Upgrading the on-premises gateway on Podman containers

This topic describes how to upgrade the BMC Helix Intelligent Integrations on-premises gateway on Podman containers.

 

Related topics

Upgrading-the-BMC-Helix-Intelligent-Integrations-on-premises-gateway

Downloading-the-container-images-and-utility-files

Deploying-the-on-premises-gateway-on-Podman-containers

To prepare for the upgrade

  1. Review the system requirements and download  the container images and utility files.
  2. Back up the /<IIGateway_INSTALL_DIR>/hii/podman-compose.yaml file.
  3. (Required if you are upgrading to a version 25.3.x or later from a version earlier than 25.2.00) Back up the database:
    1. Create a temporary directory, dump:
      mkdir /tmp/dump
    2. Back up the database in the temporary directory:​​​​​
      podman exec -it swp-arangodb sh -c "arangodump --server.authentication false --all-databases true --overwrite true --dump-data true --output-directory /tmp/dump; tar -cvf /tmp/dump.tgz /tmp/dump"
    3. Copy the backed up files from the container to a temporary directory on the on-premises gateway host:
      podman cp swp-arangodb:/tmp/dump.tgz /tmp/
  4. Navigate to the /<IIGateway_INSTALL_DIR> directory and run the following command to archive the hii directory.tar -cvf hii.tar hii
  5. If you have customized the nginx.conf file before the upgrade, perform the following steps:
    1. Navigate to the /<IIGateway_INSTALL_DIR>/hii/conf directory.
    2. Back up the nginx.conf file to a temporary directory.
  6. If you are using BMC Helix IT Operations Management on premises and authentication is enabled for the on-premises gateway before the upgrade, perform the following tasks:
    1. Create the iig_auth directory under the <userHome> directory if it doesn't exist.
    2. Check whether the <userHome>/iig_auth directory contains the external.conf file. If the file is not present, copy it from the /<IIGateway_INSTALL_DIR>/hii/conf/authproxy directory to the iig_auth directory.
  7. If you are using the BMC Helix IT Operations Management on premises and you are enabling authentication for the on-premises gateway for the first time after upgrade, register the OAuth client. For more information, see Setting-up-authentication-for-the-on-premises-gateway.

Depending upon whether you are a Helix subscriber or you are using BMC Helix Operations Management on premises, start the upgrade process by performing one of the following tasks:

Task 1 (If you are a Helix subscriber): To upgrade the on-premises gateway on Podman containers

  1. Go to the server where you want to upgrade the on-premises gateway.
  2. Copy the following files that you have downloaded to the /<IIGateway_INSTALL_DIR> directory: 
    • Utility file: hii-bmc-<buildNumber>.zip
    • Container images:
      On-premises gateway versionFile nameDescriptionDownload required?
      25.3.01bmc-hii-docker-images-<buildNumber>.tgzContainer images for deploying the on-premises gatewayYes
      bmc-hii-tp-docker-images-<buildNumber>.tgz

      Container images for monitoring the on-premises gateway node and container health by using dashboards

      Yes, if you want to monitor the on-premises gateway

      Even if you don't obtain and load these images, you can continue monitoring the on-premises gateway instances by using events.

      25.3.00bmc-hii-docker-images-<buildNumber>.tgzContainer images for deploying the on-premises gatewayYes
      bmc-hii-tp-docker-images-<buildNumber>.tgz

      Container images for Grafana

      		Yes

       

  3. Perform the following steps to update the container images:

    1. Stop the podman-compose service:

      podman compose -f podman-compose.yaml down

    2. Navigate to the <IIGateway_INSTALL_DIR> directory, and depending on the on-premises gateway version to which you are upgrading, perform the following steps:

      VersionSteps
      25.3.01
      1. Load the container images to deploy the on-premises gateway:
        podman load --input bmc-hii-docker-images-<buildNumber>.tgz
      2. (Optional) Perform the following steps if you want to monitor the on-premises gateway node and container health by using dashboards:

        1. Untar the container images:
          tar -zxvf bmc-hii-tp-docker-images-<buildNumber>.tgz

        2. Load the container images:
          find ./bmc-hii-tp-docker-images-<VERSION> -type f -name "*.tgz" -exec podman load --input "{}" \;

