Important Upgrade Notes
Review these upgrade notes and follow any instructions when upgrading ID installations.
Some notes apply only to certain installation environments:
Environment | Info |
---|---|
ALL | Applies to all installations |
DOCKER | Applies only to Docker based installations |
RPM | Applies only to RPM package managed installations |
If you’re upgrading from a version earlier than…
4.37.0
Version 4.36.0 MUST be installed before this or later version and it's upgrade steps must be completed first.
This version brings a lot changes to indexing and therefore you should wait for index build to complete after upgrading the first cluster node. See here for instructions how to monitor index build process.
After installing this version, login by email/mobile may take longer than usual while new database indexes are built. This should not take more than a few minutes.
4.36.0
As always, log in to management user interface and perform automated upgrade steps.
5.0
RPM installation is no longer supported. Only Docker installations are supported.
4.25
To enable Sentry error monitoring support, add the Sentry parameters to configuration files.
Note that the default http.content-security-policy
value has changed,
if you have overridden it the new value is:
http.content-security-policy=default-src 'self' 'unsafe-inline' 'unsafe-eval'; \
font-src *; \
frame-src *; \
frame-ancestors 'self'; \
img-src *; \
report-uri /csp-report ; \
style-src 'unsafe-inline' *;
4.21
To enable Feature Flags support, add the Unleash parameters to configuration files.
4.19
ALL Note that version 4.19 requires MongoDB version 4.2 or later.
RPM In order to upgrade Trivore ID cluster to version 4.19 or newer, it MUST be first upgraded to version 4.18. Version 4.18 brings some compatibility changes for cluster node ID handling and therefore upgrade from earlier releases to 4.19 is not possible.
-
First, perform normal upgrade procedure to version 4.18, one node at a time.
-
Second, perform normal upgrade procedure to version 4.19, one node at a time.
-
Third, login to the Trivore ID instance being upgraded and perform “Simplify Node ID values“ migration step.
4.18
DOCKER This version has breaking changes for docker installation. Container now runs as user uid 5001 instead of root. Log and data volumes and their contents MUST be writable by this user. Adjust file and directory permissions when updating to this version.
Recommended commands to run before starting new container:
chown -R 5001:5001 /var/lib/docker/volumes/<stack-name>_logs/_data
chown -R 5001:5001 /var/lib/docker/volumes/<stack-name>_data/_data
DOCKER
Additionally, conf
volume has been removed. Migrate all configuration
from oneportal.conf
file to docker compose.yml
file using
environment variables. Remove conf
volume definition from compose file
and execute:
docker volume rm <stack_name>_conf
docker volume rm trivore-id_conf
DOCKER
Additionally, environment varaible LDAP_ENABLED
is now optional with
default value of false
. Other LDAP variables are not needed when LDAP
is disabled.
New volume certs
now exists if there is a need to configure locally
trusted certificates. Usually not needed as Trivore ID image contains
all needed trusted certificates by default.
Example certs volume in compose.yml
:
services:
main:
volumes:
- certs:/deployments/trivore-id/conf/certs
volumes:
certs:
4.16
ONEP-2739: If the user manual strong authentication is enabled prior to Trivore ID 4.16 release, then before updating, the list of allowed strong identification documents should be noted. The list can be found on system preferences on a specific client related settings view. After the list of allowed documents have been noted, the update can be done.
After updating Trivore ID to version 4.16, for any namespaces that used the manual strong authentication feature, the namespace settings should be updated in terms of allowed strong identification documents. This can be done in the namespace settings, under the miscellaneous tab. Select all strong identification documents that were noted before updating and then save the namespace settings. Note that, if there were multiple namespaces using the manual strong authentication feature, then the process has to be repeated for all of them.
After the namespace settings has been updated, it can be verified that the namespace has the correct documents selected by going into the accounts view with the previously edited namespace as active, selecting a user account and then selecting the "Identify the person" item in the actions menu. A window should pop up with a list of allowed documents. If the correct documents are selectable in the window, the window can be closed. If not, then close the window, re-edit the namespace allowed documents and repeat the verification step.
4.12
ONEP-2450: For a brief moment during the update process, the cluster will diverge into two (nodes running older version of Apache Ignite and nodes running the updated version). During this time any scheduled tasks will be executed on both clusters. Therefore, it’s recommended to schedule the update so that it will not be done during an exact hour. Alternatively, hourly scheduled tasks may be turned of during the update process.
ONEP-2696: For Trivore ID instances using Suomi.fi strong identification, it is required that a migration script for strong identifications is run in MongoDB. The script will copy the latest user’s strong identification entries from a separate strong identification collection to the user, which is required by some views in the platform.
- Download the scripts: currently located in private repository.
- Running the update scripts:
Copy the script to the server as filecopy.js
. Run the copy script withmongo {server-specific options} copy.js
. It will print the IDs of modified users and their amount, as well as the number of found strong identification objects.