When a new version of REST Image is available, the administrator can perform an upgrade procedure to deploy container with the latest version of REST services. Ensure to store all necessary application related data persistently in Docker volumes before performing an upgrade. Perform the following steps to upgrade REST services using Docker container:
Download and load the latest version of the Docker image from the Software License and Download portal.
Once the latest docker image is loaded, stop your current docker container using the following command:
docker stop edirapi-containerTake the backup of the shared volume.
Delete the existing REST container by running the following command:
docker rm <container name>
For example,
docker rm edirapi-container
(Optional) Delete the obsolete REST Docker image by running the following command:
docker rmi <image ID>Create a new container using the new REST Docker image and the application data of the old container stored in Docker volume (edirapi-volume):
docker create --name edirapi-container --network=host --volume edirapi-volume:/config/ --env ACCEPT_EULA=<Y/N> edirapi:<version>
For example,
docker create --name edirapi141-container --network=host --volume edirapi13/:/config/ --env ACCEPT_EULA=Y edirapi:1.4.1.0000
Copy the server certificate file (.pfx) from your local file system to the newly created container as /etc/opt/novell/eDirAPI/cert/keys.pfx using the following command:
docker cp <absolute path of server certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx
For example,
docker cp /home/user/keys.pfx edirapi-container:/etc/opt/novell/eDirAPI/cert/keys.pfx
Copy the CA certificate file (.pem) from your local file system to the newly created container as /etc/opt/novell/eDirAPI/cert/SSCert.pem using the following command:
docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/cert/SScert.pem
For example,
docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem
When you connect to multiple eDirectory trees, you must ensure to obtain individual CA certificate for all the connected trees. For example, if you connect to three eDirectory trees, then you must copy all the three CA certificates in to docker container:
docker cp /home/user/SSCert.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert.pem docker cp /home/user/SSCert1.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert1.pem docker cp /home/user/SSCert2.pem edirapi-container:/etc/opt/novell/eDirAPI/cert/SSCert2.pem
NOTE:The bcert parameter value must include directory path for trusted root certificates. For example, bcert = "/etc/opt/novell/eDirAPI/cert/". And the origin parameter is independent of check-origin parameter and is mandatory when DNS configuration is used.
Copy the configuration file (edirapi.conf) from your local file system to the newly created container as /etc/opt/novell/eDirAPI/conf/edirapi.conf using the following command:
docker cp <absolute path of CA certificate file> edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf
For example,
docker cp /home/user/edirapi.conf edirapi-container:/etc/opt/novell/eDirAPI/conf/edirapi.conf
Start the second container using the following command:
docker start edirapi-containerTo check status of the running container, run the following command:
docker ps -a
NOTE:REST Services 1.4 is the next release after REST 1.3. There was no interim release for REST services in between these two releases. Post 1.4, eDirectory released REST 1.4.0.0100 which adds support for OpenSSL 1.0.2zd. This OpenSSL version includes a fix for a potential security vulnerability. For more information about the issue, see this page.