This file explains how to upgrade an existing install of Apache VCL to Apache VCL 2.3. It assumed that you extracted the release archive to /root/apache-VCL-2.3-incubating The basic steps that will be performed: 1. Shutdown httpd and vcld services 2. Create backup of vcl database 3. Update mysql schema 4. Grant CREATE TEMPORARY TABLES to mysql user 5. Update Web code, create a backup, copy in new, make changes 6. Restart httpd service 7. Update Management node vcl code, create a backup, copy in new, make changes 8. Restart vcld service 1. Shutdown httpd and vcld services service httpd stop service vcld stop 2. Create a backup of vcl database We will create a backup of the vcl database. This will provide a restore point if necessary. mysqldump vcl > ~/vcl-pre2.3-upgrade.sql 3. Update mysql schema This step updates the mysql schema. cd /root/apache-VCL-2.3-incubating mysql vcl < mysql/update-vcl.sql One item of note: A new resource group is added in update-vcl.sql - "all profiles". Access to manage the group is added to the VCL->admin node in the privilege tree if that node exists. If not, you will need to add it manually after starting httpd again (step 6). To add it manually, pick a node in the privilege tree, scroll to Resources, click Add Resource Group, select "serverprofile/all profiles" from the drop-down box, check available, administer, manageGroup, and manageMapping, and click "Submit New Resource Group". 4. FOR UPGRADING from 2.1 and 2.2 ONLY (skip to step 5 if upgrading from 2.2.1) Grant CREATE TEMPORARY TABLES to mysql user The web code now requires access to create temporary tables in mysql. You need to grant the user your web code uses to access mysql the "CREATE TEMPORARY TABLES" permission. Look at the secrets.php file in your web code for the user and hostname. For example, if your web code is installed at /var/www/html/vcl, your secrets.php file would be /var/www/html/vcl/.ht-inc/secrets.php. Look for $vclhost and $vclusername. The secrets.php file might have something like: $vclhost = 'localhost'; $vcluser = 'vcluser'; Then, you need to issue the grant command to mysql. Using the values from above as examples, connect to mysql and then issue the grant command: mysql GRANT CREATE TEMPORARY TABLES ON `vcl`.* TO 'vcluser'@'localhost'; exit 5. Update web code This step we will move the existing web directory out of the way, so we can copy in the new web code base. After copying in the new code, we will migrate your configuration changes. These instructions assume that you installed the vcl web code at /var/www/html/vcl. If you installed it elsewhere, replace /var/www/html/vcl with your vcl web root. a. move your old code out of the way cd /var/www/html mv vcl ~/vcl-pre2.3_web b. copy the new code in place cd /root/apache-VCL-2.3-incubating cp -r web /var/www/html/vcl c. copy your config files from the previous version: cd ~/vcl-pre2.3_web/.ht-inc cp conf.php secrets.php pubkey.pem keys.pem /var/www/html/vcl/.ht-inc d. make /var/www/html/vcl/.ht-inc/maintenance writable by the web server - if httpd on your server is running as the user apache: chown apache /var/www/html/vcl/.ht-inc/maintenance e. update conf.php upgrading from 2.2.1: * add the following defines: define("DEFAULTLOCALE", "en_US"); define("ALLOWADDSHIBUSERS", 0); * remove the following arrays: $blockNotifyUsers - This has been replace by a user group permission that controls who can manage block allocations globally or for a specific affiliation. It can be granted to any user group under Privileges->Additional User Permissions->Manage Block Allocations $userlookupUsers - This has been replace by a user group permission that controls who can look up users globally or for a specific affiliation. It can be granted to any user group under Privileges->Additional User Permissions->User Lookup * Add the following two keys to each entry you have for LDAP authentication in the $authMechs array. Descriptions of the items can be found in the 2.3 conf-default.php file. "lookupuserbeforeauth" => 0, "lookupuserfield" => '', * change the following two lines for local authentication from $addUserFunc[$item['affiliationid']] = create_function('', 'return 