      25.3.00

      1. Load the container images to deploy the on-premises gateway:
        podman load --input bmc-hii-docker-images-<buildNumber>.tgz
      2. Untar the container images for Grafana:
        tar -zxvf bmc-hii-tp-docker-images-<buildNumber>.tgz
      3. Load the container images for Grafana:
        podman load --input bmc-hii-tp-docker-images-<buildNumber>/hii-grafana.tgz
  4. Navigate to the /<IIGateway_INSTALL_DIR>/hii/defaults directory and delete the following files if they exist:
    • docker-compose.yaml_Rsso
    • podman-compose.yaml_Rsso
    • nginx.conf_Rsso

  5. Delete the data from the following location:

    sudo rm -rf /opt/bmc/hii/data/*
  6. Extract hii-bmc-<buildNumber>.zip and overwrite the existing files in the <IIGateway_INSTALL_DIR>/hii directory.
  7. Update the hii/conf/nginx.conf file for the port number:
    1. Open the hii/conf/nginx.conf file with a text editor.

    2. Comment the following line:

      listen 443 ssl

       

    3. Uncomment the following line:

      # listen 7443 ssl
  8. If you have customized the podman-compose.yaml file before the upgrade, copy the customizations to the corresponding sections in the podman-compose.yaml and and podman-compose-monitoring-services.yaml files in the /<IIGateway_INSTALL_DIR>/hii directory.
  9. If you plan to upgrade to the on-premises gateway for which authentication is enabled after the upgrade, configure the protocol to be used (defaults to HTTP) for authorization between the on-premises gateway and the Identity Management System (IMS), which is part of the BMC Helix platform:
    1. Navigate to the /<IIGateway_INSTALL_DIR>/hii directory.
    2. Open the podman-compose.yaml file by using a text editor.
    3. Locate the mediator > environment section and search for the USE_HTTPS_IMS_URL parameter.

    4. Set the parameter to one of the following values: 

      • true: The HTTPS protocol is used for communication.
      • false (default): The HTTP protocol is used for communication.
      Important (For version 25.3.00 only)

      Enclose the parameter value in double quotes, as shown in the following example:
      USE_HTTPS_IMS_URL: "false"

    5. Locate the backup > environment section and add the USE_HTTPS_IMS_URL parameter if it does not exist.

    6. Set the parameter to one of the following values: 

      • true: The HTTPS protocol is used for communication.
      • false (default): The HTTP protocol is used for communication.
      Important (For version 25.3.00 only)

      Enclose the parameter value in double quotes, as shown in the following example:
      USE_HTTPS_IMS_URL: "false"

    7. Save and close the file.
  10. If authentication is disabled for the on-premises gateway before the upgrade and you don't want to enable it after the upgrade, perform the following steps; otherwise, skip to step 10:
    1. If you have customized and backed up the nginx.conf file, as described in Before you begin, copy the customizations done in the file to the nginx_noauth.conf file in the <IIGateway_INSTALL_DIR>/hii/defaults directory.
    2. Navigate to the /<IIGateway_INSTALL_DIR>/hii/scripts directory.
    3. Run the gateway_deployment.sh script:./gateway_deployment.sh
    4. Enter podman when prompted for the deployment method.
    5. Enter n to deploy the on-premises gateway with authentication disabled.
      The on-premises gateway is upgraded, and authentication is disabled.
    6. Perform one of the following tasks:
      • (Version 25.3.01 and later only) Go to step 13 if you want to monitor the on-premises gateway node and container health by using dashboards.
      • Go to step 14 to verify that all containers are running.
  11. If authentication is disabled for the on-premises gateway before the upgrade, and you want to enable it for the first time after the upgrade, perform the following steps; otherwise, skip to step 11:
    1. Navigate to the /<IIGateway_INSTALL_DIR>/hii/scripts directory.

    2. Run the gateway_deployment.sh script:

      ./gateway_deployment.sh
    3. Enter podman when prompted for the deployment method.
    4. Enter y to upgrade to the on-premises gateway with authentication enabled.
    5. Enter the following information:

      • Access key and access secret key: Access key and secret key required to access the BMC Helix applications.
        For instructions about how to generate the access key and secret key, see Setting up access keys for programmatic access.

