Upgrading to v7.x
v7 is a major release with many changes, specifically to security. At this time, upgrading directly to v7 is only supported from v6 onwards. If security is NOT enabled in your installation, then upgrading from an older release may work, however any issues encountered will not be addressed and upgrading to v6 first will be the advised route.
Whilst every care has been taken to ensure upgrades are as smooth and easy as possible, ALWAYS ensure full backups are taken before proceeding, and if possible, test the upgrade on a non-Production environment first.
Background
v6 (and earlier) behavior
Prior to v7, Tungsten came with security turned OFF through the tpm flag disable-security-controls set to true by default. This flag, when set
to false would translate to the following settings being applied:
file-protection-level=0027
rmi-ssl=true
thl-ssl=true
rmi-authentication=true
jgroups-ssl=true
This would enable SSL communication between Tungsten components. However, connection to the database remained unencrypted, which would translate to the following settings being applied:
datasource-enable-ssl=false
connector-ssl=false
Setting these to true is possible, however there are many more manual steps that would have been required.
New behavior in v7
v7 enables full security by default, so the disable-security-controls flag will default to false when not specified.
In addition to the default value changing, disable-security-controls now enables encrypted communication to the database. Setting this value to
false, now translates to the following settings being applied:
file-protection-level=0027
rmi-ssl=true
thl-ssl=true
rmi-authentication=true
jgroups-ssl=true
datasource-enable-ssl=true
connector-ssl=true
Summary
In summary, this change in behavior means that upgrades need to be handled with care and appropriate decisions being made, both by the
tpm process, and by the "human" to decide on what end result is desired. The various options and examples are outlined in the
following sections of this document.