This guide describes the procedure of performing a rolling upgrade of a HA vault cluster and providing the required doc for the upgrade of multiple vault replication clusters.
To upgrade to the latest version of the Vault. The latest version of the Vault would be ideal since we know, the latest versions have a lot of bug fixes, security patches, and features, making the Prod more stable and manageable.
First, we have to download the vault binaries. The latest Vault binaries, both Open Source and Enterprise, can be downloaded from https://releases.hashicorp.com/vault/. Enterprise binaries are labeled with ‘+ent’ in both the directory and binary file names. These directories contain binaries compiled for the most common platforms, with the exception of the Hardware Security Module version, which is distributed for linux/amd64 platforms only.
steps 2: Follow the upgrading Vault guides which are HashiCorp recommendation
Steps 3:To stay up to date with features and changes made with each version:
Also, If you upgrading an old version to the latest version for example upgrading from 1.3.0 to 1.7.3,
For such a big jump in versions, you'll also want to look at each of the version-specific upgrades between V1.3.0 to 1.7.3. There is guides worth of differences to note between v1.3.0 to 1.7.3 in the sidebar here:
- Upgrade to 1.3.2: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.3.2
- Upgrade to 1.3.3: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.3.3
- Upgrade to 1.6.3: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.6.3
- Upgrade to 1.70: https://www.vaultproject.io/docs/upgrading/upgrade-to-1.7.0
We will recommend taking a snapshot(backup) before upgrading.
Take a backup of your Vault cluster, the steps to which will depend on whether you're using Consul Storage Backend or Raft Integrated Storage.
Follow these steps :
After upgrade, The following steps needed to be done:
* Updating License
- Stop Vault
- Restart vault
- Unseal Vault
- Apply new license key
* Validate the License
* Check via the command line:
- Check via UI
While you upgrading If your production is affected, you can file a new ticket at High or Urgent priority and someone who is on call will be paged to assist.