Versions Compared

Old Version 1

changes.mady.by.user ubisebastian

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Info

These are the upgrade instructions to the latest release: SSO 9.01. If you are upgrading to from a SSO 8.x.x version, please check ensure the upgrade instructions for that particular release.

Note

In the SSO version 9.0 there are two major changes that need to be taken into account in the upgrade process:

  • Java 8 is replaced with Java 11
    • step 6 a. for the previous version (Java 8)
    • steps 6 c. and 6 j. for the new version (Java 11)
    • Services are managed with systemd and no more with init.d
  • step 2 for the previous version (init.d)
    • step 6 i. for the new version (systemd)

    steps to SSO 9.0 (Java11, systemd service management, and OpenLDAP MDB) have been considered.


    Overview

    This page specifies the steps for updating a clustered deployment of Ubisecure SSO during a service break. If service breaks are not allowed or the system must all the time be operational for other reasons, please see instructions from Clustered upgrade on Windows - SSO.

    ...

    1. Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.

    2. On both SSO nodes, stop the Ubisecure SSO process and Accounting Service if it has been installed and is running, keep Ubisecure Directory running.
      Windows:

      Code Block
      languagepowershell
      net stop ubiloginserver
net stop ubisecureaccounting

      Linux (version 8.x.x):

      Code Block
      languagebash
      /etc/init.d/systemctl stop ubilogin-server
systemctl stop /etc/init.d/ubisecure-accounting stop


    3. On SSO node 1, update Ubisecure SSO according to update instructions in SSO Upgrade on Windows or SSO Upgrade On Linux.
    4. Linux: Optionally reconfigure LDAP failover on SSO node 1 as instructed here: Install SSO node 2
    5. Test all functionality including possible customizations by using the updated SSO node 1.
    6. On SSO node 2, update Ubisecure SSO according to the following steps. Note that possible directory schema changes are replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
      1. For the version to be removed, make Make sure you still have Java 8 installed and JRE_HOME and JAVA_HOME set according to System Recommendations and Supported Platforms

      2. Remove the existing services (SSO and Accounting Service):
        Windows:

        Code Block
        languagepowershell
        cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\remove.cmd

        Linux:

        Code Block
        languagebash
        cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./config/tomcat/remove.sh
        Remove Java 8 installation, install Java 11, and set JAVA_HOME according to Installation requirements - SSO

      3. Rename the ubilogin-sso directory to ubilogin-sso-old
      4. Copy the ubilogin-sso directory from node 1 to node 2 
        1. If you want to preserve the logs of node 2 replace the log files with ubilogin-sso-old/ubilogin/logs and ubilogin-sso-old/accounting/logs with the files in the respective ubilogin-sso directories
      5. Windows: Fix local URL to refer to the node 2 host in C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\accounting\config\application-install.properties
         Code Block
        languagetext
        ubisecure.ids.accounting.server.url = <scheme>\://<node2host>\:<accounting-port>

      6. Linux: Fix LDAP_LISTEN_URLS to refer to the node 2 host in /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh as instructed here: Install SSO node 2 so that it matches with the version in ubilogin-sso-old:
         Code Block
        vi /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh


      7. Tune the Accounting Service scheduled job settings in node 2, see Accounting Service additional configuration / Recommended changes
        Windows edit the file in this location:
         Code Block
        ubilogin-sso\ubilogin\custom\accounting\config\application.yaml
        Linux:
         Code Block
        vi ubilogin-sso/ubilogin/custom/accounting/config/application.yaml

      8. Update SSO and Accounting Service configurations by reinstalling them - NOTE do not run setup script setup.cmd/setup.sh on SSO node 2 because it will override the secrets which need to match those on node 1

        Windows:
         Code Block
        languagepowershell
        cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
config\tomcat\install.cmd
        Linux, also start the services, about Accounting Service (ubisecure-accounting) start see also Linux single node installation:
         Code Block
        languagebash
        cd /usr/local/ubisecure/ubilogin-sso/ubilogin
./config/tomcat/install.sh
systemctl start ubisecure-accounting
systemctl start ubilogin-server
        Check Single node installation finalization. For the new Java installation you need to import SSO certificate to Java trust store.

    7. On SSO node 1, stop Ubilogin SSO process and Accounting Service, see Starting and stopping the services.
    8. Test all functionality by using the updated SSO node 2.
    9. On SSO node 1, return to the normal operation by starting Ubilogin SSO process and Accounting Service.
    10. Reset the reverse proxy to the original configuration.
    ...