        Important

        The keys are generated in the following format: key:<access key>::<access secret key>,tenant id:<tenant ID>. Enter <access key> and <access secret key> as the values of access key and access secret key.

        The access key and access secret key must have the Administrators group and the Administrator role assigned.

      • Tenant Id: BMC Helix tenant ID.
        Copy the tenant ID from the access key (key:<access key>::<secret key>,tenant id: <tenant ID>).
      • Tenant URL: BMC Helix tenant URL.
        For example, https://swp-2021-1840-disceks1.abc.com .
      • Host name: Name of the server where you want to deploy the on-premises gateway.
        The on-premises gateway is upgraded, and authentication is enabled. Also, the cred.json, external.config, and nginx.conf configuration files are backed up in the /<userHome>/iig_auth directory.
    6. Perform one of the following tasks:
      • (Version 25.3.01 and later only) Go to step 13 if you want to monitor the on-premises gateway node and container health by using dashboards.
      • Go to step 14 to verify that all containers are running. 
  12. If authentication is enabled for the on-premises gateway before the upgrade and you want to keep it enabled after the upgrade, perform the following steps:
    1. (Skip this step if you don't want to update the OAuth client and register it again) To register the OAuth client, perform the following steps:
      1. Delete the <userHome>/iig_auth directory.
      2. Replace the /<IIGateway_INSTALL_DIR>/hii/scripts/cred.json file with the cred.json file extracted from /<IIGateway_INSTALL_DIR>/hii in step 6.
    2. Navigate to the /<IIGateway_INSTALL_DIR>/hii/scripts directory.

    3. Run the gateway_deployment.sh script:

      ./gateway_deployment.sh
    4. Enter podman when prompted for the deployment method.
    5. Enter y to upgrade to the on-premises gateway with authentication enabled.
      The on-premises gateway is upgraded, and authentication is enabled. The external.config, and nginx.conf configuration files are restored from the /<userHome>/iig_auth directory.
    6. If you have customized and backed up the nginx.conf file, as described in Before you begin, copy the customizations done in the file to the nginx.conf file in the <IIGateway_INSTALL_DIR>/hii/conf directory.

    7.  Locate the location /hii/api/mediator/v3/push section and copy the following lines to the nginx.conf file in the <IIGateway_INSTALL_DIR>/hii/conf directory after this section:#to get the standby status of node in HA setup.
          location /hii/api/mediator/v3/standbyStatus {
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Content-Type-Options: "nosniff" always;
            add_header Referrer-Policy: "strict-origin-when-cross-origin" always;
            add_header permissions-policy: "geolocation=(), camera=(), microphone=()" always;
            add_header Cache-Control "no-store, no-cache, must-revalidate, proxy-revalidate" always;
            add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
            add_header Content-Security-Policy: "default-src 'self' iddsqa1-uno.ade-labs.bmc.com:*;connect-src 'self' https://*.ontideway.com https://*.bmc.com https://*.onbmc.com https://*.aptrinsic.com col.eum-appdynamics.com iddsqa1-uno.ade-labs.bmc.com:*;font-src 'self' https://fonts.gstatic.com data: fonts.gstagic.com;img-src 'self' https://web-sdk.aptrinsic.com data: https://storage.googleapis.com https://docs.bmc.com;script-src 'self' 'nonce-gainsight' 'nonce-MjRkMTY2NjYtZWMxMC00YzIwLWFiZmMtNWM0OGRmMWEzMjY0' 'nonce-kQYIGaqXM3' *.aptrinsic.com cdn.appdynamics.com https://documents.bmc.com cdn.appdynamics.com 'nonce-Mzg5MmY4MjgtOWE1OC00OWNiLTkxZDctYjIzZWE4MWI4NzY0';style-src 'self' https://*.aptrinsic.com undefined https: 'unsafe-inline';worker-src blob: ;frame-src 'self' https://www.youtube.com;base-uri 'self';form-action 'self';frame-ancestors 'self';object-src 'none';script-src-attr 'none';upgrade-insecure-requests" always;
            proxy_pass http://swp-mediator:9000;
          }

