Fortanix Data Security Manager Software Upgrade

1.0 Introduction

Welcome to the Fortanix-Data-Security-Manager (DSM) Upgrade Guide. This article contains detailed steps to upgrade Fortanix DSM to latest version available.

1.1 Intended Audience

This guide is intended to be used by technical stakeholders of Fortanix DSM who will be responsible for planning and performing the upgrade or maintaining the DSM cluster.

2.0 Prerequisites

Ensure the following:

• A user with a system administrator role in Fortanix DSM.

• A user with a shell administrator role in Fortanix DSM, if you are running the pre-checks.

3.0 Fortanix DSM Pre-Upgrade Checks

For pre-upgrade checks before performing the DSM software upgrade, refer to one of the following guides:

• For manual pre-checks, refer to Fortanix DSM Software Upgrade Manual Prechecks guide.

• For automated pre-checks using Sensu, refer to Fortanix DSM Software Automatic Prechecks guide using Sensu.

4.0 Fortanix DSM Upgrade Steps

Perform the following steps to upgrade the Fortanix DSM when a new software version is available:

1. Log in to the Fortanix DSM user interface (UI) using valid credentials.

2. Navigate to the System Administration account.

   

   NOTE

   It is recommended to run a manual backup and suspend the cron jobs before initiating the upgrade.

3. Click the SOFTWARE UPDATE menu item in the DSM left navigation bar.

   

4. On the UPDATE SOFTWARE tab, upload the package using one of the following ways depending on the network connectivity :

   1. Online Cluster: If the cluster is connected to the internet, enter the URL of the target version from here to upload the package to the cluster. This distributes the package to all the nodes in the cluster.

   2. Offline Cluster: If the cluster is not connected to the internet, first download the package to a server with cluster access. Then, click the Upload New Software button to upload the package to the cluster.

   

5. After the cluster downloads and distributes the package, the status appears as “Staged” on the left side of the screen, and the INSTALL button becomes active.

   

6. Click the INSTALL button. A prompt will appear to confirm the installation. Click Install again to proceed.

7. Run the following command on one of the nodes (CLI) to view the installation progress:

   watch sudo kubectl get pods,nodes -o wide

   

8. When the deploy pod in the pod list reaches the COMPLETED status, the FINISH button becomes enabled. Click FINISH, and the Fortanix DSM UI updates to display the latest software version as DEPLOYED.

9. Alternatively, run the following command on one of the nodes in the cluster to check the version deployed:

   cat /etc/fortanix/sdkms_version/sdkms_version

   NOTE

   Ensure to re-enable the cron jobs after completing the upgrade.

5.0 Fortanix DSM DR Node Upgrade Steps

The Disaster Recovery (DR) node upgrade process for Fortanix DSM consists of steps to update the DR node with the latest software and reintegrate it into the cluster. This process maintains the security and functionality of your DSM infrastructure.

Perform the following steps to upgrade a DR node:

1. Run the following command to remove and clean up the existing DSM software on the DR node:

   /opt/fortanix/sdkms/bin/sdkms_cleanup.sh

   NOTE

   DR node cleanup  must be performed,  after the main or primary cluster has been successfully upgraded.

2. After cleaning up the existing DSM software, install the new DSM package to prepare the DR node for the upgrade.

3. Run the following command on any node within the primary cluster to generate a token that the DR node will use to join the cluster:

    kubeadm token create

4. Run the following command to add the DR node to the primary cluster, using the token generated in Step 3:

   sdkms-cluster join --peer=ip_address –token= --self=self_ip_address

5. Run the following command to remove the DR node from the cluster once it has successfully joined:

   sdkms-cluster remove --force --node nodename