Install Upgrade Files for RHEL/CentOS

This topic describes how to upgrade a gateway in the Software form factor, where the host machine's operating system is either Red Hat Enterprise Linux (RHEL), or CentOS.
This topic describes how to upgrade a
Layer7 API Gateway
in the software form factor, where the host machine's operating system is either Red Hat Enterprise Linux (RHEL) or CentOS.
Note that the software form factor of the API Gateway, as of version 10.0, no longer supports Solaris or SuSE Linux.
Prerequisites:
  1. Ensure that steps 1 to 2 in Upgrade a Software Gateway have been performed.
  2. Ensure that you upgrade Gateway before upgrading MySQL.
The upgrade differs depending on the database type of the Gateway:
Upgrade Gateway with MySQL Database
MySQL is the most commonly used database on the Gateway.
A Java Development Kit (JDK) should have already been installed prior to the upgrade of your MySQL-based Software Gateway. If you need to update your JDK, please perform the JDK update
AFTER
the Gateway upgrade.
To upgrade the Gateway with a MySQL database
:
  1. Back up the database.
  2. Stop the Gateway:
    # /opt/SecureSpan/Gateway/runtime/bin/gateway.sh stop
  3. Stop the slave in MySQL on all nodes in the cluster:
    # service mysql stop
  4. Change the permissions of all the upgrade files. These files were downloaded in Step 2 of Upgrade a Software Gateway and placed in the directory
    /opt/SecureSpan/Controller
    :
    # chmod 755 /opt/SecureSpan/Controller/*.L7P
    The upgrade files pertaining to this procedure are of the .L7P type only. Depending on your target version of Gateway, you may need to download multiple images and install them in a specific sequence - each image may contain other non-.L7P files that do not apply to the upgrade process. Refer to List of Update Files for more information on the specific image files and .L7P files needed for your Gateway upgrade.
  5. Perform these steps for each upgrade file:
    1. Upload the file with this command:
      # /opt/SecureSpan/Controller/bin/patch.sh upload /opt/SecureSpan/Controller/
      <patchFileName>
    2. Obtain the ID of the patch with this command:
      # /opt/SecureSpan/Controller/bin/patch.sh list
    3. Install the patch with this command:
      # /opt/SecureSpan/Controller/bin/patch.sh install
      <patchID>
      Be sure to install the patches in the order listed in List of Update Files.
    4. Reboot the Gateway. For more information, see Patch a Software Gateway.
  6. Perform an in-place upgrade from MySQL 5.7 to MySQL 8.0. For more information, refer to Oracle documentation.
  7. Open
    my.cnf
    for editing:
    # edit my.cnf
    Important!
    If you use MySQL 8.0, ensure that you add the below lines in
    /etc/my.cnf
    and restart MySQL server:
    Add
    disable_log_bin
    only if clustering is not enabled otherwise add
    log_bin_trust_function_creators=1
    as shown below.
    character-set-server=utf8 default-authentication-plugin=mysql_native_password disable_log_bin [or] log_bin_trust_function_creators=1
  8. If you have a cluster of Gateways, remove the following line from
    my.cnf
    :
    disable_log_bin
    add the following property to
    my.cnf
    :
    log_bin_trust_function_creators=1
    The following property may also need to be added; contact your system administrator if it is required for your installation:
    slave_exec_mode=IDEMPOTENT
    The properties should be added to this section:
    # Uncommment log-bin and log-slave-update if a clustered # db server log-bin=/var/lib/mysql/ssgbin-log log_bin_trust_function_creators=1 log-slave-update # uncomment the next item on 1st db master server server-id=1 # uncomment the next item on 2nd db master servers #server-id=2 relay-log = /var/lib/mysql/ssgrelay-bin relay-log-index = /var/lib/mysql/ssgrelay-bin.index relay-log-info-file = /var/lib/mysql/ssgrelay-bin.info # Slave reliability items: slave-skip-errors=126,1053,1105,1129,1158,1159,1160,1161 slave_compressed_protocol=1 slave-net-timeout=30 slave_exec_mode=IDEMPOTENT
    If your Gateway uses a MySQL database, also add these settings for improved performance:
    innodb_buffer_pool_size=(70% of available memory)M max_connections=10000
    For example, if you have 10GB (10000M) of available memory, set:
