ejbca cloud upgrade guide - download.primekey.com · ejbca cloud upgrade guide 3(10) introduction...
TRANSCRIPT
EJBCA Cloud Upgrade
Guide
Print date: 2017-12-18
EJBCA Cloud Upgrade Guide
2( )10
Table of Contents
Introduction _______________________________________________________________________ 3
Documentation __________________________________________________________________ 3
Overview ________________________________________________________________________ 4
Upgrade Procedure ________________________________________________________________ 5
Currently used EJBCA version ______________________________________________________ 5
Backup Existing Instance __________________________________________________________ 6
Copy Backup to New Instance ______________________________________________________ 7
Restore Backup on New Instance ___________________________________________________ 10
EJBCA Cloud Upgrade Guide
3( )10
Introduction
This document is intended to show an administrator of a PrimeKey EJBCA Enterprise Cloud Edition
hourly instance how to upgrade a node from one version of EJBCA to another.
Documentation
The EJBCA documentation for EJBCA Enterprise Edition is available on https://download.primekey.se
./docs/EJBCA-Enterprise/latest/
Additional documentation for EJBCA Community Edition is available on .https://www.ejbca.org/docs/
EJBCA Cloud Upgrade Guide
4( )10
Overview
This guide describes how to upgrade from one version of EJBCA to another instance with a newer
version.
The EJBCA Cloud instances that are purchased on an hourly basis, are designed to be terminated
after an upgrade to a new instance is made. Instance termination avoids a detailed upgrade process in
place of running a backup and restore script.
In the example used in this guide, the source host is running EJBCA 6.9.1 and the destination host is
running EJBCA 6.10.0:
The has an elastic (public) IP of:source host running EJBCA 6.9.1
.ec2-34-229-187-81.compute-1.amazonaws.com
The has an elastic (public) IP of:destination host running EJBCA 6.10.0
.ec2-52-23-217-245.compute-1.amazonaws.co
When the upgrade is complete, all of the CAs and data on the source node running 6.9.1 are migrated
over to the new 6.10.0 version.
EJBCA Cloud Upgrade Guide
5( )10
Upgrade Procedure
Follow the instructions in this procedure to upgrade the version of EJBCA from 6.9.1 to 6.10.0 in the
following steps:
Backup Existing Instance
Copy Backup to New Instance
Restore Backup on New Instance
Currently used EJBCA version
The version of EJBCA is visible in the top-right corner of the EJBCA Administration home screen.
EJBCA Cloud Upgrade Guide
6( )10
1.
2.
3.
4.
5.
6.
Backup Existing Instance
Using the SSH key that you selected when procuring the instance, SSH into the EJBCA Cloud
Edition instance using the username ec2-user.
# ssh –i ssh-key.pem [email protected]
Run the command to get elevated privileges:sudo su
sudo su
Change to the directory./opt/PrimeKey/support
Run the script to create a backup of your system.system_backup.sh
Press to proceed and enter a password to protect the backup once prompted:Y
Make a note of the name of the backup file created. Copy the backup file to a directory that is
accessible by the , for example .ec2-user /home/ec2-user/
In this case, the file "/opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-
" is copied to :128.ec2.internal-1509663778.tar.gz /home/ec2-user/
# cp /opt/PrimeKey/support/backup_files/ejbca_db-ip-172-16-0-128.ec2.internal-1509663
778.tar.gz /home/ec2-user/
EJBCA Cloud Upgrade Guide
7( )10
1.
Copy Backup to New Instance
Using either the command line interface (CLI) or a Secure Copy Protocol (SCP) utility, copy the file to
your local system. You can copy the file directly from one instance to another if your VPC allows it. In
this example, we will bring the file down locally and then SCP it to the new instance.
Copy the file to your local system, using either CLI or a SCP utility:
Using the CLI:
# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ec2-user@ec
2-34-229-187-81.compute-1.amazonaws.com:/home/ec2-user/ejbca_db-ip-172-16-0-128
.ec2.internal-1509663778.tar.gz ~/Downloads/ejbca_db-ip-172-16-0-128.ec2.
internal-1509663778.tar.gz
EJBCA Cloud Upgrade Guide
8( )10
1.
2.
3.
Using a SCP utility (in this case Cyberduck)
Specify details to connect to your instance, for example hostname, username, and
SSH key):
Connect to the instance and download the file to the local system:
Wait for the download to complete.
Start a new instance from the Amazon AWS Marketplace. Ensure to select the correct version in
the list menu (the most recent version is by default selected). For more information, Version
refer to the EJBCA Cloud Quick Start Guide.
Wait for the new instance to start and retrieve the certificate for the new version. superadmin
For more information, refer to the EJBCA Cloud Quick Start Guide.
EJBCA Cloud Upgrade Guide
9( )10
4.
5.
6.
7.
Access the administration interface for the new instance.
Note the version of the new instance in the top-right corner of the EJBCA Administration home
screen, in this example .Version: EJBCA 6.10.0 Enterprise (r26978)
SCP the backup file created in section and copied to the new instance Backup Existing Instance
using the instructions in step 1 above.
If using the CLI, the command will be a bit different since you are copying local to remote.
# scp -i ~/Documents/C2\ Comp/PrimeKey/EC2\ Creds/c2-ssh/c2-ssh.pem ~/Downloads
/ejbca_db-ip-172-16-0-128.ec2.internal-1509663778.tar.gz ec2-user@ec2-52-23-217-245.
compute-1.amazonaws.com:/home/ec2-user/
Once copied, SSH into the new host.
Change to the directory./opt/PrimeKey/support
EJBCA Cloud Upgrade Guide
10( )10
1.
2.
3.
Restore Backup on New Instance
Run the script by pointing it to the backup file location after the script. In system_restore.sh
this example, the backup file is located in and the file name is /home/ec2-user/ ejbca_db-
.ip-172-16-0-128.ec2.internal-1509663778.tar.gz
# /opt/PrimeKey/support/system_restore.sh /home/ec2_user/ejbca_db-ip-172-16-0-128.
ec2.internal-1509663778.tar.gz
Confirm the script and then enter the password for your backup once prompted.
A backup of the existing database will be located at /opt/PrimeKey/support
and SSL files will be backed up to ./backup_files /etc/httpd/ssl_backup
Access your new instance and verify that your existing data appears in the new instance.