V2.3 to V2.4
Steps to migrate REGARDS from version 2.3 to 2.4
Playbook modifications
- Download last playbook version (especially all roles) and move your inventory inside the new playbook
- Edit your inventory file
group_vars/all/main.yml:
# Replace
version: 2.3.X
# Into
version: 2.4.Y
- Shutdown REGARDS using the playbook
ansible-playbook --ask-pass --ask-become-pass -i [...] regards-shutdown.yml [...]
Or if your inventory use a vault system to encrypt credentials
ansible-playbook --ask-pass --ask-become-pass --ask-vault-pass -i [...] regards-shutdown.yml [...]
- Remove old plugins from NFS as their name may have changed
ansible-playbook --ask-pass --ask-become-pass -i [...] regards-delete-plugins.yml [...]
Or if your inventory use a vault system to encrypt credentials
ansible-playbook --ask-pass --ask-become-pass --ask-vault-pass -i [...] regards-delete-plugins.yml [...]
- Update REGARDS using the playbook
ansible-playbook --ask-pass --ask-become-pass -i [...] regards.yml [...]
Or if your inventory use a vault system to encrypt credentials
ansible-playbook --ask-pass --ask-become-pass --ask-vault-pass -i [...] regards.yml [...]
During startup and before RabbitMQ migration, some REGARDS services will be unavailable.
- Wait for the stack REGARDS to be up and running
cd /path/to/regards/cli
./status.sh
# Check every containers of RabbitMQ are up and running
This step may take some time, especially if the database contains a lot of data (t_aip and t_sip tables in the ingest schema for the rs-ingest microservice, t_feature table for the rs-fem microservice). These are SQL scripts automatically run by Flyway to migrate the database, which can take quite a long time (contact the REGARDS TMA team to run these scripts manually).
PostgreSQL SSL/TLS support
Version 2.4 introduces SSL/TLS connection support for databases.
By default, REGARDS now connects to databases using sslmode=require. This means that if your project's PostgreSQL
instance does not have SSL/TLS enabled, you must override this value in your inventory.
To change SSL mode for the instance database connection, set the following in your inventory:
group_config_mservices:
postgres:
instance:
ssl:
mode: "require" | "prefer"
Migrating existing database connections
During migration, you must update the database connection configuration for each service to add the appropriate
sslmode (either requireor prefer). This is done by modifying the admin.t_project_connection table in the instance
database. You need to update the url column to include the sslmode parameter.
You should also review the configuration of any plugins and workers that directly connect to a database,
as their connection strings may also need to be updated with the appropriate sslmode.