
  3. Navigate to ~/pi-tmp/pingidentity/abs/util/ directory and run the upgrade script.

    : Only after successful upgrade of MongoDB, proceed with ABS upgrade.
    # cd ~/pi-tmp/pingidentity/abs/util/
    # ./abs-upgrade.sh <ABS 5.0 installation path>

    For example:

    # ./abs-upgrade.sh /home/pi-user/pingidentity/abs
    Upgrading ABS to version 5.1
    are you sure you want to continue? (yes/no): yes
    making the configuration changes and copying new binaries
    configuration for smtp_ssl field is already configured
    configuration for mongo_ssl field is already configured
    configuration for mongo_auth_mechanism field is already configured
    upgrade to ABS 5.1 is successful
    please start ABS using: /home/pi-user/pingidentity/abs//bin/start.sh
    if systemctl service present, run command: systemctl restart pi-abs.service
  4. Verify that the upgrade was successful by entering the following command.

    # cat /<ABS installation path>/pingidentity/abs/version.txt

For eexample:

+

# cat /home/pi-user/pingidentity/abs/version.txt
  1. Open the config/kafka.properties file, and make the necessary changes.

    A description of each config file parameter is provided below:

    #Kafka bootstrap servers
    pi.kafka.bootstrap-servers - A comma separated list of Kafka Broker server hostnames/IP addresses with port
    pi.kafka.use-insecure - If set to true, kafka hostname will not be verified in the TLS certificate
    pi.kafka.sslTruststoreLocation - Path to the truststore with which the Kafka broker has been setup
    pi.kafka.sslTruststorePassword - Password of the truststore
    pi.kafka.authentication.protocol - Authentication protocol used between Kafka clients and brokers
    pi.kafka.authentication.sasl-mechanism - SASL Mechanism used for authentication
    
    #Topics
    pi.kafka.topic.transactions - Name of transactions topic
    pi.kafka.topic.attacks - Name of attacks topic
    pi.kafka.topic.anomalies - Name of anomalies topic
    
    # ABS consumer details
    pi.kafka.consumer.authentication.username - Username for kafka consumer
    pi.kafka.consumer.authentication.password - Password for kafka consumer
    pi.kafka.consumer.groupId - Group name for kafka consumer
    pi.kafka.consumer.max-poll-records-config - Number of records that can be returned in one poll call to kafka
    pi.kafka.consumer.poll-interval - Interval between two poll calls to kafka
    
    #ABS producer details
    pi.kafka.producer.authentication.username - Username for kafka producer
    pi.kafka.producer.authentication.password - Password for kafka producer
    pi.kafka.producer.acks - Kafka broker acknowledgement property
    pi.kafka.producer.min-insync-replicas - Minimum number of replicas that need to be in-sync
    pi.kafka.producer.retries - Number of retries for a failed send
    pi.kafka.producer.linger - Producer delay between sending records
    pi.kafka.producer.buffer-memory - Producer buffer memory in bytes
    pi.kafka.producer.batch-size - Maximum number of records that can be sent in one batch
  2. Update the license file in /pingidentity/abs/config directory to the new PingIntelligence 5.1 license file.

  3. Start all ABS nodes.

    Start the ABS nodes only after completing the MongoDB upgrade as detailed in Step-2 Upgrading MongoDB.

    # /<ABS installation path>/pingidentity/abs/bin/start.sh

    For example:

    # /home/pi-user/pingidentity/abs/bin/start.sh

    If ABS is running as a service, then run the following command.

    # systemctl start pi-abs.service

Next steps