2.5. Upgrading¶

If you installed privacyIDEA via DEB or RPM repository you can use the normal system ways of apt-get, aptitude and rpm to upgrade privacyIDEA to the current version.

2.5.1. Basic pip upgrade process¶

If you install privacyIDEA into a python virtualenv like /opt/privacyidea, you can follow this basic upgrade process.

First you might want to backup your program directory:

tar -zcf privacyidea-old.tgz /opt/privacyidea

and your database:

source /opt/privacyidea/bin/activate
pi-manage backup create

2.5.1.1. Running upgrade¶

Starting with version 2.17 the script privacyidea-pip-update performs the update of the python virtualenv and the DB schema.

Just enter your python virtualenv (you already did so, when running the backup) and run the command:

privacyidea-pip-update

2.5.1.2. Manual upgrade¶

Now you can upgrade the installation:

source /opt/privacyidea/bin/activate
pip install --upgrade privacyidea

Usually you will need to upgrade/migrate the database:

pi-manage db stamp 4f32a4e1bf33 -d /opt/privacyidea/lib/privacyidea/migrations
pi-manage db upgrade -d /opt/privacyidea/lib/privacyidea/migrations

Now you need to restart your webserver for the new code to take effect.

2.5.2. Upgrade to privacyIDEA 2.12¶

In privacyIDEA 2.12 the Event Handler framework was added. Two new tables “eventhandler” and “eventhandleroption” were added.

You need to update the database models:

pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations

2.5.3. Upgrade to privacyIDEA 2.11¶

In privacyIDEA 2.11 the RADIUS server definition was added. RADIUS servers can be used in RADIUS tokens and in the RADIUS passthru policy.

A new database table “radiusserver” was added.

You need to update the database models:

pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations

2.5.4. Upgrade to privacyIDEA 2.10¶

In privacyIDEA 2.10 SMTP servers were added. SMTP servers can be used for notifications, registration and also for Email token and SMS token.

SMTP servers need a new database table “smtpserver”.

You need to update the database models:

pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations

privacyIDEA 2.10 can import all kind of PSKC token files. These XML files need to be parsed. Therefore BeautifulSoup4 and lxml is used. On pip installations you need to install a package like libxslt1-dev.

2.5.5. Upgrade From privacyIDEA 2.x to 2.3¶

In 2.3 the priority of resolvers in realms was added.

You need to update the database models:

pi-manage db stamp 4f32a4e1bf33 -d path/to/migrations
pi-manage db upgrade -d path/to/migrations

Note

You need to specify the path to the migrations scripts. This could be /usr/lib/privacyidea/migrations.

Note

When upgrading with the Ubuntu LTS packages, the database update is performed automatically.

2.5.6. Upgrade From privacyIDEA 1.5¶

Warning

privacyIDEA 2.0 introduces many changes in database schema, so at least perform a database backup!

2.5.6.1. Stopping Your Server¶

Be sure to stop your privacyIDEA server.

2.5.6.2. Upgrade Software¶

To upgrade the code enter your python virtualenv and run:

pip install --upgrade privacyidea

2.5.6.3. Configuration¶

Read about the configuration in the The Config File.

You can use the old enckey, the old signing keys and the old database uri. The values can be found in your old ini-file as privacyideaSecretFile, privacyideaAudit.key.private, privacyideaAudit.key.public and sqlalchemy.url. Your new config file might look like this:

config_path = "/home/cornelius/tmp/pi20/etc/privacyidea/"
# This is your old database URI
# Note the three slashes!
SQLALCHEMY_DATABASE_URI = "sqlite:///" + config_path + "token.sqlite"
# This is new!
SECRET_KEY = 't0p s3cr3t'
# This is new
#This is used to encrypt the admin passwords
PI_PEPPER = "Never know..."
# This is used to encrypt the token data and token passwords
# This is your old encryption key!
PI_ENCFILE = config_path + 'enckey'
# THese are your old signing keys
# This is used to sign the audit log
PI_AUDIT_KEY_PRIVATE = config_path + 'private.pem'
PI_AUDIT_KEY_PUBLIC = config_path + 'public.pem'

To verify the new configuration run:

pi-manage create_enckey

It should say, that the enckey already exists!

2.5.6.4. Migrate The Database¶

You need to upgrade the database to the new database schema:

pi-manage db upgrade -d lib/privacyidea/migrations

Note

In the Ubuntu package the migrations folder is located at /usr/lib/privacyidea/migrations/.

2.5.6.5. Create An Administrator¶

With privacyIDEA 2.0 the administrators are stored in the database. The password of the administrator is salted and also peppered, to avoid having a database administrator slip in a rogue password.

You need to create new administrator accounts:

pi-manage addadmin <email-address> <admin-name>

2.5.6.6. Start The Server¶

Run the server:

pi-manage runserver

or add it to your Apache or Nginx configuration.

2.5. Upgrading¶

2.5.1. Basic pip upgrade process¶

2.5.1.1. Running upgrade¶

2.5.1.2. Manual upgrade¶

2.5.2. Upgrade to privacyIDEA 2.12¶

2.5.3. Upgrade to privacyIDEA 2.11¶

2.5.4. Upgrade to privacyIDEA 2.10¶

2.5.5. Upgrade From privacyIDEA 2.x to 2.3¶

2.5.6. Upgrade From privacyIDEA 1.5¶

2.5.6.1. Stopping Your Server¶

2.5.6.2. Upgrade Software¶

2.5.6.3. Configuration¶

2.5.6.4. Migrate The Database¶

2.5.6.5. Create An Administrator¶

2.5.6.6. Start The Server¶

Table Of Contents

Related Topics

This Page