Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

CipherTrust Manager Administration

System Upgrade/Downgrade

search

Please Note:

System Upgrade/Downgrade

You can upgrade/downgrade your CipherTrust Manager by securely downloading and applying a new/older system archive file.

Note

Refer to Cluster Upgrade for details on upgrading a CipherTrust Manager which is part of a cluster of devices.

System Upgrade

Caution

Please read this section carefully before performing an system upgrade.

Caution

All quorum policies must be disabled before system upgrade. This limitation is valid as long as quorum is a technical preview feature.

  • We test upgrades from the three previous minor versions. That means that for 2.9.x, we tested upgrade from 2.8.x, 2.7.x, and 2.6.x. We have also tested upgrade from lower 2.9.x versions to 2.9.x patches.

    Note

    Upgrades from other versions have not been tested and may not work correctly.

  • You require ksadmin level access with an SSH key.

  • Obtain the signed archive file for the upgrade from the Support Portal. The file has the format ks_upgrade_<major.minor.patch+build_number>.tar.gz.gpg.

  • On CipherTrust Manager create and download a backup with corresponding backup key, in case there are any problems.

    Note

    Upgrades keep all the data and may migrate the data and configuration. Therefore, as a precaution, it is recommended to take a backup before upgrading.
    Consult the backups page for details on forward compatibility for backups. Restoring a newer backup to an older version is never supported.

  • scp the archive file to the CipherTrust Manager. You require the private SSH key associated with the ksadmin account.

    scp -i <path_to_private_SSH_key> <archive_file_name> ksadmin@<ip>:.

  • ssh into the CipherTrust Manager as ksadmin and ensure there is at least 12 GB of space available (not including the upgrade file). Use df -h/ to view available space.

  • Run the following command:

    sudo /opt/keysecure/ks_upgrade.sh -f <archive_file_path>

    Here, <archive_file_path> specifies the CipherTrust Manager path to the signed archive file.

    The signature of the archive file is verified and the upgrade is applied.

  • Reboot the appliance when prompted.

  • Ensure the CipherTrust Manager services have started. From the ksadmin session, run systemctl status keysecure. Alternatively, you can visit the CipherTrust Manager web console or attempt to connect with the ksctl CLI.

System Downgrade

CipherTrust Manager 2.9.x can be downgraded to 2.8.x. For release-specific upgrade/downgrade information, refer to the release notes for your release.

To downgrade your CipherTrust Manager

Note

Downgrades perform a CipherTrust Manager reset, which wipes all data except the backup files that already exist.

  1. SSH into the CipherTrust Manager as "ksadmin".

  2. Downgrade the CipherTrust Manager:

    $ sudo /opt/keysecure/ks_downgrade.sh -f <~/filename>

Usage: ks_downgrade.sh -f <FILE> [-o]

*  `-f`: Path to the signed ${cm} installer file.

*  `-o`: Clustered node cannot be downgraded. Use this flag to override this behavior.

On this page