CoCCA Installation, patch, upgrade

From CoCCA Registry Services (NZ) Limited

Jump to: navigation, search

Contents

CoCCA Installation

CoCCA is installed using an "installer stack" that runs from the command line or GUI.

OS - 64 Bit Version OS ( RH/Centos/Ubuntu ).

CoCCA Installer Stack

Recommended: - Bind ( 9.10.3 ) - Fail2Ban - Goolge Auth

You can download CoCCA Installer from here CoCCA_SRS_Software. The installer compatible with all Linux 64 bit operating system. To install CoCCA Registry system you should only downland the CoCCA Installer, make it runnable, then execute follow installation steps:


   #cd /tmp
   #wget https://wiki.cocca.org.nz/mediawiki/images/d/d6/cocca-8-linux-x64-installer.run
   #chmod +x CoCCA-8-linux-x64-installer.run
   #./CoCCA-8-linux-x64-installer.run

The installer wizard will ask several questions then install the CoCCA software. Before starting the installation it is recommended that an A record be created that points to the server IP ( or setup in the host file ). If this has not been done, the host name can be edited after installation in the resin.xml file.


  #./Cocca-8-linux-x64-installer.run

After the installation the main components of CoCCA are:


- Postgresql database:

 - The default configuration file will be located at
   /opt/CoCCA-8/postgresql/data/postgresql.conf  
   /opt/CoCCA-8/postgresql/data/pg_hba.conf 
 - The postgresql log file path is /opt/CoCCA-8/postgresql/postgresql.log

- resin web server:

 - The default main configuration file located at /opt/CoCCA-8/resin/conf/resin.xml
 - The resin and CoCCA log file path is  /opt/CoCCA-8/log/otestdout.log 
 - CoCCA WAR (Web application ARchive) file location path  /opt/CoCCA-8/production/ROOT.war 
 - after installation you can access CoCCA GUI on port 443 using your hostname https://registry.nic.TLD/login.jsp

- Java :

 - the installation directory is /opt/CoCCA-8/java/   

- Keystore Directory

 - The full path for the directory where store keystore is  /opt/cocca-8/keys , this will include the EPP keystore and server    
   certificate.

CoCCA Patch and Update Procedure

The CoCCA Software is developed continuously, for this you can stay uptodate, to identify your current version ( it is in the footer of the web page and is in the format of 8.1-YYYY.MM.DD). File:cocca_footer.jpg


The update processes is very simple, to update current CoCCA version to new version you can follow the following simple steps:


- Backup your Registry Database first(very important) from Registry GUI (set your registry in outage mode then take the backup).
- download the latest .WAR file from CoCCA_SRS_Software_last_Patches_and_CoCCA_installer
- rename the file to "ROOT.war" ( not root.war).
- move and rename the existing ROOT.war file from "/opt/cocca-8/production" to a backup directory under /opt/ ( incase you need to roll - back )
- backup the database via the GUI.
- copy the latest war file to "/opt/cocca-8/production/ROOT.war"
- restart resin with the command /opt/cocca-8/ctlscript.sh restart resin.
- go to your registry interface in the browser.

CoCCA Upgrade from old Installer How to

New CoCCA software installer has been released, the new installer include upgrade Postgresql to 9.4.1, Java to 1.8 , resin server to 4.0.42. we recommand to upgrade your old CoCCA installation to new, this can be done using CoCCA installer or manually.


Upgrade CoCCA SRS from versions earlier than 20151015

If you are using old version of CoCCA software earlier than 20151015 for example 2014xxxxx, you need to begin with old CoCCA patches and use the patches step by step. The update processes is very simple, please follow those steps: 1- Test CoCCA upgrade on an OTE server before deploying to production.

2- prepare you OTE server (Centos 7, RAM 4GB at leats ,..)

3- Backup your Registry Database first(very important) from Registry GUI (set your registry in outage mode then take the backup). and copy this backup to OTE.

4- Install last CoCCA Installer in your OTE server.

5- downgrade CoCCA SRS in OTE to same version in your production server. for example if your current release is Nightly-1112.war in your production server then downgrade CoCCA SRS in OTE to same version or to near version of your Registry ( for example you can use version Nightly-1117.war from Nightly Builds 2014).