    innodb_buffer_pool_size=7000M
  9. Restart the MySQL service on all nodes in the cluster.
  10. Upgrade the Gateway database on one node. To do this, use option
    1
    ("Upgrade the
    Layer7 API Gateway
    database") on the Gateway Main Menu (Software).
    Database upgrade may fail if you are using a remote database. If this occurs, try this workaround:
    a) Run the following SQL statement on the target MySQL:
    GRANT ALL ON
    .
    TO 'gateway'@'%'; FLUSH PRIVILEGES;
    b) Restart MySQL and then try the database upgrade again.
  11. Start the Gateway. The databases on the other nodes are replicated from the primary database.
  12. Update your JDK, if necessary.
  13. (Optional) If a JDK update was performed, complete the following:
    1. Access the Gateway main menu.
    2. Select option
      2
      (Configure the
      Layer7 API Gateway
      ) and then option
      1
      (Set Up the Gateway Java VM).
    3. Set the
      Java VM Path
      to the current path of JAVA_HOME.
    4. Exit the main menu and then access a command prompt on the host machine.
    5. Open
      /opt/SecureSpan/Controller/etc/host.properties
      in a text editor.
    6. Set
      Host.jre
      to the current path of JAVA_HOME.
The upgrade is now complete.
Upgrade Gateway with Embedded Database
The embedded database built into the Gateway provides greater convenience but less functionality compared to the MySQL database. For more information, see Using the Gateway Embedded Database.
To upgrade the Gateway with the embedded database:
  1. Stop the Gateway service with this command:
    text# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh stop
  2. Back up the previous embedded database by copying this directory to your local directory:
    /opt/SecureSpan/Gateway/node/default/var/db
  3. Remove this directory:
    /opt/SecureSpan
  4. Reboot the host computer.
  5. Extract the Gateway software RPM file from the "
    Layer7 API Gateway
    Software Installer" archive. This file name has the format:
    ssg-
    <version>
    -
    <build>
    .noarch.rpm
  6. Install the Gateway software RPM file with this command:
    # rpm -Uvh ssg-
    <version>-<build>
    .noarch.rpm
  7. Next, run the following command to display the Gateway main menu:
    text# /opt/SecureSpan/Gateway/runtime/bin/setup.sh
  8. Select option
    2
    (Configure the Gateway), and then option
    1
    (Java VM). Verify that the Java VM settings are correct.
  9. Select option
    2
    (Database Connection) and then configure the Gateway to use the embedded database.
  10. Exit the Gateway main menu and reboot the computer.
  11. Restore the database by copying the backup (created in Step 2) to this directory:
    /opt/SecureSpan/Gateway/node/default/var/
  12. Change the ownership and permissions back for the database directory and all of its subdirectories/files
    • Change the owner of database directory (in the previous step) from
      root
      to
      gateway
      .
    • Change the permissions of database directory to
      rwxrwxr-x
    • Change the permissions of the following directory and all its subdirectories to
      rwxrwxr-x
      /opt/SecureSpan/Gateway/node/default/var/db/ssgdb
    • Change the permissions of all files within the "ssgdb" directory (from above) to
      rw-rw-r- -
    • Change the permissions of the subdirectories within the "ssgdb" directory (from above) to
      rwxrwxr-x
    • Change the permissions of the following log file to
      rw-rw-r- -
      /opt/SecureSpan/Gateway/node/default/var/db/derby.log
  13. Start the Gateway:
    text# /opt/SecureSpan/Gateway/runtime/bin/gateway.sh start
    The upgrade is now complete.