Nonsequential FIPS database upgrades
As of Vertica 10.1.1, FIPS support has been reinstated. Prior to this, the last version to support FIPS was Vertica 9.2.x. Vertica upgrades are typically sequential, but if you are upgrading from 9.2.x and want to maintain your FIPS certification, you must first perform a direct, nonsequential upgrade from 9.2.x to 10.1.1 before performing the standard sequential upgrades from 10.1.1 to 11.1.x.
The following procedure performs a direct upgrade from Vertica 9.2.x running on RHEL 6.x to Vertica 10.1.1 on RHEL 8.1.
Important
If you have any questions or want additional guidance for performing this upgrade, contact Vertica Support.-
Create a full backup of your Vertica 9.2.x database. This example uses the configuration file
fullRestore.ini
.$ vbr --config-file=/tmp/fullRestore.ini -t init $ vbr --config-file=/tmp/fullRestore.ini -t backup
[Transmission] concurrency_backup = 1 port_rsync = 50000 encrypt = False serviceAccessPass = rsyncpw hardLinkLocal = False checksum = False total_bwlimit_restore = 0 serviceAccessUser = rsyncuser total_bwlimit_backup = 0 concurrency_restore = 1 [Misc] snapshotName = full_restore restorePointLimit = 1 retryDelay = 1 objects = retryCount = 0 tempDir = /tmp/vbr [Mapping] v_fips_db_node0001 = 198.51.100.0:/home/release/backup/ v_fips_db_node0002 = 198.51.100.1:/home/release/backup/ v_fips_db_node0003 = 198.51.100.2:/home/release/backup/ [Database] dbPort = 5433 dbPromptForPassword = False dbUser = dbPassword = dbName = fips_db
-
Shut down the database gracefully. Do not start the database until instructed.
-
Acquire a RHEL 8.1 cluster with one of the following methods:
- Upgrade in place
- Reimage your machines
- Use a completely different RHEL 8.1 cluster
-
Enable FIPS on your RHEL 8.1 machines and reboot.
$ fips-mode-setup --enable
-
Install Vertica 10.1.1 on the RHEL 8.1 cluster.
$ install_vertica --hosts node0001, node0002, node0003 \ --rpm /tmp/vertica-10.1.1-0/x86_64.RHEL8.rpm
-
If you acquired your RHEL 8.1 cluster by reimaging or using a different cluster, you must restore your database.
$ vbr -c /tmp/fullRestore.ini -t restore
If you encounter the following warning, you can safely ignore it.
Warning: Vertica versions do not match: v9.2.1-xx -> v10.1.1-xxxxxxxx. This operation may not be supported.
-
Start the Vertica 10.1.1 database to trigger the upgrade. This should be the first time you've started your database since shutting it down in step 2.
$ admintools -t start_db -d fips_db