Nonsequential FIPS database upgrades

As of Vertica 10.1.1, FIPS support has been reinstated.

As of Vertica 10.1.1, FIPS support has been reinstated. Prior to this, the last version to support FIPS was Vertica 9.2.x. Vertica upgrades are typically sequential, but if you are upgrading from 9.2.x and want to maintain your FIPS certification, you must first perform a direct, nonsequential upgrade from 9.2.x to 10.1.1 before performing the standard sequential upgrades from 10.1.1 to 11.1.x.

The following procedure performs a direct upgrade from Vertica 9.2.x running on RHEL 6.x to Vertica 10.1.1 on RHEL 8.1.

  1. Create a full backup of your Vertica 9.2.x database. This example uses the configuration file fullRestore.ini.

    $ vbr --config-file=/tmp/fullRestore.ini -t init
    $ vbr --config-file=/tmp/fullRestore.ini -t backup
    
    [Transmission]
    concurrency_backup = 1
    port_rsync = 50000
    encrypt = False
    serviceAccessPass = rsyncpw
    hardLinkLocal = False
    checksum = False
    total_bwlimit_restore = 0
    serviceAccessUser = rsyncuser
    total_bwlimit_backup = 0
    concurrency_restore = 1
    
    [Misc]
    snapshotName = full_restore
    restorePointLimit = 1
    retryDelay = 1
    objects =
    retryCount = 0
    tempDir = /tmp/vbr
    
    [Mapping]
    v_fips_db_node0001 = 198.51.100.0:/home/release/backup/
    v_fips_db_node0002 = 198.51.100.1:/home/release/backup/
    v_fips_db_node0003 = 198.51.100.2:/home/release/backup/
    
    [Database]
    dbPort = 5433
    dbPromptForPassword = False
    dbUser =
    dbPassword =
    dbName = fips_db
    
  2. Shut down the database gracefully. Do not start the database until instructed.

  3. Acquire a RHEL 8.1 cluster with one of the following methods:

    1. Upgrade in place
    2. Reimage your machines
    3. Use a completely different RHEL 8.1 cluster
  4. Enable FIPS on your RHEL 8.1 machines and reboot.

    $ fips-mode-setup --enable
    
  5. Install Vertica 10.1.1 on the RHEL 8.1 cluster.

    $ install_vertica --hosts node0001, node0002, node0003 \
        --rpm /tmp/vertica-10.1.1-0/x86_64.RHEL8.rpm
    
  6. If you acquired your RHEL 8.1 cluster by reimaging or using a different cluster, you must restore your database.

    $ vbr -c /tmp/fullRestore.ini -t restore
    

    If you encounter the following warning, you can safely ignore it.

    Warning: Vertica versions do not match: v9.2.1-xx -> v10.1.1-xxxxxxxx. This operation may not be supported.
    
  7. Start the Vertica 10.1.1 database to trigger the upgrade. This should be the first time you've started your database since shutting it down in step 2.

    $ admintools -t start_db -d fips_db