Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.
  2. On both SSO nodes, stop the Ubisecure SSO process and Accounting Service if it has been installed and is running, keep Ubisecure Directory running.
    Windows:

    Code Block
    languagepowershell
    net stop ubiloginserver
    net stop ubisecureaccounting

    Linux:

    Code Block
    languagebash
    /etc/init.d/ubilogin-server stop
    /etc/init.d/ubisecure-accounting stop


  3. On SSO node 1, update Ubisecure SSO according to update instructions in SSO Upgrade on Windows or SSO Upgrade On Linux.
  4. Linux: Optionally reconfigure LDAP failover on SSO node 1 as instructed here: Install SSO node 2
  5. Test all functionality including possible customizations by using the updated SSO node 1.
  6. On SSO node 2, update Ubisecure SSO according to the following steps. Note that possible directory schema changes are replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
    1. Make sure you have Java installed , JRE_HOME and JAVA_HOME set according to Installation requirements - SSO.
    2. Remove the existing services (SSO and Accounting Service):
      Windows:

      Code Block
      languagepowershell
      cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
      config\tomcat\remove.cmd
      

      Linux:

      Code Block
      languagebash
      cd /usr/local/ubisecure/ubilogin-sso/ubilogin
      ./config/tomcat/remove.sh


    3. Rename the ubilogin-sso directory to ubilogin-sso-old
    4. Copy the ubilogin-sso directory from node 1 to node 2
      1. If you want to preserve the logs of node 2 replace the log files with ubilogin-sso-old/ubilogin/logs and ubilogin-sso-old/accounting/logs with the files in the respective ubilogin-sso directories
    5. Windows: Fix local URL to refer to the node 2 host in C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\accounting\config\application-install.properties

      Code Block
      languagetext
      ubisecure.ids.accounting.server.url = <scheme>\://<node2host>\:<accounting-port>


    6. Linux: Fix LDAP_LISTEN_URLS to refer to the node 2 host in /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh as instructed here: Install SSO node 2 so that it matches with the version in ubilogin-sso-old:

      Code Block
      vi /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh
      


    7. Tune the Accounting Service scheduled job settings in node 2, see Accounting Service additional configuration / Recommended changes
      Windows edit the file in this location:

      Code Block
      ubilogin-sso\ubilogin\custom\accounting\config\application.yaml

      Linux:

      Code Block
      vi ubilogin-sso/ubilogin/custom/accounting/config/application.yaml


    8. Update SSO and Accounting Service configurations by reinstalling them - NOTE do not run setup script setup.cmd/setup.sh on SSO node 2 because it will override the secrets which need to match those on node 1
      Windows:

      Code Block
      languagepowershell
      cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
      config\tomcat\install.cmd

      Linux, also start the services, about Accounting Service (ubisecure-accounting) start see also Linux single node installation:

      Code Block
      languagebash
      cd /usr/local/ubisecure/ubilogin-sso/ubilogin
      ./config/tomcat/install.sh
      /etc/init.d/ubisecure-accounting start
      /etc/init.d/ubilogin-server start


  7. On SSO node 1, stop Ubilogin SSO process and Accounting Service, see Starting and stopping the services.

  8. Test all functionality by using the updated SSO node 2.
  9. On SSO node 1, return to the normal operation by starting Ubilogin SSO process and Accounting Service.

  10. Reset the reverse proxy to the original configuration.

...