Post upgrade steps for upgrading to 2023.2 from 2023.1.x
Deploying Zookeeper
If you have upgraded to Kyvos 2023.2, you must redeploy the Zookeeper using the Zookeeper configuration page in Kyvos Manager to switch to the latest version of Zookeeper. This is necessary for cloud deployments (AWS, GCP, and Azure) and on-prem deployments to remove the previous version of Zookeeper.
To upgrade to the latest version, switching to managed Zookeeper is mandatory.
If you are upgrading both Kyvos Manager and Kyvos using either the single click upgrade or the All components upgrade, you must redeploy Zookeeper after upgrading Kyvos Manager.
You must restart Kyvos services once the redeployment of Zookeeper has been completed.
Upgrade Graviton JRE for AWS cluster
To upgrade Kyvos, perform the following post-upgrade steps.
Navigate to the following Kyvos path:
/data/kyvos/installs/kyvosmanager_war/kyvosmanagerdata/server/repoExecute the following command to download JRE 8.372.07.1
curl -o manual_node_creation_graviton_prereq.tar.gz https://s3.amazonaws.com/us-east-1.kyvos/2023.2/latest/prereq/manual_node_creation_graviton_prereq.tar.gzUntar the Kyvos2023.2_Build000x_ux64.tar.gz tar file at the above location. The kyvos folder is extracted.
Navigate to the kyvos folder and delete the existing jre folder, and copy the downloaded JRE (refer to step 2).
Rename the Kyvos2023.2_Build000x_ux64.tar.gz tar file to Kyvos2023.2_Build000x_ux64_old.tar.gz
Create a new tar in the kyvos folder by executing the following command:
tar -cvzf Kyvos2023.2_Build000x_ux64.tar.gz kyvos/Go to Kyvos Manager, navigate to the Upgrade page, and then upgrade Kyvos.
Post upgrade IAM policies to use resource scaling
Case 1
To upgrade from Kyvos 2023.1.1 to Kyvos 2023.5, perform the following steps.
To increase or decrease BI Server or Query Engine nodes, following permissions need to be added in IAM roles:
{ "Sid": "LaunchTemplateAndTerminateInstances", "Effect": "Allow", "Action": [ "ec2:GetLaunchTemplateData", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/UsedBy": "Kyvos" } } }, { "Sid": "CreateLaunchTemplate", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateLaunchTemplate", "ec2:DeleteLaunchTemplate" ], "Resource": "*" }
The ‘CreateTags’ permission needs to be removed. Hence, to create a separate policy for creating tags. Replace the following existing policy.
"Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/UsedBy": "Kyvos" } }, "Action": [ "ec2:DeleteTags", "ec2:CreateTags", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Effect": "Allow", "Sid": "Ec2tagsPermissionKM" },
After replacing the policy mentioned in Step-2, update the following policy.
{ "Sid": "Ec2tagsPermissionKM", "Effect": "Allow", "Action": [ "ec2:DeleteTags", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/UsedBy": "Kyvos" } } }, { "Sid": "Ec2tagsPermissionKM2", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "*" }
Case 2
In case of upgrade from Kyvos 2023.2, 2023.3, 2023.4 to Kyvos 2023.5, perform the following steps.
To increase or decrease BI Server or Query Engine nodes, following permissions need to be added in IAM roles:
{ "Sid": "LaunchTemplateAndTerminateInstances", "Effect": "Allow", "Action": [ "ec2:GetLaunchTemplateData", "ec2:TerminateInstances" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/UsedBy": "Kyvos" } } }, { "Sid": "CreateLaunchTemplate", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateLaunchTemplate", "ec2:DeleteLaunchTemplate" ], "Resource": "*" }
The ‘CreateTags’ permission needs to be removed. Hence, to create a separate policy for creating tags. Replace the following existing policy.
{ "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/UsedBy": "Kyvos" } }, "Action": [ "ec2:DeleteTags", "ec2:CreateTags", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Effect": "Allow", "Sid": "Ec2tagsPermissionKM" },
After replacing the policy mentioned in Step-2, update the following policy.
{ "Sid": "Ec2tagsPermissionKM", "Effect": "Allow", "Action": [ "ec2:DeleteTags", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/UsedBy": "Kyvos" } } }, { "Sid": "Ec2tagsPermissionKM2", "Effect": "Allow", "Action": [ "ec2:CreateTags" ], "Resource": "*" }
Add a tag on all Query Engine and BI Server as cloudformation:stack-name and its value must be the stack name you provide.
Remove the following existing policy for a condition.
{ "Sid": "Ec2StartStopKyvos", "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:StartInstances", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/aws:cloudformation:stack-name": { "Fn::Sub": "${AWS::StackName}" } } } },
After removing the policy mentioned in step-5 (as mentioned above) for a condition, update the following policy.
{ "Sid": "Ec2StartStopKyvos", "Effect": "Allow", "Action": [ "ec2:StopInstances", "ec2:StartInstances", "ec2:DescribeInstanceStatus" ], "Resource": "*", "Condition": { "StringEqualsIgnoreCase": { "ec2:ResourceTag/cloudformation:stack-name": { "Fn::Sub": "${AWS::StackName}" } } } },