Skip to content

Policy Engine Maintenance Operations

This section describes how to upgrade, redeploy, or uninstall the Policy Engine services.

Redeploying Policy Engine Services

In case you need to start all containers from scratch, you can run the script cleanup.sh and subsequently run script deploy.sh once again:

  • sudo sh cleanup.sh

  • sudo sh deploy.sh

For Clustered Environment:

  • First run cleanup script on all three nodes.

  • Run deployment script on primary node, wait for it to complete.

  • Run deployment script on non-primary Node 1, wait for it to complete.

  • Run deployment script on non-primary Node 2, wait for it to complete.

Upgrade

Upgrade process will be following below sequence of actions:

  1. Prepare the new release:

    1. Copy the unzipped release directory into /opt.

  2. Update configuration files in the new release directory:

    • .env

    • docker-compose-standalone.yml or docker-compose.yml

  3. Stop old containers: On all three servers, connect to each node, navigate to the old release directory, and run::

    • sudo sh cleanup.sh

  4. Deploy the new release: On the primary node, navigate to the new release directory, run the deployment script, and wait for it to complete:

    • sudo sh deploy.sh

  5. Deploy on non-primary nodes: Once the primary node is deployed.

    1. Repeat step# 3 on non-primary Node 1, wait for it to complete.

    2. Repeat step# 3 on non-primary Node 2, wait for it to complete.

  6. New release is deployed and can be used.

Cleaning Up

If its needed to remove all containers, the script cleanup.sh can be run:

  • sudo sh cleanup.sh

Change SSL Certificates

Sometimes you might want to use your own certificates for hosting HyWorks Policy Management API instead of the default self-signed certificates or your certificates might have expired, and you want to use new certificates. In such cases, follow below mentioned steps to change the ssl certificates used for hosting HyWorks Policy Management API

  1. Copy the pem file of your certificate to automation/opal-script/nginx/certificates/ folder

  2. Copy the pem file of your certificate private key to automation/opal-script/nginx/certificates/ folder

  3. Next step is to update the paths of ssl certificates in automation/opal-script/nginx/nginx.conf file

  4. Open nginx.conf file in a text editor

  5. Change the name of file mentioned in the directive ssl_certificate to the name of your new certificate file. For ex if your new certificate file name is new-cert.crt, change the ssl_certificate directive to

    • ssl_ceritificate /etc/nginx/certificates/new-cert.crt;

  6. Change the name of file mentioned in the directive ssl_certificate_key to the name of your new private key file. For ex if your new certificate file name is new-private-key.key, change the ssl_certificate directive to

    • ssl_ceritificate_key /etc/nginx/certificates/new-private-key.key;

  7. If your private key is password protected, then delete the existing value inside automation/opal-script/nginx/global.pass file and specify your private key password in this file

Now when you will start your services next time, new ssl certificates that you have added should be used