Upgrade on a Docker environment
The Axiomatics Services Manager (ASM) upgrading process can only be performed between two consecutive minor versions, meaning that you must be running version 7.4 in order to upgrade to version 7.5.
However, patching is possible between any two 7.5 patches.
It is essential to backup your system before proceeding with an Axiomatics Services Manager (ASM) upgrade due to a major PostgreSQL update. Otherwise, your data will be lost.
Upgrading or patching ASM will cause downtime for the application and consequently a temporary loss of service. As a result, the upgrade should be planned accordingly.
When upgrading the logs won't be migrated. The old logs directory will still contain the previous logs.
Navigate to the
docker
folder of the existing ASM deployment.Stop ASM and remove all the containers.
- Dashboard enabled
- Dashboard disabled
The Dashboard provides visualization of key metrics for monitoring the authorization performance of the running instances of Access Decision Service (ADS).
docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml down
docker-compose down
Unzip the ASM 7.5 distribution to the folder where you want to run ASM on.
Navigate to the
docker
folder of the extracted distribution and opencredentials.txt
using a text editor.Update the placeholder values for Access key ID and Secret access key with the values provided by Axiomatics.
tipThese are the same values that were used when AWS CLI was configured.
Optionally, you can run ASM on a machine with a hostname other than the default as follows:
Change the default hostname
- Navigate to the
docker
folder of the extracted distribution. - Update the
HOST
variable in the.env
file. The default value islocalhost
. - Save the file and exit.
- Navigate to the
Copy a valid ASM license file to the
docker
folder.noteThis file is provided separately by Axiomatics.
Enable the BuildKit feature of Docker:
- Linux/macOS
- Windows
export DOCKER_BUILDKIT=1
Run the following command using PowerShell:
$Env:DOCKER_BUILDKIT=1
Configure the SSL Certificate common name.
In production environments, you should import trusted certificates only, while in dev and test environments you have the ability to create a self-signed certificate.
- Import
- Create
ASM requires a
PKCS#12
(Public Key Cryptography Standard #12) certificate. In case you already have a certificate with different format such as.pem
, you should convert it toPKCS#12
. The certificate file must be namedcert.keystore.p12
. During the creation of the certificate, the name (or alias) must be set toserver
.- Navigate to the
docker/api.gateway/certs/
folder of the extracted distribution. - Copy your certificate to this folder.
Generate a self-signed certificate as follows:
Navigate to the
docker
folder of the extracted distribution.Open the
.env
file and update the following entries:CERTIFICATE_CN
with your common nameCERTIFICATE_KEY_STORE_PASSWORD
with your password
Generate the certificate:
- Linux/macOS
- Windows
From the
docker/api.gateway/certs/
folder, run the following command.sh generate_self_signed_certificate.sh
Make sure that the following files were created:
cert.keystore.p12
server.crt
From the
docker\api.gateway\certs
folder, run the following commands using PowerShell.ImportantIn the first command, replace
<your_cert_key_store_pw>
and<your_cert_cn>
with the same values that were previously used in the.env
file.docker build -t certificate -f ./Dockerfile.cert . --build-arg CERTIFICATE_KEY_STORE_PASSWORD=<your_cert_key_store_pw> --build-arg CERTIFICATE_CN=<your_cert_cn>
docker create --name cert certificate; docker cp cert:/cert.keystore.p12 ./cert.keystore.p12; docker cp cert:/server.crt ./server.crt; docker rm -f cert; docker image rm certificate
Make sure that the following files were created:
cert.keystore.p12
server.crt
Optionally, if you are using custom Attribute Connectors, restore the
docker/asm.core/attribute.connectors/custom-attribute-connectors
folder from the previous ASM deployment.Start all the service's containers again.
- Dashboard enabled
- Dashboard disabled
docker-compose -f docker-compose.yml -f docker-compose.dashboard.yml up --build
docker-compose up --build
If you are upgrading ASM, restore your backed up data.