It might not be the best answer nor most accurate… but when I did an upgrade recently, I found that I had to spend a lot of time with the documentation and the current config directory from GitHub.
Running diffs on the config files and workflows helped a lot. I found it easier to simply replace all the workflows with the latest copies from Github, and then re-apply any customizations I had. For the config files, I knew which ones I'd changed. I found it easier to open each one in a side-by-side editor with the new configs and manually change the new ones. The one that vexed me the most was SCEP. After doing a system-wide grep, I finally realized my web server was calling the wrong FCGI - point being, don't forget to check your WebUI stuff. I can't help much with the database questions - I never had to make as big of a version migration as you are doing. The other thing I've done recently was to stand up a completely new instance. I used the same Root CA but issued new intermediate CAs for a new set of realms. The config is a copy of the github current config with my customizations. My thought is to be able to more efficently diff any new minor version changes. I'm slowly re-keying everything over to the new instance. Worth noting - we're not in production yet. It's been two years of testing without moving away from our current canonical CA… but I feel like we're getting a lot closer! Good luck! On Mon, Aug 28, 2023 at 2:17 PM, Thomas Schachtner < [email protected]> wrote: > Hi there, > > I just wanted to tell about my efforts to upgrade OpenXPKI to its newest > version 3.26. > > I was using an old Ubuntu build (v2.5.5) on an old Ubuntu box. I upgraded > the OS and also updated the OpenXPKI apt sources file to its newest > releases on each os upgrade. > > After the upgrade, OpenXPKI did not run anymore, which was expected, as I > did not yet follow the upgrade instructions. (I found them on GitHub) > > But even after doing so, I did not seem to have the newest files > installed. I ended up cloning the config repository and replacing all the > old files in my realm directories. > Is this the the way an update is meant to be done? > > If not, or if the newest files are also being downloaded during "apt-get > upgrade", it would be good to know where they are placed. (Maybe there's a > well-known directory in the filesystem hierarchy standard and I just don't > know that, so please bear with me...) > > But even after updating all the files, I kept getting crashes. When > looking into the logs, I saw that there are some changes to the database > schema which were not mentioned in the docs (or which I didn't see). > Btw, I performed all the schema updates form 1.x to 2.x a long time ago, > but there seem to have been added some new columns since that time which I > did not have in my database. After adding the missing columns one after > another, I saw that there's a schema version informativ in the database > which did also not yet exist in my installation. > (There was a warning message about that, but I did not know where to > specify the database schema version.) > Would it have been better to just set the schema version to some specific > value and to be able to keep using the previous schema? If so, which value > would that be? > > I also found that now there are SEQUENCEs in the database where there have > been standard tables before. I updated that as well. > > So now my question: > Did I do the update correctly? > Or is there rather a better way to do it? > > I have another instance which is used actively by some users as production > system and I would prefer to update that system exactly as the update is > meant to be done. > > By the way, thank you very much for this great piece of software you > created and provide to us! > > Best regards > Tom > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
