2.5. Upgrading¶
If you installed privacyIDEA via DEB or RPM repository you can use the normal system ways of apt-get, aptitude and rpm to upgrade privacyIDEA to the current version.
2.5.1. Basic pip upgrade process¶
If you install privacyIDEA into a python virtualenv like /opt/privacyidea, you can follow this basic upgrade process.
First you might want to backup your program directory:
tar -zcf privacyidea-old.tgz /opt/privacyidea
and your database:
source /opt/privacyidea/bin/activate pi-manage backup create
Now you can upgrade the installation:
source /opt/privacyidea/bin/activate pip install –upgrade privacyidea
Usually you will need to upgrade/migrate the database:
pi-manage db stamp 4f32a4e1bf33 -d /opt/privacyidea/lib/privacyidea/migrations pi-manage db upgrade -d /opt/privacyidea/lib/privacyidea/migrations
Now you need to restart your webserver for the new code to take effect.
2.5.2. Upgrade to privacyIDEA 2.12¶
In privacyIDEA 2.12 the Event Handler framework was added. Two new tables “eventhandler” and “eventhandleroption” were added.
You need to update the database models:
pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations
2.5.3. Upgrade to privacyIDEA 2.11¶
In privacyIDEA 2.11 the RADIUS server definition was added. RADIUS servers can be used in RADIUS tokens and in the RADIUS passthru policy.
A new database table “radiusserver” was added.
You need to update the database models:
pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations
2.5.4. Upgrade to privacyIDEA 2.10¶
In privacyIDEA 2.10 SMTP servers were added. SMTP servers can be used for notifications, registration and also for Email token and SMS token.
SMTP servers need a new database table “smtpserver”.
You need to update the database models:
pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations
privacyIDEA 2.10 can import all kind of PSKC token files. These XML files need to be parsed. Therefore BeautifulSoup4 and lxml is used. On pip installations you need to install a package like libxslt1-dev.
2.5.5. Upgrade From privacyIDEA 2.x to 2.3¶
In 2.3 the priority of resolvers in realms was added.
You need to update the database models:
pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations
Note
You need to specify the path to the migrations scripts. This could be /usr/lib/privacyidea/migrations.
Note
When upgrading with the Ubuntu LTS packages, the database update is performed automatically.
2.5.6. Upgrade From privacyIDEA 1.5¶
Warning
privacyIDEA 2.0 introduces many changes in database schema, so at least perform a database backup!
2.5.6.1. Stopping Your Server¶
Be sure to stop your privacyIDEA server.
2.5.6.2. Upgrade Software¶
To upgrade the code enter your python virtualenv and run:
pip install --upgrade privacyidea
2.5.6.3. Configuration¶
Read about the configuration in the The Config File.
You can use the old enckey, the old signing keys and the
old database uri. The values can be found in your old ini-file
as privacyideaSecretFile
, privacyideaAudit.key.private
,
privacyideaAudit.key.public
and sqlalchemy.url
. Your new
config file might look like this:
config_path = "/home/cornelius/tmp/pi20/etc/privacyidea/"
# This is your old database URI
# Note the three slashes!
SQLALCHEMY_DATABASE_URI = "sqlite:///" + config_path + "token.sqlite"
# This is new!
SECRET_KEY = 't0p s3cr3t'
# This is new
#This is used to encrypt the admin passwords
PI_PEPPER = "Never know..."
# This is used to encrypt the token data and token passwords
# This is your old encryption key!
PI_ENCFILE = config_path + 'enckey'
# THese are your old signing keys
# This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = config_path + 'private.pem'
PI_AUDIT_KEY_PUBLIC = config_path + 'public.pem'
To verify the new configuration run:
pi-manage create_enckey
It should say, that the enckey already exists!
2.5.6.4. Migrate The Database¶
You need to upgrade the database to the new database schema:
pi-manage db upgrade -d lib/privacyidea/migrations
Note
In the Ubuntu package the migrations folder is located at
/usr/lib/privacyidea/migrations/
.
2.5.6.5. Create An Administrator¶
With privacyIDEA 2.0 the administrators are stored in the database. The password of the administrator is salted and also peppered, to avoid having a database administrator slip in a rogue password.
You need to create new administrator accounts:
pi-manage addadmin <email-address> <admin-name>
2.5.6.6. Start The Server¶
Run the server:
pi-manage runserver
or add it to your Apache or Nginx configuration.