Skip to main content

Restoring Key Manager to a Pre-Upgrade State

In scenarios where Key Manager stops functioning due to a failed system upgrade, you can salvage the system by restoring Key Manager to a pre-upgrade state. This involves replacing any post-upgrade versions of Key Manager packages with packages from the pre-upgrade version, and rolling back the database.

In order to restore the Key Manager system, you must have the following:

  • A backup of the Key Manager Database taken before Key Manager upgrade.

  • Backups of Key Manager Server settings files taken before Key Manager upgrade.

  • Key Manager installation package that contains the product and support packages of the pre-upgrade Key Manager version.

  • Key Manager installation package that contains the product and support packages of the post-upgrade Key Manager version.

To restore Key Manager to its pre-upgrade state:

  1. Post-upgrade Key Manager packages must be uninstalled before they are replaced with pre-upgrade packages. On all the Key Manager Servers, remove the Key Manager Server and related packages. Instructions for doing this are provided in Uninstalling the Key Manager Server.

    Key Manager agents must be reverted to the previously-installed versions. If you have upgraded Key Manager agents, these must be removed according to the instructions in Uninstalling Key Manager agents. Installation of pre-upgrade Key Manager agents is performed in a later step.

  2. Roll back the Key Manager Database. For instructions about rolling back the database, please consult the documentation provided by your database vendor.

    You must roll back the Key Manager Database to a point in time before the Key Manager upgrade. This is because Key Manager upgrades introduce database changes that are not compatible with earlier versions of Key Manager. Note that any information gathered by Key Manager after the backup cannot be restored to the Key Manager system.

  3. Install the pre-upgrade versions of Key Manager packages. Instructions for doing this can be found in the PrivX Key Manager Installation Manual provided with the previous version of Key Manager.

    When you are setting up the pre-upgrade version of Key Manager Servers, do not run ssh-mgr-setup to configure the system. You must instead restore the pre-upgrade system configuration. This is done by restoring the pre-upgrade backups of the following files:

    • Environment variables /etc/sysconfig/sshmgr

    • Local settings /opt/sshmgr/app/localsettings.py

    • Settings file /opt/sshmgr/app/settings.py

    • Web-server-configuration file /etc/nginx/sites-available/sshmgr (Key Manager front ends only)

    • Any other Key Manager Server files with custom changes

    • Custom-plugin files

      note

      Key Manager automatically backed up some of the pre-upgrade files during the Key Manager Server rpm-package upgrade. You may choose to restore these files instead of any respective manual backups. Automatically backed-up files can be found in the following locations:

      • Local settings: /opt/sshmgr/app/localsettings.py.rpmsave
      • Web-server-configuration file: /etc/nginx/sites-available/sshmgr.rpmsave

  4. Restore any Key Manager Server files with custom modifications. Also restore your Key Manager custom-plugin files to their former locations.

  5. Restart the Key Manager services to complete system restoration. On Key Manager front ends, also restart the Nginx web server to apply the restored web-server configurations.

  6. If you had to uninstall post-upgrade versions of Key Manager agents from any hosts, install the pre-upgrade versions of Key Manager agents on those hosts. Key Manager agent installation instructions are provided in the pre-upgrade version of the PrivX Key Manager Installation Manual.