openstack/barbican
Code Issues Proposed changes
f3bec31d42
barbican/doc/source/admin/upgrade.rst
Andreas Jaeger b86d6b5660 move documentation into the new standard layout 
This change moves existing files.
It is not meant to be the final word on how the main page looks or how the
other files are organized, but it gets everything roughly into shape. If
the barbican team wants to make changes, please do those as follow-up patches.

Note this does not touch the api directory, this one needs to be
migrated to the api-ref.

This is part of the docs migration work for Pike.

Change-Id: Ibb9d971806964ac185882272514ee9563089d69d
2017-06-30 20:12:52 +02:00

2.2 KiB
Raw Blame History

Key Manager Service Upgrade Guide

This document outlines several steps and notes for operators to reference when upgrading their barbican from previous versions of OpenStack.

Plan to Upgrade

  • The release notes should be read carefully before upgrading the barbican services. Starting with the Mitaka release, specific upgrade steps and considerations are well-documented in the release notes.
  • Upgrades are only supported between sequential releases.
  • When upgrading barbican, the following steps should be followed:

    1. Destroy all barbican services

    2. Upgrade source code to the next release

    3. Upgrade barbican database to the next release

      barbican-db-manage upgrade

    4. Start barbican services

Upgrade from Newton to Ocata

The barbican-api-paste.ini configuration file for the paste pipeline was updated to add the http_proxy_to_wsgi middleware. It can be used to help barbican respond with the correct URL refs when its put behind a TLS proxy (such as HAProxy). This middleware is disabled by default, but can be enabled via a configuration option in the oslo_middleware group.

See Ocata release notes.

Upgrade from Mitaka to Newton

There are no extra instructions that should be noted for this upgrade.

See Newton release notes.

Upgrade from Liberty to Mitaka

The Metadata API requires an update to the Database Schema. Existing deployments that are being upgraded to Mitaka should use the barbican-manage utility to update the schema.

If you are upgrading from previous version of barbican that uses the PKCS#11 Cryptographic Plugin driver, you will need to run the migration script.

python barbican/cmd/pkcs11_migrate_kek_signatures.py

See Mitaka release notes.