MOSIP Docs 1.2.0
GitHubCommunityTech BlogsWhat's NewChatBot
  • MOSIP
    • Overview
    • License
    • Principles
      • Inclusion
      • Privacy and Security
        • Security
        • Data Protection
        • Privacy
    • Technology
      • Architecture
      • Digital ID DPI Framework
      • Technology Stack
      • API
      • Sandbox Details
    • Standards & Specifications
      • MOSIP Standards
        • 169 - QR Code Specifications
        • 169 - QR Code Specifications 1.0.0
    • Inji
    • eSignet
  • ID Lifecycle Management
    • Identity Issuance
      • Pre-registration
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Specifications
        • Test
          • Try It Out
          • End User Guide
          • Pre-registration Collab Guide
      • Registration Client
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Specifications
        • Test
          • Try It Out
          • End User Guide
          • Registration Client Collab Guide
        • Deploy
          • Installation Guide
          • Operator Onboarding
          • Configuration Guide
          • Settings page
        • Telemetry from Registration Client
      • Android Registration Client
        • Overview
          • Features
        • Develop
          • Developer Guide
          • UI Specification
          • Technology Stack
        • Test
          • End User Guide
          • Collab Guide
        • Deploy
          • Configuration Guide
      • Registration Processor
        • Overview
          • Features
        • Develop
          • Registration Processor Developers Guide
        • Test
          • Credential Requestor Stage
          • Manual Adjudication and Verification
        • Deploy
          • Configurations Details
          • Deploy
      • ID Repository
        • Credential Request Generator Service Developers Guide
        • Identity Service Developers Guide
        • VID Service Developers Guide
        • .well-known
        • Custom Handle Implementation Guide
    • Identity Verification
      • ID Authentication Services
        • ID Authentication Demographic Data Normalization
        • ID Authentication Service Developers Guide
        • ID Authentication OTP Service Developer Guide
        • ID Authentication Internal Service Developers Guide
        • MOSIP Authentication SDK
      • ID Authentication
    • Identity Management
      • ID Schema
      • Identifiers
      • Resident Portal
        • Overview
          • Features
        • Develop
          • Developers Guide
          • UI Developers Guide
          • UI Specifications
          • Technology Stack
        • Test
          • Functional Overview
          • End User Guide
          • Collab Guide
        • Deploy
          • Deployment Guide
          • Configuration Guide
          • Configuring Resident OIDC Client
          • Browsers Supported
    • Support Systems
      • Administration
        • Develop
          • Admin Services Developers Guide
        • Test
          • Try it out
          • Admin Portal User Guide
          • Admin Portal Collab Guide
        • Masterdata Guide
      • Partner Management System
        • Partners
        • Overview
          • Features
        • Develop
          • Architecture
          • Technology Stack
          • Backend Developers Guide
          • UI Developers Guide
          • Build and Development Guide
          • New Language Support
          • Browsers Supported
        • Test
          • Try It Out
          • Partner Administrator
          • Policy Manager
          • Authentication Partner
          • Device Provider
          • FTM Chip Provider
          • PMS Collab Guide
        • Deploy
          • PMS Configuration Guide
          • API changes with PMS Revamp
        • PMS Legacy
          • Partner Management System
          • Partner Management Portal
          • Auth Partner
          • Device Provider
          • Foundational Trust Provider
          • Partner Management Services Developers Guide
      • Reporting
        • Anonymous Profiling Support
    • Supporting Components
      • Biometrics
        • ABIS
        • ABIS API
        • Biometric SDK
        • Biometric Devices
        • FTM
        • Biometric Specification
        • MDS Specification
        • CBEFF
        • Compliance Tool Kit
      • Commons
        • Commons Developers Guide
        • Audit Manager Developers Guide
        • OpenID-Bridge Developers Guide
        • ID Generator
      • Datashare
      • Keycloak
      • Persistence
        • Postgres DB
        • Object Store
      • Packet Manager
        • Registration Packet Structure
      • Quality Manager
        • Automation
          • API Test Rig Automation
          • DSL Test Rig Automation
          • UI Test Rig Automation
          • Automation Testing
        • Manual
    • Supporting Services
