This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

AP Java Upgrade and Rollback Examples

Examples for Upgrade and Rollback operations.

1 - Online and Offline Upgrade

Steps to perform online and offline upgrade operations for Application Protector Java.

This section outlines the online and offline upgrade of the Protegrity Application Protector (AP) Java.

In online mode, the upgrade runs without interrupting ongoing Java protector processes. The Protegrity Upgrade Agent manages state transitions, metadata updates, and version synchronization during the upgrade.

In offline mode, there are no protector processes that are in a running state.

Specifying Custom Configuration File Location

To perform an online upgrade, the offline parameter in the sdkupgrd.conf file must be set to no.
To perform an offline upgrade, the offline parameter in the sdkupgrd.conf file must be set to yes.

Before running the sdkupgrd binary, ensure to update the sdkupgrd.conf file with the required configuration values. By default, the configuration file is located at /opt/protegrity/upgrader/data/sdkupgrd.conf.

For more information about the configuration values, refer to SDK Upgrader Agent Configuration File.

To perform the upgrade:

  1. Run the following command to start the upgrade.

    /opt/protegrity/upgrader/bin/sdkupgrd upgrade

    The prompt to add the ESA username and password appears.

    Note: If the configuration file is moved to a different location, specify the custom path using the --conf option.

    /opt/protegrity/upgrader/bin/sdkupgrd upgrade --conf /opt/sdkupgrd.conf

  2. Run the upgrade in silent mode using the following command. Provide the ESA credentials with the command.

    /opt/protegrity/upgrader/bin/sdkupgrd upgrade --esa-user <esa_username> --esa-password <esa_user_password>

    Important: Do not set the path of the extracted .tgz build file manually. The Upgrade Agent expects the raw .tgz file and handles extraction internally.

    Do not extract the build manually. The Upgrade Agent validates the /signatures/ directory inside the .tgz bundle. If the /signatures/ directory is properly extracted, only then does the upgrade proceed.

For online and offline upgrade, these steps ensure that a smooth, zero‑downtime upgrade of AP Java protectors.

To confirm a successful online and offline upgrade -

  • Review the Upgrade Agent logs in Insight for a success message indicating that the operation completed.
  • Check the audit logs to verify that protection operations are being performed using the new AP Java version.
  • Use Insight to review protector and audit logs.
  • Confirm that logs reflect the new protector version after upgrade.

The application continues to serve protect and unprotect requests without interruption during the upgrade. In‑flight requests complete on the existing SDK version, while new requests are handled by the upgraded version after the reload. No requests are dropped, blocked, or fail during upgrade.

2 - Online and Offline Rollback

Steps to perform online and offline rollback procedure for Application Protector Java.

This section describes the complete procedure to perform an online and offline rollback operation for the Protegrity Application Protector Java components. It is assumed that the protector is already in the upgraded state.

Specifying Custom Configuration File Location

To perform an online rollback, the offline parameter in the sdkupgrd.conf file must be set to no.
To perform an offline rollback, the offline parameter in the sdkupgrd.conf file must be set to yes.

For rollback, the Upgrade Agent reads stdout, offline, and debug parameters from the sdkupgrd.conf file.

To perform online and offline rollback operation:

Run the following command to start the rollback.

/opt/protegrity/upgrader/bin/sdkupgrd rollback

Note: If the configuration file is moved to a different location, specify the custom path using the --conf option.

/opt/protegrity/upgrader/bin/sdkupgrd rollback --conf /opt/sdkupgrd.conf

For online and offline rollback, these steps ensure a smooth, zero‑downtime rollback of AP Java protectors. It safely restores the system to the previously backed-up protector version, ensuring continuity if an upgrade fails or needs to be aborted.

To confirm a successful rollback -

  • Ensure that the protector version has reverted.
  • Review the Upgrade Agent logs in Insight for a success message indicating that the operation completed.
  • Verify that the running AP Java processes report the expected older version after rollback.
  • Use Insight to review protector and audit logs.
  • Confirm that logs reflect the rolled‑back version after rollback.