Is there a clear series or sequence of steps which i need to do before i upgrade my Gateways from 11.1 to 11.2?

The whole portal related stuff was not part of the main gateway upgrade prerequisites which was a HUGE problem, as you can see. what can i do to prevent having to manually change each and every policy which is using the "Evaluate JSON PATH expression".

Component: CA API Gateway
Release: 11.1.x
Form Factor: Software Appliance

It is a matter of patience. Bradcom product documentation attempts to provide the upgrade sequence through the standard documentation. However, the complexity of the customer implementation sometimes can test administrator's patience and missed some of the important details.

Portal and OTK Users Upgrading to Gateway 11.2: ADDITIONAL STEPS MUST BE PERFORMED FIRST!

Please refer to Cross-APIM Product Compatibility Considerations for more information.

This article is intended to provide some of the details to our readers to help them determine the critical steps for a successful in-place upgrade.

Please see KB 420896 - Upgrade Gateway 11.1.1 Debian 12 to Gateway 11.2 Debian 13 for some of the API Portal specifics.

Product Documentation References:

• Debian 12 In-Place Upgrade (gateway 11.2)
• Gateway Upgrade Enhancement (In-Place) - oneClickUpgrade.sh Utility and more

Assumptions

Assuming that you have taken care of the additional steps for your Portal and OTK steps if you need them.

Additional Considerations

• Upgrade a Cluster
  According to the documentation, you can start by upgrading the Primary node to Gateway 11.2 and Database 11.2 before proceeding with the remaining nodes.
  
  For clustered Gateways with active replication, make sure to stop the MySQL slave on all database nodes within the cluster before installing each patch.
• Policy Manager
  Since the Gateway 11.2 is now runs on Debian 13 using OpenJDK Runtime Environment Temurin-21.0.9+10 (build 21.0.9+10-LTS), you are advised to download and use the same JDK 21 for your 11.2 Policy Manager.
• Apply a Patch
  Please see the following product documentation link for additional information regarding Gateway Patches
  Understand Gateway Patches

Upgrade Steps

Important Step 0. Take a snapshot of your Gateway appliance so that you can rollback in case something goes wrong.

Step 1. Download and prepare the "Layer7_API_Gateway_Appliance_Upgrader_11.2.0.zip".

The zip fille can be downloaded from API Gateway Essentials MULTI-PLATFORM 11.2.
Upload and unzip it on your Gateway appliance so that you have the following files under /home/ssgconfig:

CA_SSO_SDK_Compact_v12.80.801.3003_11.2.0.L7P
oneClickUpgrade.sh
Layer7_API_Gateway_Debian_v11.2.0-22643.L7P         
SSGBackup-11.2.0.22643.zip
Layer7_API_PlatformUpdate_v11.2.0-Debian-22643.L7P  
ssg-inplace-upgrade-readiness-checker_v11.2.0.22643.sh
Layer7_API_PMS_Debian_v3.0.0-20251112151340.L7P

Login as user root then

cd /home/ssgconfig
chmod +x *.sh
# to make oneClickUpgrade.sh and ssg-inplace-upgrade-readiness-checker_v11.2.0.22643.sh executable

Step 2. Run a series of oneClickUpgrade readiness-check to determine other pre-requsites that are required before the real upgrade. This command is issued as the following:

Login as root then

cd /home/ssgconfig
./oneClickUpgrade.sh --readiness-check /home/ssgconfig/ssg-inplace-upgrade-readiness-checker_v11.2.0.22643.sh

The output of this command shows a list of checks it performs:

System Check: Starting system pre-check...
  # to dermine if this is an OVA Gateway
System Check: Validating package deviations..
  # to dermine if additional packages (other than the standard Gateway packages) have been installed on the machine
System Check: Validating available space in each required mount points..
  # to determine if the mount space is sufficient for the upgrade
System Check: Verifying Debian point release..
  # to dermine if the machine needs additional MPP applied before it can be upgraded
System Check: Validating disk layout..
  # to determine if the system has a custom disk layout and whether the layout needs to be addressed
System Check: Checking MySQL version..
  # to dermine the existing MySQL version and possible next version after the upgrade
System Check: Checking for Minor versions..
  # to dermine the current minor version
System Check: Scanning for DSA configuration in the Gateway SSH server configuration..
  # to dermine if configuration within /etc/ssh/ssh_config needs to be addressed
System Check: Validating Patch Management service..
  # to dermine if the Patch Management service version is sufficient for the upgrade
System Check: Validating LUNA HSM Client configuration..
  # to dermine if LUNA HSM Client is to be used.

Along the way, you may have to address some of the following before you would want to re-run this readiness check using the oneClickUpgrade.sh utility: Note that the following is a list of common tasks we want to share with you. For those are not listed below, please open support tickets to allow Broadcom Support to help you with your particular needs:

2.1 Verifying Debian point release. It may suugest that you need to apply the latest 11.1 Monthly Platform Patch (MPP)

Since this article is about upgrading 11.1 to 11.2, you may actually need to upgrade your PMS to 2.0 before you can apply the latest 11.1 MPP. The PMS 2.0 L7P (Layer7_API_PMS_Debian_v2.0.0-20240715115049.L7P) is included any one of the following zip files:  Layer7_API_Gateway_v11.1.3.zip, Layer7_API_Gateway_v11.1.2.zip, Layer7_API_Gateway_v11.1.1.zip. These zip files and the latest 11.1 MPP can be downloaded from the following link:

Layer7 API Gateway - Solutions and Patches

After confirming that you have the PMS 2.0, you can then proceed to apply the latest 11.1 MPP, for example it can be the Layer7_API_PlatformUpdate_64bit_v11.1-Debian-2025-11-25.L7P included in the Layer7_API_PlatformUpdate_64bit_v11.1-Debian-2025-11-25.zip.

To determine the version of the PMS you have, you can re-run the readiness check to see it or you can use the following command to find out:

dpkg -l | grep patch

2.2 For the package deviations check, it can be a bit troublesome depends on the kind of customizations you have done on your machine. However, we have seen the case where the successful application of the latest 11.1 MPP actually fixed up the package deviation issue. But, this is not a guaranteed, just keep that in mind. If you still have issues, please open support case with Broadcom Support.

2.3 After you have passed the Debian point release check, by successfully applying the latest 11.1 MPP, you will need to apply the PMS 3.0 patch, the Layer7_API_PMS_Debian_v3.0.0-20251112151340.L7P seen in the Layer7_API_Gateway_Appliance_Upgrader_11.2.0.zip.

Step 3. After you have successfully passed all the checks, you are ready to upgrade your 11.1 to 11.2

login as root

cd /home/ssgconfig
./oneClickUpgrade.sh --major 11.2.0 22643 --reboot yes

In this case, the 11.2.0 and 22643 are used because of the Layer7_API_Gateway_Appliance_Upgrader_11.2.0.zip contains the two L7P files: Layer7_API_Gateway_Debian_v11.2.0-22643.L7P, Layer7_API_PlatformUpdate_v11.2.0-Debian-22643.L7P. They represent the release number 11.2.0 and build number 22643.

At the conclusion of this command, the machine will be rebooted automatically. However, the database will not be upgraded automatically. You are advised to upgrade the database manually through the ssgconfig menu and then reboot the machine one more than and see the 11.2 Gateway fully functional.