Nonsequential FIPS database upgrades

As of Vertica 10.1.1, FIPS support has been reinstated.

As of Vertica 10.1.1, FIPS support has been reinstated. Prior to this, the last version to support FIPS was Vertica 9.2.x. If you are upgrading from 9.2.x and want to maintain your FIPS certification, you must first perform a direct upgrade from 9.2.x to 10.1.1 before performing further upgrades.

The following procedure performs a direct upgrade from Vertica 9.2.x running on RHEL 6.x to Vertica 10.1.1 on RHEL 8.1.

  1. Create a full backup of your Vertica 9.2.x database. This example uses the configuration file fullRestore.ini.

    $ vbr --config-file=/tmp/fullRestore.ini -t init
    $ vbr --config-file=/tmp/fullRestore.ini -t backup
    concurrency_backup = 1
    port_rsync = 50000
    encrypt = False
    serviceAccessPass = rsyncpw
    hardLinkLocal = False
    checksum = False
    total_bwlimit_restore = 0
    serviceAccessUser = rsyncuser
    total_bwlimit_backup = 0
    concurrency_restore = 1
    snapshotName = full_restore
    restorePointLimit = 1
    retryDelay = 1
    objects =
    retryCount = 0
    tempDir = /tmp/vbr
    v_fips_db_node0001 =
    v_fips_db_node0002 =
    v_fips_db_node0003 =
    dbPort = 5433
    dbPromptForPassword = False
    dbUser =
    dbPassword =
    dbName = fips_db
  2. Shut down the database gracefully. Do not start the database until instructed.

  3. Acquire a RHEL 8.1 cluster with one of the following methods:

    1. Upgrade in place
    2. Reimage your machines
    3. Use a completely different RHEL 8.1 cluster
  4. Enable FIPS on your RHEL 8.1 machines and reboot.

    $ fips-mode-setup --enable
  5. Install Vertica 10.1.1 on the RHEL 8.1 cluster.

    $ install_vertica --hosts node0001, node0002, node0003 \
        --rpm /tmp/vertica-10.1.1-0/x86_64.RHEL8.rpm
  6. If you acquired your RHEL 8.1 cluster by reimaging or using a different cluster, you must restore your database.

    $ vbr -c /tmp/fullRestore.ini -t restore

    If you encounter the following warning, you can safely ignore it.

    Warning: Vertica versions do not match: v9.2.1-xx -> v10.1.1-xxxxxxxx. This operation may not be supported.
  7. Start the Vertica 10.1.1 database to trigger the upgrade. This should be the first time you've started your database since shutting it down in step 2.

    $ admintools -t start_db -d fips_db