CoCCA Installation, patch, upgrade
From CoCCA Registry Services (NZ) Limited
CoCCA Installation
CoCCA is installed using an "installer stack" that runs from the command line or GUI.
OS - 64 Bit Version OS ( RH/Centos/Ubuntu ).
CoCCA Installer Stack
Recommended: - Bind ( 9.10.3 ) - Fail2Ban - Goolge Auth
You can download CoCCA Installer from here CoCCA_SRS_Software. The installer compatible with all Linux 64 bit operating system. To install CoCCA Registry system you should only downland the CoCCA Installer, make it runnable, then execute follow installation steps:
#cd /tmp #wget https://wiki.cocca.org.nz/mediawiki/images/d/d6/cocca-8-linux-x64-installer.run #chmod +x CoCCA-8-linux-x64-installer.run #./CoCCA-8-linux-x64-installer.run
The installer wizard will ask several questions then install the CoCCA software. Before starting the installation it is recommended that an A record be created that points to the server IP ( or setup in the host file ). If this has not been done, the host name can be edited after installation in the resin.xml file.
#./Cocca-8-linux-x64-installer.run
After the installation the main components of CoCCA are:
- Postgresql database:
- The default configuration file will be located at/opt/CoCCA-8/postgresql/data/postgresql.conf/opt/CoCCA-8/postgresql/data/pg_hba.conf- The postgresql log file path is/opt/CoCCA-8/postgresql/postgresql.log
- resin web server:
- The default main configuration file located at/opt/CoCCA-8/resin/conf/resin.xml- The resin and CoCCA log file path is/opt/CoCCA-8/log/otestdout.log- CoCCA WAR (Web application ARchive) file location path/opt/CoCCA-8/production/ROOT.war- after installation you can access CoCCA GUI on port 443 using your hostnamehttps://registry.nic.TLD/login.jsp
- Java :
- the installation directory is /opt/CoCCA-8/java/
- Keystore Directory
- The full path for the directory where store keystore is /opt/cocca-8/keys , this will include the EPP keystore and server
certificate.
CoCCA Patch and Update Procedure
The CoCCA Software is developed continuously, for this you can stay uptodate, to identify your current version ( it is in the footer of the web page and is in the format of 8.1-YYYY.MM.DD).
The update processes is very simple, to update current CoCCA version to new version you can follow the following simple steps:
- Backup your Registry Database first(very important) from Registry GUI (set your registry in outage mode then take the backup). - download the latest .WAR file from CoCCA_SRS_Software_last_Patches_and_CoCCA_installer - rename the file to "ROOT.war" ( not root.war). - move and rename the existing ROOT.war file from "/opt/cocca-8/production" to a backup directory under /opt/ ( incase you need to roll - back ) - backup the database via the GUI. - copy the latest war file to "/opt/cocca-8/production/ROOT.war" - restart resin with the command /opt/cocca-8/ctlscript.sh restart resin. - go to your registry interface in the browser.
CoCCA Upgrade from old Installer How to
New CoCCA software installer has been released, the new installer include upgrade Postgresql to 9.4.1, Java to 1.8 , resin server to 4.0.42. we recommand to upgrade your old CoCCA installation to new, this can be done using CoCCA installer or manually.
Upgrade CoCCA SRS from versions earlier than 20151015
If you are using old version of CoCCA software earlier than 20151015 for example 2014xxxxx, you need to begin with old CoCCA patches and use the patches step by step. The update processes is very simple, please follow those steps: 1- Test CoCCA upgrade on an OTE server before deploying to production.
2- prepare you OTE server (Centos 7, RAM 4GB at leats ,..)
3- Backup your Registry Database first(very important) from Registry GUI (set your registry in outage mode then take the backup). and copy this backup to OTE.
4- Install last CoCCA Installer in your OTE server.
5- downgrade CoCCA SRS in OTE to same version in your production server. for example if your current release is Nightly-1112.war in your production server then downgrade CoCCA SRS in OTE to same version or to near version of your Registry ( for example you can use version Nightly-1117.war from Nightly Builds 2014).