    8. Perform one of the following tasks:
      • (Version 25.3.01 and later only) Go to step 13 if you want to monitor the on-premises gateway node and container health by using dashboards.
      • Go to step 14 to verify that all containers are running..
  13. (Optional, Version 25.3.01 and later only) Perform the following steps to monitor the on-premises gateway node and container health by using dashboards:​​​​
    1. Navigate to the /<IIGateway_INSTALL_DIR>/hii/scripts directory.
    2. Run the gateway_monitoring_services_deployment.sh script:
      ./gateway_monitoring_services_deployment.sh

    3. Enter podman when prompted for the deployment method.
      After the deployment starts, if you see the following warning, ignore it: 
      Found orphan containers (swp-arangodb, swp-mediator, swp-fluentd, swp-ui, kafka-1, swp-nginx, swp-backup, zookeeper-1)
      for this project. If you removed or renamed this service in your compose file, you can run this command
      with the --remove-orphans flag to clean it up.

  14. Verify that all containers are running.
    podman ps -a
    ​​​If any of the containers are in a restarting state due to permission issues, set the user context for that container. For more information, see Troubleshooting-the-BMC-Helix-Intelligent-Integrations-issues.
  15. (Required if you are upgrading to a version 25.3.x or later from a version earlier than 25.2.00) Restore the database from the backup by using the following commands:
    1. Copy the backed up files from the local host to the container:podman cp /tmp/dump.tgz swp-arangodb:/tmp/
    2. Restore the database:
      podman exec -it swp-arangodb sh -c "tar -xvf /tmp/dump.tgz -C /tmp/; arangorestore --server.authentication false --all-databases --create-database --input-directory /tmp/tmp/dump"

  16. Access the BMC Helix Intelligent Integrations UI by using the following URL: https://<hostName>:7443/swpui
    <hostName> is the fully-qualified domain name of the server where the on-premises gateway is deployed.
    For example,     https://ii-gateway-2021.abc.com:443/swpui.

    Important

    • After the upgrade is complete, you can access the BMC Helix Intelligent Integrations UI by using the URL specified in this step. BMC Helix Portal does not display any tile for the on-premises gateway. 
    • If you encounter an issue when accessing or using BMC Helix Intelligent Integrations, see Troubleshooting the BMC Helix Intelligent Integrations issues.

  17. (Optional) If the upgrade is successful, delete and purge the existing container images:
    podman image prune -a
    When prompted, enter     y to purge the images from the repository.

  18. Proceed to Task 2 to continue with the upgrade process. 

Task 1 (If you are using BMC Helix IT Operations Management on premises): To upgrade the on-premises gateway on Podman containers ​​​​​​

  1. Go to the server where you want to upgrade the on-premises gateway.
  2. Copy the following files that you have downloaded to the /<IIGateway_INSTALL_DIR> directory: 
    • Utility file: hii-bmc-<buildNumber>.zip
    • Container images: 
      On-premises gateway versionFile nameDescriptionDownload required?
      25.3.00bmc-hii-docker-images-<buildNumber>.tgzContainer images for deploying the on-premises gatewayYes
      bmc-hii-tp-docker-images-<buildNumber>.tgz

      Container images for Grafana

  3. Perform the following steps to update the container images:

    1. Stop the podman-compose service:

      podman compose -f podman-compose.yaml down

    2. Navigate to the <IIGateway_INSTALL_DIR> directory, and load the container images:

      1. Load the container images for the on-premises gateway:
        podman load --input bmc-hii-docker-images-<buildNumber>.tgz
      2. Untar the container images for Grafana:
        tar -zxvf bmc-hii-tp-docker-images-<buildNumber>.tgz
      3. Load the container images for Grafana:
        podman load --input bmc-hii-tp-docker-images-<buildNumber>/hii-grafana.tgz
  4. Navigate to the /opt/bmc/hii/defaults directory and delete the following files if they exist:
    • docker-compose.yaml_Rsso
    • podman-compose.yaml_Rsso
    • nginx.conf_Rsso

  5. Delete the data from the following location:

    ​sudo rm -rf /opt/bmc/hii/data/*​
  6. Extract hii-bmc-<buildNumber>.zip and overwrite the existing files in the <IIGateway_INSTALL_DIR>/hii directory.
  7. Update the hii/conf/nginx.conf file for the port number:
    1. Open the hii/conf/nginx.conf file with a text editor.

