System Upgrade/Downgrade
You can upgrade/downgrade your CipherTrust Manager by securely downloading and applying a new/older system archive file.
Note
Refer to Cluster Upgrade for details on upgrading a cluster of devices.
Restoring a backup from release 1.5.0 or later is supported; however, restoring a newer backup to an older version is never supported.
System Upgrade
Caution
Please read this section carefully before performing an system upgrade.
System upgrades are supplied in the form of a signed archive file available from the Support Portal.
We test upgrades from the three previous minor versions. That means that for 2.4, we tested upgrade from 2.1, 2.2, and 2.3.
Note
Upgrades from other versions have not been tested and may not work correctly.
Caution
If you have DDC configured, you can only upgrade from 2.2.0.
Download the archive file to CipherTrust Manager:
$ scp -i <ssh private key path> <update file name> ksadmin@<ip>:.
Note
The signature of the archive file is verified before the upgrade/downgrade is performed.
Before proceeding, ensure there is at least 12 GB of space available (not including the upgrade file).
Create and download a backup with corresponding backup key, in case there are any problems.
Note
Upgrades keep all the data and may migrate the data and configuration. Therefore, as a precaution, it is recommended to take a backup before upgrading.
scp
the archive file to the CipherTrust Manager:$ scp -i <identity_file> <update file name> ksadmin@<ip>:.
ssh
into the CipherTrust Manager asksadmin
and run the following command:$ sudo /opt/keysecure/ks_upgrade.sh -f <~/filename>
Here,
<~/filename>
specifies path to the signed CipherTrust Manager installer file.The signature of the archive file is verified and the upgrade is applied.
System Downgrade
CipherTrust Manager 2.4.0 can be downgraded to 2.3.0. For release-specific upgrade/downgrade information, refer to the release notes for your release.
To downgrade your CipherTrust Manager
Note
Downgrades perform a CipherTrust Manager reset, which wipes all data except the backup files that already exist.
SSH into the CipherTrust Manager as "ksadmin".
Downgrade the CipherTrust Manager:
$ sudo /opt/keysecure/ks_downgrade.sh -f <~/filename> -y
Usage: ks_downgrade.sh -f <FILE> [-o] [-y]
* `-f`: Path to the signed ${cm} installer file.
* `-o`: Clustered node cannot be downgraded. Use this flag to override this behavior.
* `-y`: Skip the confirmation prompt for ${cm} reset.