21.4 Upgrading Database

  1. The upgrade process is irreversible. Therefore, ensure that you back up the database. For more information, see Creating Full Backups.

  2. Launch a terminal session, then log in to the master node as root or as a sudo user.

  3. Execute the following commands to obtain the database client certificates and copy the certificates to /tmp:

    1. TH_POD_NAMESPACE=$(kubectl get namespaces | grep arcsight | cut -d ' ' -f1)

    2. kubectl -n ${TH_POD_NAMESPACE} get configmap public-ca-certificates -o json |jq -r '.data["RE_ca.crt"]' > /tmp/issue_ca.crt

    3. TH_SEARCH_ENGINE_POD=$(kubectl get pods --all-namespaces | grep hercules-search-engine | cut -d ' ' -f4)

    4. kubectl cp $TH_POD_NAMESPACE/$TH_SEARCH_ENGINE_POD:/vault-crt/RE /tmp -c hercules-search-engine

  4. Navigate to /opt/ and stop the kubernetes services:

    kube-stop.sh

  5. Change to the directory where you have extracted the database Installer:

    cd <download_directory>/identityintelligence-x.x.x.x/installers/db-installer_x.x.x.x

  6. Run the upgrade commands in the following order and provide the required information when prompted:

    NOTE:You cannot rerun the commands.

    1. ./db_upgrade -c upgrade-utilities

    2. ./db_upgrade -c upgrade-db-rpm

  7. Change to the directory where you have installed the database:

    cd /opt/arcsight-vertica

  8. Reconfigure certificates in the Kafka scheduler:

    ./sched_ssl_setup --enable-ssl --sched-cert-path /tmp/vertica.crt --sched-key-path /tmp/vertica.key --vertica-ca-path "<database_CA_path>" --kafka-ca-path /tmp/issue_ca.crt

    NOTE:The vertica-ca-path is /opt/arcsight-vertica/generated-vertica-ca.crt if installed using scripts and /tmp/ca.cert.pem if installed manually.

  9. Start the database:

    ./db_installer start-db

  10. Stop the database agent:

    systemctl stop vertica_agent

  11. Disable the database agent:

    systemctl disable vertica_agent

  12. Navigate to /opt/ and start the kubernetes services:

    kube-start.sh

  13. Replace old certificates with new certificates:

    1. Switch to dbadmin user.

    2. (Conditional) If the ~/.vsql folder exists already, you must delete the contents of the folder.

      rm -rf ~/.vsql

    3. (Conditional) If the ~/.vsql folder does not exist, create the folder:

      mkdir ~/.vsql

    4. Copy the following certificates to ~/.vsql folder:

      cp /tmp/vertica.crt ~/.vsql/client.crt

      cp /tmp/vertica.key ~/.vsql/client.key

      cp <Database_CA_Path> ~/.vsql/ca_root.crt

      chmod 600 ~/.vsql/client.key

      NOTE:The Database_CA_Path is /opt/arcsight-vertica/generated-vertica-ca.crt if installed using scripts and /tmp/ca.cert.pem if installed manually.

  14. Create a Kafka scheduler:

    NOTE:Ensure that the Kafka pod is running when creating the Kafka scheduler.

    1. Switch to root user.

    2. Change to the directory where you have installed the database:

      cd /opt/arcsight-vertica

    3. (Conditional) If a Kafka schedule exists already, delete the scheduler:

      ./kafka_scheduler delete

    4. Create a Kafka scheduler:

      ./kafka_scheduler create <Transformation_Hub_Node_1_IP>:9093,<Transformation_Hub_Node_ 2_IP>:9093 <Transformation_Hub_Node_3_IP>:9093

    5. Verify Kafka scheduler creation:

      ./kafka_scheduler status

  15. Check the version of database to validate successful upgrade:

    1. Switch to dbadmin user:

      su dbadmin

    2. Execute the following command and specify the dbadmin password when prompted:

      vsql

    3. To view the version:

      SELECT version();