   OTE# wget  https://wiki.cocca.org.nz/mediawiki/images/b/ba/Nightly-1117.war
   OTE# cp Nightly-1117.war  /opt/cocca-8/production/ROOT.war
   OTE# /etc/init.d/cocca restart

6- Now unzip your backup file and import it in you OTE server

   unzip backup file:
   OTE# jar -xf backup-2016-06-29-00-00-00.bak.zip
   Import the backup.sql file into OTE server
   OTE#  /opt/cocca-8/postgresql/bin/psql -U postgres -d registry -f backup.sql
   OTE#  /etc/init.d/cocca restart

7- Test the login to your Registry if it is Ok you need to upgrade your OTE to next CoCCA version, for example you can patch your registry to Nightly-1119.war version:

   OTE# wget https://wiki.cocca.org.nz/mediawiki/index.php/File:Nightly-1119.war
   OTE# cp Nightly-1119.war  /opt/cocca-8/production/ROOT.war
   OTE# /etc/init.d/cocca restart

8- Test the login to your Registry after last update. if it is ok then please repeat step 7 until you reach last verion.

Upgrade CoCCA Components (postgresql, JAVA. resin, CoCCA SRS) using last installer

The most important step is the postgresql upgrade, which will take most of time to backup and import database. To upgrade the postgresql-9.3 to postgresql-9.4 we need to follow the follwoing steps:


  1 - first backup the current databases, we should sure your database is not being updated.
     # cd /opt/cocca-8/postgresql/bin/
     # PGPASSWORD='YOUR_POSTGRES_PASSWORD' ./pg_dumpall -U postgres  > /opt/db.registry.psql

  2 - stop your postgresql 9.3 server
      # /etc/init.d/cocca stop    

  3 - restoring from backup, rename the old installation directory, in case you have trouble and need to revert to it.
      # mv /opt/cocca-8 /opt/cocca-8.old ,mv /etc/init.d/cocca 

  4 - Install the new installer
      # wget https://wiki.cocca.org.nz/mediawiki/images/d/d6/Cocca-8-linux-x64-installer.run
      # chmod +x Cocca-x64-installer.run

  5- Stop New CoCCA installation
      #/etc/init.d/cocca stop 

  6- Restore your previous pg_hba.conf and any postgresql.conf , resin.xml, Keys.

      # mv /opt/cocca-8/postgresql/data/pg_hba.conf /opt/cocca-8/postgresql/data/pg_hba.conf.orgi 
      # cp /opt/cocca-8.old/postgresql/data/pg_hba.conf /opt/cocca-8/postgresql/data/pg_hba.conf
      # mv /opt/cocca-8/postgresql/data/postgresql.conf /opt/cocca-8/postgresql/data/postgresql.conf.orgi
      # cp /opt/cocca-8.old/postgresql/data/postgresql.conf /opt/cocca-8/postgresql/data/postgresql.conf
      # mv /opt/cocca-8/resin/conf/resin.xml /opt/cocca-8/resin/conf/resin.xml.orgi
      # cp /opt/cocca-8.old/resin/conf/resin.xml /opt/cocca-8/resin/conf/resin.xml
      # mv /opt/cocca-8/keys /opt/cocca-8/keys.old
      # cp -r /opt/cocca-8.old/keys /opt/cocca-8/
      # chown -R postgres:postgres /opt/cocca-8/postgresql/data

  7- Start the new PostgreSql DB installation     
      # /opt/cocca-8/postgresql/scripts/ctl.sh start

  8- Finally, restore your data from backup with

       # /opt/cocca-8/postgresql/bin/psql -U postgres

         # DROP database registry

         # CREATE database registry

         # \q

       # /opt/cocca-8/postgresql/bin/psql -U postgres  -f  /PATH to/db.registry.psql

The final step is the database import which will take time depend on the Database size, after database imported successfully you can restart new Installation /etc/init.d/cocca restart , then go to Registry GUI via browser.


Upgrade Upgrade CoCCA Components (postgresql, JAVA) manually without using installer

If you do not like to use the installer, you can upgrade every component alone without use the CoCCA Installer, in this section we will explain how you can upgrade the main Registry component manually, and we will see how to upgrade postgresql and java.


UPGRADE postgresql-9.x.x to postgresql-9.6.1


To upgrade the postgresql-9.x.x to postgresql-9.6.1 we need to follow the follwoing steps:

  1 - first backup the current database, we should sure our database is not being updated.
     # cd /opt/cocca-8/postgresql/bin/
     # ./pg_dump -U postgres registry >/opt/db.registry.psql

  2 - stop your postgresql 9.x.x server
      # /opt/cocca-8/postgresql/scripts/ctl.sh stop    

  3 - restoring from backup, rename the old installation directory, in case you have trouble and need to revert to it.
      # mv /opt/cocca-8/postgresql /opt/cocca-8/postgresql.old

