...
- Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.
On both SSO nodes, stop the Ubisecure SSO process and Accounting Service if it has been installed and is running, keep Ubisecure Directory running.
Windows:Code Block language powershell net stop ubiloginserver net stop ubisecureaccounting
Linux:
Code Block language bash /etc/init.d/ubilogin-server stop /etc/init.d/ubisecure-accounting stop
- On SSO node 1, update Ubisecure SSO according to update instructions in SSO Upgrade on Windows or SSO Upgrade On Linux.
- Linux: Optionally reconfigure LDAP failover on SSO node 1 as instructed here: Install SSO node 2.
- Test all functionality including possible customizations by using the updated SSO node 1.
- On SSO node 2, update Ubisecure SSO according to the following steps. Note that possible directory schema changes are replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
- Make sure you have Java installed , JRE_HOME and JAVA_HOME set according to Installation requirements - SSO.
Remove the existing services (SSO and Accounting Service):
Windows:Code Block language powershell cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" config\tomcat\remove.cmd
Linux:
Code Block language bash cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./config/tomcat/remove.sh
- Rename the
ubilogin-sso
directory toubilogin-sso-old
- Copy the
ubilogin-sso
directory from node 1 to node 2- If you want to preserve the logs of node 2 replace the log files with
ubilogin-sso-old/ubilogin/logs
and
with the files in the respectiveubilogin-sso-old/accounting/logs
ubilogin-sso
directories
- If you want to preserve the logs of node 2 replace the log files with
Windows: Fix local URL to refer to the node 2 host in
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\accounting\config\application-install.properties
Code Block language text ubisecure.ids.accounting.server.url = <scheme>\://<node2host>\:<accounting-port>
Linux: Fix
LDAP_LISTEN_URLS
to refer to the node 2 host in/usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh
as instructed here: Install SSO node 2 so that it matches with the version inubilogin-sso-old
:Code Block vi /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh
Tune the Accounting Service scheduled job settings in node 2, see Accounting Service additional configuration / Recommended changes
Windows edit the file in this location:Code Block ubilogin-sso\ubilogin\custom\accounting\config\application.yaml
Linux:
Code Block vi ubilogin-sso/ubilogin/custom/accounting/config/application.yaml
Update SSO and Accounting Service configurations by reinstalling them - NOTE do not run setup script
setup.cmd/setup.sh
on SSO node 2 because it will override the secrets which need to match those on node 1
Windows:Code Block language powershell cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" config\tomcat\install.cmd
Linux, also start the services, about Accounting Service (
ubisecure-accounting
) start see also Linux single node installation:Code Block language bash cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./config/tomcat/install.sh /etc/init.d/ubisecure-accounting start /etc/init.d/ubilogin-server start
On SSO node 1, stop Ubilogin SSO process and Accounting Service, see Starting and stopping the services.
- Test all functionality by using the updated SSO node 2.
On SSO node 1, return to the normal operation by starting Ubilogin SSO process and Accounting Service.
Reset the reverse proxy to the original configuration.
...