    2. Comment the following line:

      listen 443 ssl

       

    3. Uncomment the following line:

      # listen 7443 ssl
  8. If you have customized the podman-compose.yaml file before the upgrade, copy the customizations to the podman-compose.yaml file in the /<IIGateway_INSTALL_DIR>/hii directory.
  9.  If you plan to deploy the on-premises gateway for which authentication is enabled after the deployment, configure the protocol to be used (defaults to HTTP) for authorization between the on-premises gateway and the Identity Management System (IMS), which is part of the BMC Helix platform:
    1. Navigate to the /<IIGateway_INSTALL_DIR>/hii directory.
    2. Open the podman-compose.yaml file by using a text editor.
    3. Locate the mediator > environment section and search for the USE_HTTPS_IMS_URL parameter.

    4. Set the parameter to one of the following values: 

      • true: The HTTPS protocol is used for communication.
      • false (default): The HTTP protocol is used for communication.
      Important (For version 25.3.00 only)

      Enclose the parameter value in double quotes, as shown in the following example:
      USE_HTTPS_IMS_URL: "false"

    5. Locate the backup > environment section and add the USE_HTTPS_IMS_URL parameter if it does not exist.

    6. Set the parameter to one of the following values:

      • true: The HTTPS protocol is used for communication.
      • false (default): The HTTP protocol is used for communication.
      Important (For version 25.3.00 only)

      Enclose the parameter value in double quotes, as shown in the following example:
      USE_HTTPS_IMS_URL: "false"

    7. Save and close the file.
  10. If authentication is disabled for the on-premises gateway before the upgrade and you don't want to enable it after the upgrade, perform the following steps; otherwise, skip to step 11:
    1. If you have backed up the nginx.conf file, as described in Before you begin, copy the customizations done in the file to the nginx_noauth.conf file in the <IIGateway_INSTALL_DIR>/hii/defaults directory.
    2. Navigate to the /<IIGateway_INSTALL_DIR>/hii/scripts directory.

    3. Run the gateway_deployment.sh script:

      ./gateway_deployment.sh

       

    4. Enter docker when prompted for the deployment method.
    5. Enter n to deploy the on-premises gateway with authentication disabled.
      The on-premises gateway is upgraded, and authentication is disabled.
    6. Go to step 13 to verify that all containers are running
  11. If authentication is disabled for the on-premises gateway before the upgrade, and you want to enable it for the first time after the upgrade, perform the following steps; otherwise, skip to step 12:
    1. Perform the following steps to update the BMC Helix SSO configuration for Auth Proxy:
      1. Navigate to the <IIGATEWAY_INSTALL_DIR>/hii/conf/authproxy directory and open the external.conf file with a text editor.
      2. Update the file:
        • Search for the rsso_external_url and rsso_internal_url parameters and replace {RSSO_URL} with the OpenID Connect Issuer URL.
        • Search for the client_id parameter and replace {RSSO_CLIENT_ID} with the Client ID that you saved in a file while registering the OAuth client.
        • Search for the client_secret parameter and replace {RSSO_CLIENT_SECRET} with the Client Secret that you saved in a file while registering the OAuth client.
        • Locate the proxies section, and replace {TENANT_URL} with the BMC Helix tenant URL. For example, https://swp-2021-1840-disceks1.abc.com.
      3. Save the file.
    2. Perform the following steps to update the neo.feature.flags.auth-enabled parameter:
      1. Navigate to the /<IIGateway_INSTALL_DIR>/hii/conf  directory.
      2. Open the swp.conf file with a text editor.
      3. Set the value of the neo.feature.flags.auth-enabled parameter to true.
      4. Save the file.

    3. Start the podman-compose service:

      podman compose -f podman-compose.yaml up -d
    4. Go to step 13 to verify that that all containers are running.
  12. If authentication is enabled for the on-premises gateway before the upgrade and you want to continue with authentication after the upgrade, perform the following steps:
    1. Perform the following steps to update the neo.feature.flags.auth-enabled parameter:
      1. Navigate to the /<IIGateway_INSTALL_DIR>/hii/conf directory.
      2. Open the swp.conf file with a text editor.
      3. Set the value of the neo.feature.flags.auth-enabled parameter to true.
      4. Save the file.
    2. If you have customized and backed up the nginx.conf file, as described in Before you begin, copy the customizations done in the file to the nginx.conf file in the <IIGateway_INSTALL_DIR>/hii/conf directory..
    3. Copy the external.conf file from the <userHome>/iig_auth directory to the /<IIGateway_INSTALL_DIR>/hii/conf/authproxy directory.

