Java 8 to Java 11 Upgrade

Question

Hi
we are planning to upgrade the Groundplex nodes from Java 8 to Java 11 as per the below instructions given on portal (applicable to our system)

Stop the existing JCC node by running the following command:
$ sudo /opt/snaplogic/bin/jcc.sh stop

Download the new Snaplex installer and install the Groundplex, running the RPM, DEB, or Docker installers as appropriate.
For RPM systems, run the following command:
$ rpm -U snaplogic-snaplex.rpm

Add the following entry to the /etc/sysconfig/jcc directory. You must create this directory and file if neither are present.
export SL_JAVA_HOME=/opt/snaplogic/pkgs/jdk-11.0.1/

Start the JCC node by running the following command:
$ sudo /opt/snaplogic/bin/jcc.sh start.

however, I have confusion on point 3 as I am unclear what we exactly need to do here.
as we don’t have /jcc folder there I will create it but what permission we need to grant to that folder? permission should be given to which user?
what is the name and extension of the file we need to create here? do we need to put the given export statement inside it or its command?
please give more clarity on this point

akidave · Answer

Copying the trust store file directly is possible but it is not recommended, the newer JRE installation will have updated CA trust entries which would get overwritten if the file is directly copied. To copy a custom trust entry, it can be exported and then imported. To get the alias names in existing trust store, do
$OLD_JRE/bin/keytool -list -keystore $OLD_JRE/lib/security/cacerts -storepass changeit -v | grep ^Alias | grep -v "$$jdk$$"
The CA trust entries have aliases like “digicerttrustedrootg4 [jdk]”, excluding jdk should list only the custom trust entry aliases.
To export a specific certificate named MYALIAS, do
$OLD_JRE/bin/keytool  -keystore $OLD_JRE/lib/security/cacerts -storepass changeit -export -file MYALIAS.cert -alias MYALIAS
To import MYALIAS.cert into new trust store, do
$NEW_JRE/bin/keytool  -keystore $NEW_JRE/lib/security/cacerts -storepass changeit -import -file MYALIAS.cert -alias MYALIAS
Taking a backup of the cacerts file before the import would be good.

akidave · Answer

No change is required as part of the JRE upgrade for handling custom SSL certificates and certificates used for enhanced encryption.

christwr · Answer

This ended up having a simplier solution!
rpm -U --force
😀

akidave · Answer

The /etc/sysconfig directory should contain a file named jcc with the contents
export SL_JAVA_HOME=/opt/snaplogic/pkgs/jdk-11.0.1/
The /etc/sysconfig directory and /etc/sysconfig/jcc file should be readable by everyone. One way to create the file would be
sudo mkdir -p /etc/sysconfig; sudo sh -c "echo 'export SL_JAVA_HOME=/opt/snaplogic/pkgs/jdk-11.0.1/' &gt;&gt; /etc/sysconfig/jcc"
We will update the documentation.

vaidyarm · Answer

Thanks Dave, i could see it in documentation also.
Also can you tell how can we copy current cacerts files from current to new location using keytool utility with reference to below notes in documentation (we don’t have any additional customization to be done on the nodes )
"
To use custom truststore entries, you should back up the  /opt/snaplogic/pkgs/jre1.8.0_162/lib/security/cacerts  file and copy any additional custom truststore entries to the  /opt/snaplogic/pkgs/jdk-11.0.1/lib/security/cacerts  file using the keytool utility.
"
let me know if there is any command handy with you.
thanks

Forum Discussion

Java 8 to Java 11 Upgrade

10 Replies

Recent Discussions

Google Sheets Subscribe questions

Basic string transformations not working

Can we generate XML file in pretty print format using native snapLogic snaps?

Multipart Reader failure - 'content-type' was not found

Unable to write sldb file to file system