To upgrade an existing installation to a new version of VMware Tanzu GemFire, follow these general steps:

1. Back up your current system.
2. Install the new version of the software.
3. Stop your cluster using the current software.
4. Restart the system using the new software.

In many cases, components running under the current version can be stopped selectively, then restarted under the new version so that the cluster as a whole remains functional during the upgrade process; this is known as a “rolling upgrade.”

In other cases, the entire system must be stopped in order to accomplish the upgrade, which will require some downtime for your system.

See Planning an Upgrade to choose the upgrade scenario that best suits your implementation and to understand the resources you will need to accomplish the upgrade. Then select the appropriate upgrade procedure for more detailed instructions that fit your specific needs.

Upgrade Details

• Planning an Upgrade

  This section discusses the upgrade paths for various VMware Tanzu GemFire versions, and it lists information you need to know before you begin the upgrade process.

• Rolling Upgrade

  A rolling upgrade allows you to keep your existing cluster running while you upgrade your members one at a time.

• Offline Upgrade

  An offline upgrade can handle the widest variety of software versions and cluster configurations, but requires shutting down the entire system for at least a short time.

• Upgrading Clients

  When you upgrade your GemFire server software, you may need to update your client applications in order to maintain compatibility with the upgraded servers.

Upgrading to v9.15

For some customers, issues regarding SSL protocols and their default values require a preparatory SSL protocol migration step when upgrading to GemFire v9.15. Please read the following section carefully to determine whether your system requires this additional SSL protocol migration step.

Does my System Require SSL Protocol Migration Before Upgrading to GemFire v9.15?

To determine whether your system requires the SSL protocol migration preparatory step, see if your system meets both of the following conditions:

• If ssl-endpoint-identification-enabled is set to true AND
  
• If ssl-protocols is set to a value other than “any”, that is, it specifies a list of specific protocols, but does not include “SSLv2Hello”,

THEN your system requires the SSL protocol migration step.

How do I determine my system’s settings for the ssl-endpoint-identification-enabled and ssl-protocols properties?

SSL properties may be set in properties files or on the gfsh command line. To determine the settings for these parameters,

• Check gemfire.properties and gfsecurity.properties for ssl-endpoint-identification-enabled=true. Also look for ssl-use-default-context=true, which sets ssl-endpoint-identification-enabled=true.

• Search system logs for these properties (using grep, for example).

Preparatory SSL Protocol Migration

The preparatory SSL protocol migration process consists of replacing one property, ssl-protocols, with two new properties, ssl-client-protocols and ssl-server-protocols, then removing the old ssl-protocols definition. Perform this substitution in whatever way the original ssl-protocols were defined: in .properties files or on a command line.

1. If your system is running JDK 8, upgrade to the latest version of JDK 8 before proceeding. This is necessary, even if you plan to perform the optional JDK upgrade step to JDK 11 or JDK 17.
2. Shutdown a member (server or locator).
3. Install GemFire 9.15.
4. Optionally install a new Java JDK.
5. Add security property ssl-client-protocols with the same definition as the old ssl-protocols property.
6. Add security property ssl-server-protocols with the same definition as the old ssl-protocols property PLUS “SSLv2Hello”. For example, if the original value of ssl-protocols is “TLSv1.2”, then define
   • ssl-client-protocols="TLSv1.2"
   • ssl-server-protocols="TLSv1.2,SSLv2Hello"
7. Start the member.
8. Verify successful cluster join.
9. Repeat from step 1 for the next member.

Optionally, after your upgrade is complete, you may restore your original ssl-protocols property and restart all your members to eliminate the SSLv2Hello protocol support.