    4. Start the podman-compose service:

      podman compose -f podman-compose.yaml up -d
    5. Go to step 13 to verify that all containers are running.
  13. Verify that all containers are running.
    podman ps -a
    If any of the containers are in a restarting state due to permission issues, set the user context for that container. For more information, see Troubleshooting-the-BMC-Helix-Intelligent-Integrations-issues.
  14. (Required if you are upgrading to a version 25.3.x or later from a version earlier than 25.2.00) Restore the database from the backup by using the following commands:
    1. Copy the backed up files from the local host to the container:podman cp /tmp/dump.tgz swp-arangodb:/tmp/
    2. Restore the database:
      podman exec -it swp-arangodb sh -c "tar -xvf /tmp/dump.tgz -C /tmp/; arangorestore --server.authentication false --all-databases --create-database --input-directory /tmp/tmp/dump"

  15. Access the BMC Helix Intelligent Integrations UI by using the following URL: https://<hostName>:7443/swpui
    <hostName> is the fully-qualified domain name of the server where the on-premises gateway is deployed.
    For example,     https://ii-gateway-2021.abc.com:443/swpui.
     

    Important

    • After the upgrade is complete, you can access the BMC Helix Intelligent Integrations UI by using the URL specified in this step. BMC Helix Portal does not display any tile for the on-premises gateway. 
    • If you encounter an issue when accessing or using BMC Helix Intelligent Integrations, see Troubleshooting the BMC Helix Intelligent Integrations issues.

  16. (Optional) If the upgrade is successful, delete and purge the existing container images:

    podman image prune -a

    When prompted, enter y to purge the previous version images from the repository. 

  17. Proceed to Task 2 to continue with the upgrade process.
      

Task 2: To import SSL certificates into on-premises gateway

Important

Make sure that the version of the keytool utility installed on the on-premises gateway host matches the version available in the swp-authproxy container.

  1. Obtain the SSL certificates from the BMC Helix platform deployment which the on-premises gateway is part of and save them in the <IIGateway_INSTALL_DIR>hii/conf directory.

  2. Copy the cacerts file present in the swp-mediator container at /opt/java/lib/security to the /<IIGateway_INSTALL_DIR>/hii/conf/certs directory by using the following command:

    podman cp swp-mediator:/opt/java/lib/security/cacerts /<IIGateway_INSTALL_DIR>hii/conf/certs/cacerts_mediator

  3. (If authentication is enabled for the on-premises gateway) Copy the cacerts file present in the swp-authproxy container at /opt/java/openjdk/lib/security to the /<IIGateway_INSTALL_DIR>/hii/conf/certs directory by using the following command:

    podman cp swp-authproxy:/opt/java/openjdk/lib/security/cacerts /<IIGateway_INSTALL_DIR>hii/conf/certs/cacerts_authproxy
  4. Navigate to the /<IIGateway_INSTALL_DIR> /hii/conf/certs folder.
  5. Import the certificates into the copied files by using the keytool utility.

    1. Import the certificates into the cacerts_mediator file by using the following command:

      keytool -importcert -file <certificate_name> -keystore cacerts_mediator -alias <alias_name>

      Replace the certificate_name with the certificate name that you obtained from the BMC Helix platform deployment.

    2. (If authentication is enabled for the on-premises gateway) Import the certificates into the cacerts_authproxy file by using the following command:

      keytool -importcert -file <certificate_name> -keystore cacerts_authproxy -alias <alias_name>

      Replace the certificate_name with the certificate name that you obtained from the BMC Helix platform deployment.

