Install Upgrade Files for RHEL/CentOS
This topic describes how to upgrade a gateway in the Software form factor, where the host machine's operating system is either Red Hat Enterprise Linux (RHEL), or CentOS.
This topic describes how to upgrade a
Layer7 API Gatewayin the software form factor, where the host machine's operating system is either Red Hat Enterprise Linux (RHEL) or CentOS.
Note that the software form factor of the API Gateway, as of version 10.0, no longer supports Solaris or SuSE Linux.
- Ensure that steps 1 to 2 in Upgrade a Software Gateway have been performed.
- Ensure that you upgrade Gateway before upgrading MySQL.
The upgrade differs depending on the database type of the Gateway:
Upgrade Gateway with MySQL Database
MySQL is the most commonly used database on the Gateway.
A Java Development Kit (JDK) should have already been installed prior to the upgrade of your MySQL-based Software Gateway. If you need to update your JDK, please perform the JDK update
AFTERthe Gateway upgrade.
To upgrade the Gateway with a MySQL database:
- Back up the database.
- Stop the Gateway:# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh stop
- Stop the slave in MySQL on all nodes in the cluster:# service mysql stop
- Change the permissions of all the upgrade files. These files were downloaded in Step 2 of Upgrade a Software Gateway and placed in the directory/opt/SecureSpan/Controller:# chmod 755 /opt/SecureSpan/Controller/*.L7PThe upgrade files pertaining to this procedure are of the .L7P type only. Depending on your target version of Gateway, you may need to download multiple images and install them in a specific sequence - each image may contain other non-.L7P files that do not apply to the upgrade process. Refer to List of Update Files for more information on the specific image files and .L7P files needed for your Gateway upgrade.
- Perform these steps for each upgrade file:
- Upload the file with this command:# /opt/SecureSpan/Controller/bin/patch.sh upload /opt/SecureSpan/Controller/<patchFileName>
- Obtain the ID of the patch with this command:# /opt/SecureSpan/Controller/bin/patch.sh list
- Install the patch with this command:# /opt/SecureSpan/Controller/bin/patch.sh install<patchID>Be sure to install the patches in the order listed in List of Update Files.
- Reboot the Gateway. For more information, see Patch a Software Gateway.
- Perform an in-place upgrade from MySQL 5.7 to MySQL 8.0. For more information, refer to Oracle documentation.
- Openmy.cnffor editing:# edit my.cnfImportant!If you use MySQL 8.0, ensure that you add the below lines in/etc/my.cnfand restart MySQL server:Adddisable_log_binonly if clustering is not enabled otherwise addlog_bin_trust_function_creators=1as shown below.character-set-server=utf8 default-authentication-plugin=mysql_native_password disable_log_bin [or] log_bin_trust_function_creators=1
- If you have a cluster of Gateways, remove the following line frommy.cnf:disable_log_binadd the following property tomy.cnf:log_bin_trust_function_creators=1The following property may also need to be added; contact your system administrator if it is required for your installation:slave_exec_mode=IDEMPOTENTThe properties should be added to this section:# Uncommment log-bin and log-slave-update if a clustered # db server log-bin=/var/lib/mysql/ssgbin-log log_bin_trust_function_creators=1 log-slave-update # uncomment the next item on 1st db master server server-id=1 # uncomment the next item on 2nd db master servers #server-id=2 relay-log = /var/lib/mysql/ssgrelay-bin relay-log-index = /var/lib/mysql/ssgrelay-bin.index relay-log-info-file = /var/lib/mysql/ssgrelay-bin.info # Slave reliability items: slave-skip-errors=126,1053,1105,1129,1158,1159,1160,1161 slave_compressed_protocol=1 slave-net-timeout=30 slave_exec_mode=IDEMPOTENTIf your Gateway uses a MySQL database, also add these settings for improved performance:innodb_buffer_pool_size=(70% of available memory)M max_connections=10000For example, if you have 10GB (10000M) of available memory, set:innodb_buffer_pool_size=7000M
- Restart the MySQL service on all nodes in the cluster.
- Upgrade the Gateway database on one node. To do this, use option1("Upgrade theLayer7 API Gatewaydatabase") on the Gateway Main Menu (Software).Database upgrade may fail if you are using a remote database. If this occurs, try this workaround:a) Run the following SQL statement on the target MySQL:GRANT ALL ON.TO 'gateway'@'%'; FLUSH PRIVILEGES;b) Restart MySQL and then try the database upgrade again.
- Start the Gateway. The databases on the other nodes are replicated from the primary database.
- Update your JDK, if necessary.
- (Optional) If a JDK update was performed, complete the following:
- Access the Gateway main menu.
- Select option2(Configure theLayer7 API Gateway) and then option1(Set Up the Gateway Java VM).
- Set theJava VM Pathto the current path of JAVA_HOME.
- Exit the main menu and then access a command prompt on the host machine.
- Open/opt/SecureSpan/Controller/etc/host.propertiesin a text editor.
- SetHost.jreto the current path of JAVA_HOME.
The upgrade is now complete.
Upgrade Gateway with Embedded Database
The embedded database built into the Gateway provides greater convenience but less functionality compared to the MySQL database. For more information, see Using the Gateway Embedded Database.
To upgrade the Gateway with the embedded database:
- Stop the Gateway service with this command:text# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh stop
- Back up the previous embedded database by copying this directory to your local directory:/opt/SecureSpan/Gateway/node/default/var/db
- Remove this directory:/opt/SecureSpan
- Reboot the host computer.
- Extract the Gateway software RPM file from the "Layer7 API GatewaySoftware Installer" archive. This file name has the format:ssg-<version>-<build>.noarch.rpm
- Install the Gateway software RPM file with this command:# rpm -Uvh ssg-<version>-<build>.noarch.rpm
- Next, run the following command to display the Gateway main menu:text# /opt/SecureSpan/Gateway/runtime/bin/setup.sh
- Select option2(Configure the Gateway), and then option1(Java VM). Verify that the Java VM settings are correct.
- Select option2(Database Connection) and then configure the Gateway to use the embedded database.
- Exit the Gateway main menu and reboot the computer.
- Restore the database by copying the backup (created in Step 2) to this directory:/opt/SecureSpan/Gateway/node/default/var/
- Change the ownership and permissions back for the database directory and all of its subdirectories/files
- Change the owner of database directory (in the previous step) fromroottogateway.
- Change the permissions of database directory torwxrwxr-x
- Change the permissions of the following directory and all its subdirectories torwxrwxr-x/opt/SecureSpan/Gateway/node/default/var/db/ssgdb
- Change the permissions of all files within the "ssgdb" directory (from above) torw-rw-r- -
- Change the permissions of the subdirectories within the "ssgdb" directory (from above) torwxrwxr-x
- Change the permissions of the following log file torw-rw-r- -/opt/SecureSpan/Gateway/node/default/var/db/derby.log
- Start the Gateway:text# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh startThe upgrade is now complete.