Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.5

...

This page specifies the steps for updating a clustered deployment of Ubisecure SSO during a service break. If service breaks are not allowed or the system must all the time be operational for other reasons, please see instructions from Clustered upgrade on Windows - SSO.

Preliminary tasks

If you are using Windows operating system, find out which SSO node is the schema master (see step 1 from Clustered upgrade on Windows - SSO) and update Ubisecure SSO on the schema master node first. The schema master node is referred as SSO node 1 below.

...

  1. Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.
  2. On both SSO nodes, stop the Ubisecure SSO process and Accounting Service if it has been installed and is running, keep Ubisecure Directory running.
    Windows:

    Code Block
    languagepowershell
    net stop ubiloginserver
    net stop ubisecureaccounting

    Linux:

    Code Block
    languagebash
    /etc/init.d/ubilogin-server stop
    /etc/init.d/ubisecure-accounting stop
  3. On SSO node 1, update Ubisecure SSO according to update instructions in Clustered SSO Upgrade on Windows or SSO Upgrade On Linux.
  4. Linux: Optionally reconfigure LDAP failover on SSO node 1 as instructed here: Install SSO node 2
  5. Test all functionality including possible customizations by using the updated SSO node 1.
  6. On SSO node 2, update Ubisecure SSO according to the following steps. Note that possible directory schema changes are replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
    1. Make sure you have Java installed, JRE_HOME and JAVA_HOME set according to Installation requirements - SSO.
    2. Rename the ubilogin-sso directory to ubilogin-sso-old
    3. Copy the ubilogin-sso directory from node 1 to node 2
      1. If you want to preserve the logs of node 2 replace the log files with ubilogin-sso-old/ubilogin/logs and ubilogin-sso-old/accounting/logs with the files in the respective ubilogin-sso directories
    4. Linux: Fix LDAP_LISTEN_URLS to refer to the node 2 hostname in /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh as instructed here: Install SSO node 2 so that it matches with the version in ubilogin-sso-old:

      Code Block
      vi /usr/local/ubisecure/ubilogin-sso/ubilogin/config/settings.sh
      
    5. Tune the Accounting Service scheduled job settings in node 2, see Accounting Service additional configuration / Recommended changes
      Windows edit the file in this location:

      Code Block
      ubilogin-sso\ubilogin\custom\accounting\config\application.yaml

      Linux:

      Code Block
      vi ubilogin-sso/ubilogin/custom/accounting/config/application.yaml
    6. Update Tomcat configuration by reinstalling it (NOTE: do not run setup script setup.cmd/setup.sh on SSO node 2):
      Windows:

      Code Block
      languagepowershell
      C:\cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
      C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\remove.cmd
      C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\install.cmd

      Linux, also start the services, about Accounting Service (ubisecure-accounting) start see also Linux single node installation:

      Code Block
      languagebash
      cd /usr/local/ubisecure/ubilogin-sso/ubilogin
      ./config/tomcat/remove.sh
      ./config/tomcat/install.sh
      /etc/init.d/ubisecure-accounting start
      /etc/init.d/ubilogin-server start
  7. On SSO node 1, stop Ubilogin SSO process and Accounting Service, see Starting and stopping the services.

  8. Test all functionality by using the updated SSO node 2.
  9. On SSO node 1, return to the normal operation by starting Ubilogin SSO process and Accounting Service.

  10. Reset the reverse proxy to the original configuration.

...