SnapLogic - Integration Nation

vaidyarm · ‎01-19-2020

Hi

we are planning to upgrade the Groundplex nodes from Java 8 to Java 11 as per the below instructions given on portal (applicable to our system)

Stop the existing JCC node by running the following command:
$ sudo /opt/snaplogic/bin/jcc.sh stop
Download the new Snaplex installer and install the Groundplex, running the RPM, DEB, or Docker installers as appropriate.
For RPM systems, run the following command:
$ rpm -U snaplogic-snaplex.rpm
Add the following entry to the /etc/sysconfig/jcc directory. You must create this directory and file if neither are present.
export SL_JAVA_HOME=/opt/snaplogic/pkgs/jdk-11.0.1/
Start the JCC node by running the following command:
$ sudo /opt/snaplogic/bin/jcc.sh start.

however, I have confusion on point 3 as I am unclear what we exactly need to do here.
as we don’t have /jcc folder there I will create it but what permission we need to grant to that folder? permission should be given to which user?
what is the name and extension of the file we need to create here? do we need to put the given export statement inside it or its command?

please give more clarity on this point

akidave · ‎02-04-2020

Copying the trust store file directly is possible but it is not recommended, the newer JRE installation will have updated CA trust entries which would get overwritten if the file is directly copied. To copy a custom trust entry, it can be exported and then imported. To get the alias names in existing trust store, do

$OLD_JRE/bin/keytool -list -keystore $OLD_JRE/lib/security/cacerts -storepass changeit -v | grep ^Alias | grep -v "\[jdk\]"

The CA trust entries have aliases like “digicerttrustedrootg4 [jdk]”, excluding jdk should list only the custom trust entry aliases.

To export a specific certificate named MYALIAS, do
$OLD_JRE/bin/keytool -keystore $OLD_JRE/lib/security/cacerts -storepass changeit -export -file MYALIAS.cert -alias MYALIAS

To import MYALIAS.cert into new trust store, do
$NEW_JRE/bin/keytool -keystore $NEW_JRE/lib/security/cacerts -storepass changeit -import -file MYALIAS.cert -alias MYALIAS

Taking a backup of the cacerts file before the import would be good.

christwr · ‎03-16-2020

If we’ve installed custom server certificates, which the ground nodes present for triggered tasks and such (in /etc/snaplogic/jcc-serverkeys.jks), do we have to redo anything there?

akidave · ‎03-16-2020

No change is required as part of the JRE upgrade for handling custom SSL certificates and certificates used for enhanced encryption.

christwr · ‎03-18-2020

Okay, thanks! Got a question on this step:

Download the new Snaplex installer and install the Groundplex, running the RPM, DEB, or Docker installers as appropriate.
For RPM systems, run the following command:
$ rpm -U snaplogic-snaplex.rpm

I downloaded snaplogic-sidekick-4.master-6851-x86_64.rpm from my Manager UI, but when I run the following:

rpm -U snaplogic-sidekick-4.master-6851-x86_64.rpm

I get the following response, and the RPM update quits:

package snaplogic-sidekick-1:4.mrc298-1.x86_64 (which is newer than snaplogic-sidekick-4.master_6851-1.x86_64) is already installed

Any thoughts what this is about?

christwr · ‎03-19-2020

FYI for others’ awareness -

I opened a case with support, and they claim our original RPM of SnapLogic (on this particular machine) is “very old” (<3yr) when they used a different RPM versioning format, so the rpm -U (update) won’t work as documented. They say we need to completely uninstall the existing package and then reinstall the latest package, which means that not only do the CA certs have to be re-applied (planned), but also the SERVER certs (not planned), and probably have to redo the system service/init.d settings as well (not planned). And that process may vary on each machine, depending on the original RPM used to install on that specific machine (basically age of the original install) - even though everything is running latest release…

🙄

SnapLogic - Integration Nation

Java 8 to Java 11 Upgrade