  4 - Install the new version of PostgreSQL 9.6.0 as the following steps:
      # yum install gcc readline-devel zlib-devel
      # mkdir /opt/cocca-8/postgresql
      # cd /opt/cocca-8/
      # wget http://ftp.postgresql.org/pub/source/v9.6.1/postgresql-9.6.1.tar.gz
      # tar xvfz postgresql-9.6.1.tar.gz
      #  cd postgresql-9.6.1
      # ./configure  --prefix=/opt/cocca-8/postgresql
      # make
      # make install

  5 - Create a new database at new PostgreSQL installation
      # cd /opt/cocca-8/postgresql
      # mkdir data
      # chown -R postgres:postgres ../postgresql
      # ls -ld  data
      # su - postgres
      # /opt/cocca-8/postgresql/bin/initdb -D /opt/cocca-8/postgresql/data/

 6 - Run New PostgreSQL installation
      # touch /opt/cocca-8/postgresql/postgresq.log 
      # /opt/cocca-8/postgresql/bin/pg_ctl -D /opt/cocca-8/postgresql/data/ -l /opt/cocca-8/postgresql/postgresq.log start
      # /opt/cocca-8/postgresql/bin/psql -U postgres	  
      # ALTER USER postgres WITH PASSWORD '<newpassword>';

 7 - You can use the new generated postgresql.conf and pg_hba.conf files so you need to configure the buffer and cache memory in postgresq.conf file and 
     reconfigure pg_hba.conf to allow connection from local host using MD5 password, OR you can restore your previous pg_hba.conf and any postgresql.conf    
     (recommended if you configure replication or specific config), or edit new pg_hba.conf to allow postgres user login with password.

Note:

    You should change the default parameters for postgresql.conf for (shared_buffers, effective_cache_size, checkpoint_segments, ..)

      # /opt/cocca-8/postgresql/data/pg_hba.conf
      change the following lines from :

      local   all             all                                     trust
      # IPv4 local connections:
      host    all             all             127.0.0.1/32            trust
      # IPv6 local connections:
      host    all             all             ::1/128                 trust

      It should be :

      local   all             all                                     md5
      # IPv4 local connections:
      host    all             all             127.0.0.1/32            md5
      # IPv6 local connections:
      host    all             all             ::1/128                 md5

 8- Finally, restore your data from backup with
       # /opt/cocca-8/postgresql/bin/psql -U postgres

       #CREATE database registry;

# \q


       # /opt/cocca-8/postgresql/bin/psql -U postgres -f  /opt/db.registry.psql

 9- after import Database successfully you need to copy the script folder from old postgresql installation to new one then start CoCCA
       # cp -r /opt/cocca-8/postgresql.old/scripts /opt/cocca-8/postgresql/
       # /etc/init.d/cocca restart


UPDATE JAVA

NOTE: If updating to JDK 8u60 or greater you need to remove reference to cipher-suite from /opt/cocca-8/resin/conf/resin.xml

Around line 156, in resin.xml look for and delete <cipher-suites>SSL_RSA_WITH_RC4_128_MD5..,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</cipher-suites>

NOTE: if you upgrade from java 1.7 or order do not forget to check the javac option in resin.xml file and it should be as the following:

 <javac compiler="internal" args="-source 1.8"/>

1- Stop resin Server

  # /opt/cocca-8/ctlscript.sh stop
  # cd /opt/cocca-8/
  # mv /opt/cocca-8/java /opt/cocca-8/java.old

2- Install JAVA 8 from source code

  #  wget --no-check-certificate -c --header "Cookie: oraclelicense=accept-securebackup-cookie"  http://download.oracle.com/otn-pub/java/jdk/8u152-b16/aa0333dd3019491ca4f6ddbe78cdb6d0/jdk-8u152-linux-x64.tar.gz
  # tar xzf jdk-8u152-linux-x64.tar.gz
  # mv jdk-8u152-linux-x64.tar.gz java
  # If you have more than java version installed into your OS then follow the following instructions: 
  # alternatives --install /usr/bin/java java /opt/cocca-8/java/bin/java 2
  # alternatives --config java
  # alternatives --install /usr/bin/jar jar /opt/cocca-8/java/bin/jar 2
  # alternatives --install /usr/bin/javac javac /opt/cocca-8/java/bin/javac 2
  # alternatives --set jar /opt/cocca-8/java/bin/jar
  # alternatives --set javac /opt/cocca-8/java/bin/javac 
  # java -version
  # export JAVA_opt=/opt/cocca-8/java;export JRE_opt=/opt/cocca-8/java/jre;export PATH=$PATH:/opt/cocca-8/java/bin:/opt/cocca-8/jre/bin
  #

3- start your resin server

  # /opt/cocca-8/ctlscript.sh start

Notice :


       after UPGRADE resin to 4.0.42, do not forget to update JDBC driver.

Personal tools