Clustered upgrade during a service break - SSO
Overview
This page specifies the steps for updating a clustered deployment of Ubisecure SSO during a service break. If service breaks are not allowed or the system must all the time be operational for other reasons, please see instructions from Clustered upgrade on Windows - SSO.
Preliminary tasks
If you are using Windows operating system, find out which SSO node is the schema master (see step 1 from Clustered upgrade on Windows - SSO) and update Ubisecure SSO on the schema master node first. The schema master node is referred as SSO node 1 below.
Update procedure
- Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.
- Stop the Ubiloginserver process on both SSO nodes, keep Ubisecure Directory running.
- Update Ubisecure SSO on node 1 according to update instructions in Clustered upgrade on Windows - SSO or Upgrade on Linux - SSO.
- Test all functionality including possible customizations by using the updated SSO node 1.
- Update Ubisecure SSO on node 2 according to following steps. Note that possible directory schema changes have been replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
- Rename the ubilogin-sso directory to ubilogin-sso-old
- Copy the ubilogin-sso directory from node 1 to node 2
Update Tomcat configuration by reinstalling it (DON’T RUN setup.cmd on SSO node 2):
Windows:C:\cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin" C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\remove.cmd The UbiloginServer service is not started. More help is available by typing NET HELPMSG 3521. C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\install.cmd
Linux:
cd /usr/local/ubisecure/ubilogin-sso/ubilogin ./config/tomcat/remove.sh ./config/tomcat/install.sh /etc/init.d/ubilogin-server start
- Stop Ubiloginserver process on SSO node 1 and test all functionality by using SSO node 2.
Return to normal operation by starting Ubiloginserver process on SSO node 1 and returning the reverse proxy to the original configuration.