OTE# wget https://wiki.cocca.org.nz/mediawiki/images/b/ba/Nightly-1117.war OTE# cp Nightly-1117.war /opt/cocca-8/production/ROOT.war OTE# /etc/init.d/cocca restart
6- Now unzip your backup file and import it in you OTE server
unzip backup file:
OTE# jar -xf backup-2016-06-29-00-00-00.bak.zip Import the backup.sql file into OTE server OTE# /opt/cocca-8/postgresql/bin/psql -U postgres -d registry -f backup.sql OTE# /etc/init.d/cocca restart
7- Test the login to your Registry if it is Ok you need to upgrade your OTE to next CoCCA version, for example you can patch your registry to Nightly-1119.war version:
OTE# wget https://wiki.cocca.org.nz/mediawiki/index.php/File:Nightly-1119.war OTE# cp Nightly-1119.war /opt/cocca-8/production/ROOT.war OTE# /etc/init.d/cocca restart
8- Test the login to your Registry after last update. if it is ok then please repeat step 7 until you reach last verion.
Upgrade CoCCA Components (postgresql, JAVA. resin, CoCCA SRS) using last installer
The most important step is the postgresql upgrade, which will take most of time to backup and import database. To upgrade the postgresql-9.3 to postgresql-9.4 we need to follow the follwoing steps:
1 - first backup the current databases, we should sure your database is not being updated.
# cd /opt/cocca-8/postgresql/bin/
# PGPASSWORD='YOUR_POSTGRES_PASSWORD' ./pg_dumpall -U postgres > /opt/db.registry.psql
2 - stop your postgresql 9.3 server
# /etc/init.d/cocca stop
3 - restoring from backup, rename the old installation directory, in case you have trouble and need to revert to it.
# mv /opt/cocca-8 /opt/cocca-8.old ,mv /etc/init.d/cocca
4 - Install the new installer
# wget https://wiki.cocca.org.nz/mediawiki/images/d/d6/Cocca-8-linux-x64-installer.run
# chmod +x Cocca-x64-installer.run
5- Stop New CoCCA installation
#/etc/init.d/cocca stop
6- Restore your previous pg_hba.conf and any postgresql.conf , resin.xml, Keys.
# mv /opt/cocca-8/postgresql/data/pg_hba.conf /opt/cocca-8/postgresql/data/pg_hba.conf.orgi
# cp /opt/cocca-8.old/postgresql/data/pg_hba.conf /opt/cocca-8/postgresql/data/pg_hba.conf
# mv /opt/cocca-8/postgresql/data/postgresql.conf /opt/cocca-8/postgresql/data/postgresql.conf.orgi
# cp /opt/cocca-8.old/postgresql/data/postgresql.conf /opt/cocca-8/postgresql/data/postgresql.conf
# mv /opt/cocca-8/resin/conf/resin.xml /opt/cocca-8/resin/conf/resin.xml.orgi
# cp /opt/cocca-8.old/resin/conf/resin.xml /opt/cocca-8/resin/conf/resin.xml
# mv /opt/cocca-8/keys /opt/cocca-8/keys.old
# cp -r /opt/cocca-8.old/keys /opt/cocca-8/
# chown -R postgres:postgres /opt/cocca-8/postgresql/data
7- Start the new PostgreSql DB installation
# /opt/cocca-8/postgresql/scripts/ctl.sh start
8- Finally, restore your data from backup with
# /opt/cocca-8/postgresql/bin/psql -U postgres
# DROP database registry
# CREATE database registry
# \q
# /opt/cocca-8/postgresql/bin/psql -U postgres -f /PATH to/db.registry.psql
The final step is the database import which will take time depend on the Database size, after database imported successfully you can restart new Installation /etc/init.d/cocca restart , then go to Registry GUI via browser.
Upgrade Upgrade CoCCA Components (postgresql, JAVA) manually without using installer
If you do not like to use the installer, you can upgrade every component alone without use the CoCCA Installer, in this section we will explain how you can upgrade the main Registry component manually, and we will see how to upgrade postgresql and java.
UPGRADE postgresql-9.x.x to postgresql-9.6.1
To upgrade the postgresql-9.x.x to postgresql-9.6.1 we need to follow the follwoing steps:
1 - first backup the current database, we should sure our database is not being updated.
# cd /opt/cocca-8/postgresql/bin/
# ./pg_dump -U postgres registry >/opt/db.registry.psql
2 - stop your postgresql 9.x.x server
# /opt/cocca-8/postgresql/scripts/ctl.sh stop
3 - restoring from backup, rename the old installation directory, in case you have trouble and need to revert to it.