  6. Open the /<IIGateway_INSTALL_DIR> /hii/podman -compose.yaml file with a text editor:
  7. Update the file: 

    1. Search for the  mediator  section and add the following line to the  volumes section:

      - ./conf/certs/cacerts_mediator:/opt/java/lib/security/cacerts

    2. (If authentication is enabled for the on-premises gateway) Search for the authproxy section and add the following line to the volumes section:

      - ./conf/certs/cacerts_authproxy:/opt/java/openjdk/lib/security/cacerts
  8. Save and close the file.

  9. Restart the podman service by using the following commands:

    podman-compose -f podman-compose.yaml down
    podman-compose -f podman-compose.yaml up -d

Task 3: To edit the connector in BMC Helix Intelligent Integrations

If there are any updates in the connector configuration during upgrade, the existing connector instances are not updated automatically after upgrade. You need to either create a new connector instance or stop the existing data stream and create a new data stream.

For the list of updates in various connectors in version 25.1, see 25-1-enhancements-and-patches. For information about editing an existing connector for data streams, see Editing-and-deleting-integrations and Starting-or-stopping-data-streams.

Task 4: To update the collector URL in the third-party products

If you have switched authentication for the on-premises gateway during upgrade, perform the following steps to update the collector URL in the third-party product (for example, Entuity) from which you are collecting data:

  1. Access the BMC Helix Intelligent Integrations UI by using the following URL:
    https://<hostName>:443/swpui
    <hostName> is the fully-qualified domain name of the server where the on-premises gateway is deployed.
  2. On the SOURCES panel, click Configure Mediator ConfigureMediator_icon.pngfor the source connection that you created and then expand the < thirdPartyProduct Datatype> panel .
  3. On the COLLECTOR CONFIGURATION tab, click copy copy_URL.pngto copy the existing, auto-generated collector URL and save the URL in a temporary file.
     For example, https://hostA/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdf?token=API-KEY .
  4. Depending on whether authentication is enabled or disabled for the on-premises gateway, perform the following steps:
    • If authentication is enabled, perform the following steps:

      1. Log on to BMC Helix Portal and generate an access key.
        For instructions about how to generate the access key, see Setting up access keys for programmatic access

      2. Copy the generated access key and save it in a temporary file.
        The key is generated in the format:<accessKey>::<secretKey>::<tenantID>.
        For example, Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB::385261281.
      3. Change the format of the access key to <tenantID>::<accessKey>::<secretKey>.
        For example, 385261281::Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB.
      4. In a temporary file, modify the auto-generated collector URL by replacing API-KEY with the access key that you formatted in the previous step.
        For example, https://host.ab.com/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdfd?token=385261281::Y40OSC49QZA11Q8A1H9H6::MnVLk69TNyCEponsthHJ1Hj1uKcjTB .
    • If authentication is disabled, perform the following steps:
      1. Save the URL in a temporary file.
      2. Remove the following string from the collector URL: ?token=API-KEY
         The updated collector URL looks like the following example:
        https://hostA/hii/api/mediator/v3/push/9mn-6c97-4c2e-8pc5-12c0asdf  

Task 5: To configure the third-party products

Configure the third-party products again to forward data to BMC Helix Intelligent Integrations.
For the sample instructions to update the collector URL in a third-party product, see To configure a connection with Entuity for collecting incidents data.

To roll back the on-premises gateway upgrade

  1. Stop the podman-compose service:

    podman-compose -f podman-compose.yaml down

  2. Rename the /<IIGateway_INSTALL_DIR>/hii directory:

    mv hii hii_upgrade

    You might need the hii_upgrade directory for debugging. 

  3. If you have enabled authentication during the upgrade, navigate to the <userHome> directory and delete the iig_auth directory and any other directories or files created in this directory during the upgrade.

  4. Extract the backed up hii.tar:

    tar -xvf /<IIGateway_INSTALL_DIR>/hii.tar -C /<IIGateway_INSTALL_DIR>/
  5. Start the podman-compose service:podman-compose -f podman-compose.yaml up -d
  6. Access the BMC Helix Intelligent Integrations UI by using the following URL: https://<hostName>:443/swpui
    <hostName> is the fully-qualified domain name of the server where the on-premises gateway is deployed. 
    For example, https://swp-2021-1840-disceks1.abc.com:443/swpui.

Where to go from here

After the upgrade is complete, perform the following tasks:

If a problem occurs

Known-and-corrected-issues

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*