Morpheus provides a very simple and convenient upgrade process. In most cases it is simply a matter of installing the new package on top of itself and reconfiguring the services.
All services except the morpheus-ui must be running during a reconfigure. The morpheus-ui also must be restarted or stopped and started during an upgrade. Failure to do so will result in errors.
Debian / Ubuntu¶
Simply download the latest package or request the latest package from your account service representative.
Then run the install process as follows:
sudo dpkg -i morpheus-appliance_x.x.x-1.amd64.deb sudo morpheus-ctl stop morpheus-ui sudo morpheus-ctl reconfigure sudo morpheus-ctl start morpheus-ui
This typically is enough to complete a full upgrade. Databases will automatically be migrated upon restart of the application and service version upgrades will automatically be applied.
CentOS / RHEL¶
Yum based package upgrades are a little different. In this case we want
to run a
rpm -U command as the package manager is slightly
sudo rpm -Uhv morpheus-appliance-x.x.x-1.x86_64.rpm sudo morpheus-ctl stop morpheus-ui sudo morpheus-ctl reconfigure sudo morpheus-ctl start morpheus-ui
Sometimes it may be necessary to restart all appliance services on the host. In order to do this simply type
sudo morpheus-ctl restart. This will restart ALL services.
Import Trusted Certificates¶
The following applies if you are upgrading and have modified the java keystore.
Steps to import trusted certificates to Morpheus after an upgrade.
Obtain the full SSL certificate chain in PEM format.
Copy them to each appliance and place them in the
Run morpheus-ctl reconfigure on each appliance, note you don’t need to stop Morpheus before you run this.
Run the following command as root:
Run the following command for each certificate in the chain, adjusting the file and alias name as needed. Answer yes for the root certificate when asked it you want to trust it.
/opt/morpheus/embedded/java/bin/keytool -import -keystore /opt/morpheus/embedded/java/lib/security/cacerts -trustcacerts -file /etc/morpheus/ssl/trusted_certs/root_ca.pem -alias some_alias -storepass changeit
Verify by running:
openssl s_client -connect host:port -showcerts -tls1_2``
You should get an output similar to:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 5D9E820E4FF2A73A9977BA663E6029AA5415FEE85F49D8B1E541F5997C8E1FB2 Session-ID-ctx: Master-Key: 29EEC2E7750C659AECB9942902D9A87B824E571522812B718420FC08F8D2ACE68CB16EC812A7D90B12A86D1970FFD81C Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1547219217 Timeout : 7200 (sec) Verify return code: 0 (ok) #<----------------
If the certificates are installed correctly you should see
Verify return code: 0 (ok). If they were not installed correctly then you will see a return similar to:
Verify return code: 21 (unable to verify the first certificate)
Repeat for all App Nodes
Morpheus UI war files¶
Pre-release or patched versions of the Morpheus UI are sometimes provided. To deploy the ui war on a Morpheus Appliance:
Download the war file to the target appliance
If the war file is provided via a droplr link, ensure a
+is added to end of droplr url or the file will not download
Backup current war file
sudo mv /opt/morpheus/lib/morpheus/morpheus-ui.war /opt/morpheus/lib/morpheus/morpheus-ui.bak.`date +"%m-%d-%Y"`
Move and rename new war file
sudo mv <file> /opt/morpheus/lib/morpheus/morpheus-ui.war
Ensure war is owned by
sudo chown morpheus-app.morpheus-app /opt/morpheus/lib/morpheus/morpheus-ui.war
Restart the Morpheus UI
sudo morpheus-ctl restart morpheus-ui
The new ui war will load on startup!