Nonsequential FIPS Database Upgrades

As of Vertica 10.1.1, FIPS support has been reinstated. Prior to this, the last version to support FIPS was Vertica 9.2.x. Vertica upgrades are typically sequential, but if you're upgrading from 9.2.x to 10.1.1 and want to maintain your FIPS certification, you must perform a direct, nonsequential upgrade from 9.2.x to 10.1.1.

The following procedure performs a direct upgrade from Vertica 9.2.x running on RHEL 6.x to Vertica 10.1.1 on RHEL 8.1.

If you have any questions or want additional guidance for performing this upgrade, contact Vertica Support.

  1. Create a full backup of your Vertica 9.2.x database. This example uses the configuration file fullRestore.ini.

    $ vbr --config-file=/tmp/fullRestore.ini -t init
$ vbr --config-file=/tmp/fullRestore.ini -t backup
    [Transmission]
concurrency_backup = 1
port_rsync = 50000
encrypt = False
serviceAccessPass = rsyncpw
hardLinkLocal = False
checksum = False
total_bwlimit_restore = 0
serviceAccessUser = rsyncuser
total_bwlimit_backup = 0
concurrency_restore = 1
				
[Misc]
snapshotName = full_restore
restorePointLimit = 1
retryDelay = 1
objects =
retryCount = 0
tempDir = /tmp/vbr

[Mapping]
v_fips_db_node0001 = 198.51.100.0:/home/release/backup/
v_fips_db_node0002 = 198.51.100.1:/home/release/backup/
v_fips_db_node0003 = 198.51.100.2:/home/release/backup/

[Database]
dbPort = 5433
dbPromptForPassword = False
dbUser =
dbPassword =
dbName = fips_db

  2. Shut down the database gracefully. Do not start the database until instructed.

  3. Acquire a RHEL 8.1 cluster with one of the following methods:

    1. Upgrade in place

    2. Reimage your machines

    3. Use a completely different RHEL 8.1 cluster

  4. Enable FIPS on your RHEL 8.1 machines and reboot.

    $ fips-mode-setup --enable

  5. Install Vertica 10.1.1 on the RHEL 8.1 cluster.

    $ install_vertica --hosts node0001, node0002, node0003 \
    --rpm /tmp/vertica-10.1.1-0/x86_64.RHEL8.rpm

  6. If you acquired your RHEL 8.1 cluster by reimaging or using a different cluster, you must restore your database.

    $ vbr -c /tmp/fullRestore.ini -t restore

    If you encounter the following warning, you can safely ignore it.

    Warning: Vertica versions do not match: v9.2.1-xx -> v10.1.1-xxxxxxxx. This operation may not be supported.

  7. Start the Vertica 10.1.1 database to trigger the upgrade. This should be the first time you've started your database since shutting it down in step 2.

    $ admintools -t start_db -d fips_db