Nexus' software components have new names:

Nexus PRIME -> Smart ID Identity Manager
Nexus Certificate Manager -> Smart ID Certificate Manager
Nexus Hybrid Access Gateway -> Smart ID Digital Access component
Nexus Personal -> Smart ID clients

Go to Nexus homepage for overviews of Nexus' solutions, customer cases, news and more.


Skip to end of metadata
Go to start of metadata

This article describes how to upgrade Smart ID Digital Access component from version 6.0.2 and above to 6.0.5.

This article is only for simple upgrade in case of all nodes running in the same machine. If you need to upgrade a distributed or high availability DA version, refer to: Upgrade high availability or distributed mode for Digital Access component 6.0.2 or above to 6.0.5.


Expand/Collapse All

Prerequisites

 Prerequisites

The following is needed

  • Docker Engine version 1.13.1 or higher. This setup will anyways install/upgrade latest version of docker engine.

  • Configuration Files: upgrade.tgz

  • System Requirements: 4cpu with 8GB RAM and 100 GB physical space is recommended.

  • Before upgrading Digital Access component, make sure that the following things apply:

    • There is a service window planned, since the upgrade will result in a short downtime
    • There is a backup or snapshot of the current release

See also "Preparations" below.

Preparations

 Preparations
  • Download the upgrade.tgz file on system from the support portal.
  • In case you have multiple network interfaces, note down the name of the network interface which will be used by docker swarm.

Step-by-step instruction

 Run the upgrade
  1. Copy upgrade.tgz to your working directory

  2. Extract the file using tar command.

    Extract file
    tar -xf upgrade.tgz
  3. Navigate to the scripts folder inside the setup folder.

    Navigate to scripts folder
    cd upgrade/scripts
  4. Run the script upgrade.sh.

    Run the script
    sudo bash upgrade.sh
  5. To set up docker swarm, provide the below mentioned inputs.
    1. If you have only one network interface, then docker swarm will be initialized using that as default. Else you will be prompted to select a network interface from the displayed list.

      select NIC
      ####################################################
      setting up docker swarm...
      ####################################################
      eth0
      eth1
      Select network interface form list displayed above to setup docker swarm:eth0
    2. If PostgreSQL is already running on your system, then the script will automatically update it. Else you will be asked to setup PostgreSQL.
      If you answer Yes then you will be prompted to set the PostgreSQL password.

      postgreSQL setup
      ####################################################
      setting up PostgreSQL...
      ####################################################
      New Password:password
      Verify New Password:password
      password is set.
      Removing old password secret and creating new
    3. You ill will be asked if you want to setup reporting database using PostgreSQL.

      Set up reporting database
      ####################################################
      setting up reporting database...
      ####################################################
      Do you want to setup PostgreSQL as reporting database [Y/n] Y
      Yes
      customize.conf does not exist. Creating a new one and setting up reporting db
      
      IP address of reporting db: 192.168.253.139
      password for PostgreSQL reporting database: password
    4. After successful script execution, you must wait for all the images to get downloaded.

      Wait for images to get downloaded
      ####################################################
      starting Digital Access...
      ####################################################
      Creating network da_da-overlay
      Creating service da_admin
      Creating service da_authentication
      Creating service da_distribution
      Creating service da_policy
      Creating service da_accesspoint
      ####################################################
      setup script execution completed successfully...
      Please wait...downloading of images is in progress...
      To check the status of download run: sudo docker images
      ########################################################
    5. After all the images are downloaded from repository, the containers will start automatically.

      It can take few minutes to start all the containers.

    6. To check the container status use this command. Make sure the status of each container is healthy.

      Check images
      Sudo docker ps 
      docker service list
 Do settings in Digital Access Admin
  1. Log in to Digital Access Admin and make changes for database configuration.

    1. In Manage System > Database Service, change Host to PostgreSQL IP address/DNS name and password.

    2. In Manage System > OATH Configuration, change database Host to PostgreSQL IP address/DNS name and password.

    3. In Manage System > Open ID Connect database configuration, change Host to PostgreSQL IP address/DNS name and password.

  2. Publish the configuration in Digital Access Admin.
If the services are not connected in the first publish, follow the restart commands below and try to publish again.
 Restart services

If the services are not connected in the first publish, follow these commands to restart the services and try to publish again.

  1. Stop and remove the stack.

    Stop and remove stack
    sudo docker stack rm da
  2. Deploy the stack again. To run the command your working directory should be /Upgrade/docker-compose/

    Deploy stack again
    sudo docker stack deploy --compose-file docker-compose.yml -c network.yml -c versiontag.yml da
    • Where:

      • docker stack deploy is the command to deploy services as stack.

      • --compose file flag is used to provide the file name of base docker-compose file.

      • -c is short for –compose-file flag. It is used to provide override files for docker -compose.

      • da is the name of the stack. You can change it based on requirements.

 Do offline upgrade

Offline upgrade consist of two steps:

First step

For the first step you need a system with network connectivity. We will download docker images on this system.

  1. Make sure docker is installed.

  2. Download the images using the command docker pull.

    pull images
    sudo docker pull nexusimages.azurecr.io/smartid-digitalaccess/administration-service:6.0.5.60259
    sudo docker pull nexusimages.azurecr.io/smartid-digitalaccess/policy-service:6.0.5.60259
    sudo docker pull nexusimages.azurecr.io/smartid-digitalaccess/authentication-service:6.0.5.60259
    sudo docker pull nexusimages.azurecr.io/smartid-digitalaccess/distribution-service:6.0.5.60259
    sudo docker pull nexusimages.azurecr.io/smartid-digitalaccess/access-point:6.0.5.60259
  3. To check if all images are downloaded or not run this command.

    Check container status
    sudo docker images
  4. Save all images in tar files. Run these commands:

    Save images to tar
    sudo docker save nexusimages.azurecr.io/smartid-digitalaccess/administration-service:6.0.5.60259 > admin.tar
    sudo docker save nexusimages.azurecr.io/smartid-digitalaccess/authentication-service:6.0.5.60259 > authentication.tar
    sudo docker save nexusimages.azurecr.io/smartid-digitalaccess/distribution-service:6.0.5.60259 > distribution.tar
    sudo docker save nexusimages.azurecr.io/smartid-digitalaccess/policy-service:6.0.5.60259 > policy.tar
    sudo docker save nexusimages.azurecr.io/smartid-digitalaccess/access-point:6.0.5.60259 > accesspoint.tar
  5. Copy all the tar files onto the system where you want to upgrade Digital Access.

Second step

  1. On the system where the Digital Access upgrade has to be done:
    1. Run the upgrade process following the steps mentioned in "Step-by-step instruction" section above.
    2. Go to the folder where all the tar files are copied.
    3. Load the images to a local docker repository using the command:

      Load images
      sudo ls -1 *.tar | xargs --no-run-if-empty -L 1 sudo  docker load -i

This article is valid for Digital Access 6.0.5 and later.