      • Mock Services
      • Key Manager
        • Keys
        • Hadware Security Module (HSM)
        • Key Manager Developers Guide
      • Module Configurations
      • WebSub
        • WebSub Developers Guide
  • Setup
    • Deployment
      • Getting Started
        • Helm Charts
        • Versioning
        • Wireguard
          • Wireguard Bastion Host
          • Wireguard Administrator's Guide
          • Wireguard Client Installation Guide
        • Production
          • Server Hardware Requirements
          • Production Hardening Guide
          • Administration Using Rancher
      • V3 installation
        • On-Prem Installation Guidelines
        • On-Prem without DNS Installation Guidelines
        • AWS Installation Guidelines
        • Testrig
        • MOSIP External Dependencies
        • MOSIP Modules Deployment
    • Implementations
      • Implementations
      • Reference Implementations
    • Upgrade
      • Adopting LTS 1.2.0
        • Upgrade Runbook
          • Deployment Architecture Upgrade
          • Platform Upgrade
          • Additional Information
            • Handling Duplicate Entries
            • Adapting Changes in Administration Roles
            • Identifying Applicant Type
            • Changes in Camel Route
            • Changes in Role Management based on Client IDs
            • Handling Case Insensitive Duplicated User Details
            • Managing Unequal Certificates
            • Update Identity Mapping file in Configuration
            • New Datashare Properties
            • Handling Non-Recoverable Packets
            • Partners' Certificate Expired
            • Handling Partner Organization Name Mismatch Issue
            • Pre-Registration UI Upgrade
            • Registration Client Upgrade
            • Guide to Reprocess Packets Manually
        • Documentation for 1.1.5
      • Java 21 Migration Guide
  • Interoperability
    • Integrations
      • MOSIP - CRVS
        • Scope
        • Approach
          • Technical Details
        • Existing Integrations
          • OpenCRVS
      • MOSIP e-Manas
      • Digital Signature
      • MOSIP Token Seeder
        • MTS Versions
          • Version 1.0.0
          • Version 1.0.1
          • Version 1.1.0 (WIP)
        • MTS Developer Guides
          • Developer Guide 1.0
          • Developer Guide 1.1
        • MTS Connector
        • OpenG2P-registry MTS Connector
      • MOSIP eSignet
        • ID Authentication
        • Partner Management
        • Configuring eSignet
      • Print Service Integration
        • Verified Credentials
  • Community
    • Contributions
    • Code Contributions
      • Code of Conduct
      • MOSIP Release Process
        • Go/No Go Release Checklist
      • MOSIP Branching Strategy
    • Community Calendars
    • Documentation Credits
  • Roadmap and Releases
    • Roadmap
      • Roadmap 2025
      • Roadmap 2024
      • Roadmap 2023
    • Releases
      • Registration v1.2.1.1
      • PMS Revamp Release 1.2.2.1 (Patch)
      • v1.2.1.0 - Registration Processor
        • Test Report
      • Android Registration Client v0.11.0
        • Test Report
      • API Test Commons Releases
        • v1.3.2
        • v1.3.1
        • v1.3.0
      • 1.2.1.0-beta.1 (Part 3)
        • Test Report
      • Partner Management System 1.2.2.0
        • Test Report
      • Resident Services v0.9.1
        • Test Report
      • 1.2.0.2 - Reg Processor & ID Repo
        • Test Report
      • 1.2.1.0-beta.1 (Part 2)
        • Enhancements and Bug Fixes
        • Test Report
      • 1.2.1.0-beta.1(Part 1)
      • Android Registration Client 0.11.0-beta.1
        • Test Report
      • Partner Management System 1.3.0-dp.1
        • Test Report
      • 1.2.2.0 (Mosip - Config)
      • Api Test Commons Releases
      • Android Registration Client v0.10.0
        • Test Report
      • Resident Services 0.9.0
        • Test Report
      • 1.2.1.0 (ID Authentication)
        • Functional Test Report
      • 1.2.0.2
        • Test Report
      • 1.2.0.1
        • Enhancements and Bug Fixes
        • Test Report
      • Android Registration Client 0.9.0
        • Test Report
      • 1.2.0.1-B4 (Beta)
        • Test Report
      • Android Registration Client DP1
      • Resident Services DP1
      • 1.2.0.1-B3 (Beta)
        • Test Report
      • 1.2.0.1-B2 (Beta)
      • 1.2.0.1-B1 (Beta)
        • Functional Test Report
        • Sonar Report
      • 1.2.0
        • Enhancements
        • Functional Test Report
        • Sonar Scan Report
        • Performance Test Report
        • Security Test Report
        • Feature Health Report
  • General
    • Glossary
    • Resources
    • MOSIP Support Policy
    • Collab Environment Guides
      • Use Cases
        • Loan Application
      • Generating Demo Credentials
    • MOSIP Documentation Style Guide
Powered by GitBook

