Tungsten Clustering

Steps to upgrade using tpm

When you are ready to perform the upgrade, the following steps should be followed:

Ensure you place your cluster(s) into MAINTENANCE mode
If no additional steps taken, and you wish to maintain the same level of security, skip the next step.

Update your /etc/tungsten/tungsten.ini and include some, or all, of the options below depending on which steps you took earlier. All entries should be placed within the [defaults] stanza.

disable-security-controls=false
connector-rest-api-ssl=true
manager-rest-api-ssl=true
replicator-rest-api-ssl=true
java-jgroups-keystore-path=/etc/tungsten/secure/jgroups.jceks

If "Tungsten to Database Encryption" IS configured, also add:

datasource-enable-ssl=true
java-truststore-path=/etc/tungsten/secure/truststore.ts
java-truststore-password=tungsten
java-keystore-path=/etc/tungsten/secure/keystore.jks
java-keystore-password=tungsten
datasource-mysql-ssl-cert=/etc/mysql/certs/client-cert.pem
datasource-mysql-ssl-key=/etc/mysql/certs/client-key.pem
datasource-mysql-ssl-ca=/etc/mysql/certs/ca.pem

If "Tungsten to Database Encryption" IS NOT configured, also add:

datasource-enable-ssl=false

If "Application (Connector) to Database Encryption" IS configured, also add:

enable-connector-ssl=true
java-connector-keystore-path=/etc/tungsten/secure/tungsten_connector_keystore.jks
java-connector-keystore-password=tungsten
java-connector-truststore-path=/etc/tungsten/secure/tungsten_connector_truststore.ts
java-connector-truststore-password=tungsten

If "Application (Connector) to Database Encryption" IS NOT configured, also add:

enable-connector-ssl=false

Important

If start-and-report is set, remove this value or set to false

Obtain the TAR or RPM package for your installation. If using a TAR file unpack this into your software staging tree on every host, typically /opt/continuent/software.

Change into the directory for the software

shell> cd /opt/continuent/software/tungsten-clustering-8.0.4-132

Issue the following command on all hosts.
```
shell> tools/tpm update --replace-release
```
When upgrading the connectors, you could include the optional --no-connectors option if you wish to control the restart of the connectors manually
For Multi-Site/Active-Active topologies, you will also need to repeat the steps for the cross-site replicators
Finally, before returning the cluster(s) to AUTOMATIC, you will need to sync the new certificates, created by the upgrade, to all hosts. This step will be required even if you have disabled security as these files will be used by the API and also, if you choose to enable it, THL Encryption.
From one host, copy the certificate and keystore files to ALL other hosts in your topology. The following scp command is an example assuming you are issuing from db1, and the install directory is /opt/continuent:
```
db1> for host in db2 db3 db4 db5 db6; do
scp /opt/continuent/share/[jpt]* ${host}:/opt/continuent/share
scp /opt/continuent/share/.[jpt]* ${host}:/opt/continuent/share
done
```
Note
The examples assume you have the ability to scp between hosts as the tungsten OS user. If your security restrictions do not permit this, you will need to use alternative procedures appropriate to your environment to ensure these files are in sync across all hosts before continuing.
If the files are not in sync between hosts, the software will fail to start!

You will also need to repeat this if you have a &msmm_name; topology for the cross-site replicators:

db1> for host in db2 db3 db4 db5 db6; do
scp /opt/replicator/share/[jpt]* ${host}:/opt/replicator/share
scp /opt/replicator/share/.[jpt]* ${host}:/opt/replicator/share
done

Restart all tungsten components, one host at a time

shell> manager restart
shell> replicator restart
shell> connector restart

Return the cluster(s) to AUTOMATIC mode