Skip to content

Policy Engine Maintenance Operations

This section describes how to upgrade, redeploy, or uninstall the Policy Engine services.

Redeploying Policy Engine Services

In case you need to start all containers from scratch, you can run the script cleanup.sh and subsequently run script deploy.sh once again:

  • sudo sh cleanup.sh

  • sudo sh deploy.sh

For Clustered Environment:

  • First, run the cleanup script on all three nodes.

  • Run the deployment script on the primary node, wait for it to complete.

  • Run the deployment script on Node 1 (non-primary), then wait for it to complete.

  • Run the deployment script on Node 2 (non-primary), then wait for it to complete.

Upgrade

The upgrade process will follow the sequence of actions:

  1. Prepare the new release:

    1. Copy the unzipped release directory into /opt.

  2. Update configuration files in the new release directory:

    • .env

    • docker-compose-standalone.yml or docker-compose.yml

  3. Stop old containers: On all three servers, connect to each node, navigate to the old release directory, and run::

    • sudo sh cleanup.sh

  4. Deploy the new release: On the primary node, navigate to the latest release directory, run the deployment script, and wait for it to complete:

    • sudo sh deploy.sh

  5. Deploy on non-primary nodes: Once the primary node is deployed.

    1. Repeat step #3 on Node 1 (non-primary) and wait for it to complete.

    2. Repeat step #3 on Node 2 (non-primary), and wait for it to complete.

  6. The new release has been deployed and is available for use.

Cleaning Up

If it’s needed to remove all containers, the script cleanup.sh can be run:

  • sudo sh cleanup.sh

Change SSL Certificates

Sometimes you might want to use your own certificates for hosting the HyWorks Policy Management API instead of the default self-signed certificates, or your certificates might have expired, and you want to use new certificates. In such cases, follow the steps to update the SSL certificates used to host the HyWorks Policy Management API.

  1. Copy the PEM file of your certificate to automation/opal-script/nginx/certificates/ folder.

  2. Copy the PEM file of your certificate private key to automation/opal-script/nginx/certificates/ folder.

  3. The next step is to update the paths to the SSL certificates in automation/opal-script/nginx/nginx.conf file.

  4. Open nginx.conf file in a text editor

  5. Change the name of the file mentioned in the directive ssl_certificate to the name of your new certificate file, e.g., if your new certificate file name is new-cert.crt, change the ssl_certificate directive to

    • ssl_ceritificate /etc/nginx/certificates/new-cert.crt;

  6. Change the name of the file mentioned in the directive ssl_certificate_key to the name of your new private key file, e.g., if your new certificate file name is new-private-key.key, change the ssl_certificate directive to

    • ssl_ceritificate_key /etc/nginx/certificates/new-private-key.key;

  7. If your private key is password-protected, then delete the existing value inside automation/opal-script/nginx/global.pass file and specify your private key password in this file

Now, when you start your services next time, the new SSL certificates that you have added should be used