Copyright © 2021 MOSIP. This work is licensed under a Creative Commons Attribution (CC-BY-4.0) International License unless otherwise noted.

On this page
  • Step 1: Upgrade of necessary services
  • Step 2: Migration of Properties
  • Step 3: Upgrade of MOSIP
  • Step 4: Execution of activities once all upgraded services are operational
  • Step 5: Carrying out activities after completion of initial round of testing
  • Optional Steps

Was this helpful?

Edit on GitHub
Export as PDF
  1. Setup
  2. Upgrade
  3. Adopting LTS 1.2.0
  4. Upgrade Runbook

Platform Upgrade

Last updated 1 year ago

Was this helpful?

This document outlines the necessary steps for upgrading the Platform from version 1.1.5.5-P1 to 1.2.0.1.

Step 1: Upgrade of necessary services

  1. Postgres:

  • Check and remove the duplicate thumbprint entries in keymanager ca_cert_store. Refer the to know more.

  • Refer the for DB upgrade scripts to update the DB.

  • Change shareDomain in all the relevant policies to point to latest datashare

    • Change shareDomain's value from datashare-service to datashare.datashare in the policy_file_id column for each partner.

  • Check and rectify the partner name mismatch issue for certificate renewal. To know more, refer .

  • Follow this to check on the validity of the partner certificate and for renewal/ extension if required.

  • Check mvel expression, id schema and document mappings and add the required applicant document mappings. Click to know more.

  1. Keycloak:

  • Follow the steps mentioned to execute upgrade keycloak init with import-init.yaml.

  • Verify all the existing users of admin and update the roles according to the latest role matrix. To know more about the existing users, refer .

  • In Keycloak, it is important to ensure that the VID / UIN of each operator and supervisor is collected and updated in the individualId field. Failure to do so may cause complications during the onboarding or re-onboarding processes to new or existing machines, as well as during the biometrics update process for these users.

  • Manually update roles for client IDs that have been added as part of customization. For more information about the changes, please refer .

  1. Activemq:

  • Clear all the objects along with topics in the activemq or deploy a fresh instance of activemq with no previous data

  1. ABIS:

  • Stop and clear all the inprogress items as it will be reprocessed freshly.

  • Review the queue names and update if required (mosip-to-abis and abis-to-mosip).

  1. Manual adjudication system:

    • Stop and clear all the in-progress items as it will be reprocessed freshly.

    • Review the queue names and update if required (mosip-to-adjudication and adjudication-to-mosip).

  2. Manual verification system:

    • Stop and clear all in-progress items as it will be reprocessed freshly.

    • Review the queue names and update if required (mosip-to-verification and verification-to-mosip).

Step 2: Migration of Properties

  • Update registration-processor-default.properties reprocess elapse time to a larger time to avoid reprocessing before migration is fully complete (registration.processor.reprocess.elapse.time=315360000).

  • Add the below properties to syncdata-default.properties file if reg-client versions 1.1.5.4 and below are to be supported additionally.

#Properties needed for 1.1.5.4 and previous version reg-client compatibility (Tag mismatch error)
mosip.kernel.client.crypto.iv-length=16
mosip.kernel.client.crypto.aad-length=12
  • Configuration property files required to be updated for language specific deployments. Please follow the below snippet.

Note: Ensure that the transliteration line is not commented out, even for a single language.