# mv /opt/cocca-8/postgresql /opt/cocca-8/postgresql.old
4 - Install the new version of PostgreSQL 9.6.0 as the following steps:
# yum install gcc readline-devel zlib-devel
# mkdir /opt/cocca-8/postgresql
# cd /opt/cocca-8/
# wget http://ftp.postgresql.org/pub/source/v9.6.1/postgresql-9.6.1.tar.gz
# tar xvfz postgresql-9.6.1.tar.gz
# cd postgresql-9.6.1
# ./configure --prefix=/opt/cocca-8/postgresql
# make
# make install
5 - Create a new database at new PostgreSQL installation
# cd /opt/cocca-8/postgresql
# mkdir data
# chown -R postgres:postgres ../postgresql
# ls -ld data
# su - postgres
# /opt/cocca-8/postgresql/bin/initdb -D /opt/cocca-8/postgresql/data/
6 - Run New PostgreSQL installation
# touch /opt/cocca-8/postgresql/postgresq.log
# /opt/cocca-8/postgresql/bin/pg_ctl -D /opt/cocca-8/postgresql/data/ -l /opt/cocca-8/postgresql/postgresq.log start
# /opt/cocca-8/postgresql/bin/psql -U postgres
# ALTER USER postgres WITH PASSWORD '<newpassword>';
7 - You can use the new generated postgresql.conf and pg_hba.conf files so you need to configure the buffer and cache memory in postgresq.conf file and
reconfigure pg_hba.conf to allow connection from local host using MD5 password, OR you can restore your previous pg_hba.conf and any postgresql.conf
(recommended if you configure replication or specific config), or edit new pg_hba.conf to allow postgres user login with password.
Note:
You should change the default parameters for postgresql.conf for (shared_buffers, effective_cache_size, checkpoint_segments, ..)
# /opt/cocca-8/postgresql/data/pg_hba.conf
change the following lines from :
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
It should be :
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
8- Finally, restore your data from backup with
# /opt/cocca-8/postgresql/bin/psql -U postgres
#CREATE database registry;
# \q
# /opt/cocca-8/postgresql/bin/psql -U postgres -f /opt/db.registry.psql
9- after import Database successfully you need to copy the script folder from old postgresql installation to new one then start CoCCA
# cp -r /opt/cocca-8/postgresql.old/scripts /opt/cocca-8/postgresql/
# /etc/init.d/cocca restart
UPDATE JAVA
NOTE: If updating to JDK 8u60 or greater you need to remove reference to cipher-suite from /opt/cocca-8/resin/conf/resin.xml
Around line 156, in resin.xml look for and delete <cipher-suites>SSL_RSA_WITH_RC4_128_MD5..,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</cipher-suites>
NOTE: if you upgrade from java 1.7 or order do not forget to check the javac option in resin.xml file and it should be as the following:
<javac compiler="internal" args="-source 1.8"/>
1- Stop resin Server
# /opt/cocca-8/ctlscript.sh stop # cd /opt/cocca-8/ # mv /opt/cocca-8/java /opt/cocca-8/java.old
2- Install JAVA 8 from source code
# wget --no-cookies --no-check-certificate --header "Cookie: oraclelicense=accept-securebackup-cookie" "http://download.oracle.com/otn-pub/java/jdk/8u161-b12/2f38c3b165be4555a1fa6e98c45e0808/jdk-8u161-linux-x64.tar.gz" # tar -xzvf jdk-8u161-linux-x64.tar.gz # mv jdk1.8.0_161 /opt/cocca-8/java # If you have more than java version installed into your OS then follow the following instructions: # alternatives --install /usr/bin/java java /opt/cocca-8/java/bin/java 2 # alternatives --config java # alternatives --install /usr/bin/jar jar /opt/cocca-8/java/bin/jar 2 # alternatives --install /usr/bin/javac javac /opt/cocca-8/java/bin/javac 2 # alternatives --set jar /opt/cocca-8/java/bin/jar # alternatives --set javac /opt/cocca-8/java/bin/javac # java -version # export JAVA_opt=/opt/cocca-8/java;export JRE_opt=/opt/cocca-8/java/jre;export PATH=$PATH:/opt/cocca-8/java/bin:/opt/cocca-8/jre/bin #
3- start your resin server
# /opt/cocca-8/ctlscript.sh start
Notice :
after UPGRADE resin to 4.0.42, do not forget to update JDBC driver.