0;'); $updateUserFunc[$item['affiliationid']] = create_function('', 'return 0;'); to $addUserFunc[$item['affiliationid']] = create_function('', 'return NULL;'); $updateUserFunc[$item['affiliationid']] = create_function('', 'return NULL;'); * remove the three commented lines toward the bottom that talk about adding an entry to $addUserFund for Shibboleth authenticated affiliations (# any affiliation that is shibboleth...) upgrading from 2.2: * add the following defines: define("DEFAULTLOCALE", "en_US"); define("ALLOWADDSHIBUSERS", 0); * remove the following arrays: $blockNotifyUsers - This has been replace by a user group permission that controls who can manage block allocations globally or for a specific affiliation. It can be granted to any user group under Privileges->Additional User Permissions->Manage Block Allocations $userlookupUsers - This has been replace by a user group permission that controls who can look up users globally or for a specific affiliation. It can be granted to any user group under Privileges->Additional User Permissions->User Lookup * Add the following two keys to each entry you have for LDAP authentication in the $authMechs array. Descriptions of the items can be found in the 2.3 conf-default.php file. "lookupuserbeforeauth" => 0, "lookupuserfield" => '', * Remove all of these arrays: $affilValFunc $affilValFuncArgs $addUserFunc $addUserFuncArgs $updateUserFunc $updateUserFuncArgs * Add the following code: $affilValFunc = array(); $affilValFuncArgs = array(); $addUserFunc = array(); $addUserFuncArgs = array(); $updateUserFunc = array(); $updateUserFuncArgs = array(); foreach($authMechs as $key => $item) { if($item['type'] == 'ldap') { $affilValFunc[$item['affiliationid']] = 'validateLDAPUser'; $affilValFuncArgs[$item['affiliationid']] = $key; $addUserFunc[$item['affiliationid']] = 'addLDAPUser'; $addUserFuncArgs[$item['affiliationid']] = $key; $updateUserFunc[$item['affiliationid']] = 'updateLDAPUser'; $updateUserFuncArgs[$item['affiliationid']] = $key; } elseif($item['type'] == 'local') { $affilValFunc[$item['affiliationid']] = create_function('', 'return 0;'); $addUserFunc[$item['affiliationid']] = create_function('', 'return NULL;'); $updateUserFunc[$item['affiliationid']] = create_function('', 'return NULL;'); } } upgrading from 2.1: If upgrading from 2.1, it is easier to start with a fresh copy of conf-default.php from 2.3 and then apply your changes to it again. If you are using LDAP authentication, you can copy all entries from $authMech out of your 2.1 conf.php file into your 2.3 conf.php file. However, note that you will need to add the following two additional keys to each entry. A description of these keys can be found in the 2.3 conf-default.php file. "lookupuserbeforeauth" => 0, "lookupuserfield" => '', 6. Restart httpd service service httpd start * Confirm you can access the VCL portal before continuing. 7. Update management node code This step will make a backup copy of the installed vcl code base and then copy the new code over the existing code to preserve any drivers or other files you've added. a. Copy the existing management node code base to a backup location cd ie. cd /usr/local/ cp -r vcl ~/vcl-pre2.3_managementnode b. Copy in the 2.3 code base to /usr/local, copying in should preserve any drivers or other files you've added. /bin/cp -r /root/apache-VCL-2.3-incubating/managementnode/* /usr/local/vcl c. (upgrading from 2.1 only) Make changes related to vcld.conf settings * Open VCL web interface * Go to Management Nodes * Select Edit Management Node Information * Select Edit. * Set any relevant fields: * SysAdmin Email Address(es) - comma delimited list of vcl admin email addresses * Address for Shadow Emails - a shared mail box, optional it receives email of all notifications * Public NIC configuration method - Defines what type of NIC configuration is used, options are dynamic DHCP, Manual DHCP, or static * End Node SSH Identity Key Files d. Run install_perl_libs.pl to update the perl dependencies (this will take a few minutes.) /usr/local/vcl/bin/install_perl_libs.pl 8. Restart vcld service service vcld start * Check the /var/log/vcld.log file to confirm vcld is working.