## Transliteration
mosip.kernel.transliteration.arabic-language-code=ara
mosip.kernel.transliteration.english-language-code=eng
# Added this property for backward compatibility as it is misspelled in <1.2.0 versions of kernel-transliteration library
mosip.kernel.transliteration.franch-language-code=fra
  • Please ensure that the mosip.regproc.packet.classifier.tagging.agegroup.ranges property is aligned with the camel route.xml file.

Step 3: Upgrade of MOSIP

  • To begin, set up the Configuration server.

  • Next, configure and setup the Artifactory.

  • Execute the salt generation job to generate salts for the newly created table in the regproc.

  • Run the key generation job to ensure that all new module keys comply with the key_policy_def table.

Note: Disable the masterdata loader and regproc-reprocessor.

Step 4: Execution of activities once all upgraded services are operational

  • Finally, restart all the services to take care of old data caching.

Step 5: Carrying out activities after completion of initial round of testing

  1. Initiate the regproc reprocessor.

  2. Backup and delete any unnecessary tables and databases.

  3. Manually remove the "mosip_regdevice" and "mosip_authdevice" databases, as they have been moved to "mosip_pms".

  4. Delete all tables ending with "<table_name>_to_be_deleted" and "<table_name>_migr_bkp".

Optional Steps

  1. Remove any unnecessary roles for clients and users.

Run the data movement to the necessary three tables using the provided script. Afterward, run the migration script to re-encrypt the data and perform the movement of data from the bucket to the folder (This step is only necessary if the pre-registration has been upgraded from version 1.1.3.x). Please consult the provided for detailed instructions on how to carry out the data movement process.

Refer this to run the property migration script.

Take the latest version of the identity-mapping.json file (1.2.0.1) from mosip-config and update the mapping values based on the country's id schema. Please refer for instructions on making the necessary updates.

Additionally, make adjustments to the mvel config file for the application type according to each country's specific requirements. For more details on how to modify the mvel config file, please refer .

The camel routes need to be modified to accommodate the new workflow commands and ensure proper integration with external subsystems such as manual adjudication and manual verification. To understand the specific changes required, refer .

Proceed with the installation in the specified sequence. Refer to the provided for the correct order.

To resend the partner and policy details to IDA, please run the PMS utility job once. You can find the steps to run the job .

The UI specs for pre-registration should be published via the MasterData API in version 1.2.0. Previously, in version 1.1.5, the UI specs were saved in the config server. To upgrade the UI specs, please refer .

To proceed with the masterdata country specific upgrade scripts, please follow the instructions outlined .

Please create all the required applicant type details according to the applicanttype.mvel file created in the property migration section. For more information, please refer to the document .

Starting from version 1.2.0.1, it is mandatory to prepend the thumbprint for all encryptions. Therefore, we need to ensure that the certificate thumbprint for a particular partner exactly matches in both the keymanager and IDA key_alias tables. To learn how to check thumbprints and for further steps, please refer .

Please check and rectify any mixed case user names in the user details and zone mapping. For more information, refer .

Configure the Registration Client upgrade at the server side. Please refer to this for further instructions.

Run the query to identify all the packets stuck between the stages. Use the manual reprocess utility to reprocess all the RIDs found using the above query. Please refer to this to carry out the reprocess.

In case packets continue to fail due to performance issues, follow the steps mentioned in the to process packets from the beginning.

Perform the ID Repository tasks. Run the archival script and reprocess SQL script on the credential transaction table as specified in the .

Ensure that the datashare property is properly configured in the abis policy for the domain. Please refer to this for more detailed information.

When the admin portal becomes accessible, the admin user should generate the master keys that have been recently added to the key_policy_def table. This can be done using the admin UI master key generation page (Keymanager) for the ADMIN_SERVICES and RESIDENT roles. Only proceed with this step if the corresponding entries are not already available in the key_alias table of keymanager. For more detailed instructions, please consult the provided .

During the pre-registration upgrade process, if the encryption key is REGISTRATION, which is an old key, it must be updated. To update the encryption key, please refer to the migration utility process by clicking .

document
link
here
link
here
here
here
here
document
document
here
here
here
link
here
here
here
here
here
here
link
link
document
document
link
document
here