Clustered upgrade during a service break - SSO

Overview

This page specifies the steps for updating a clustered deployment of Ubisecure SSO during a service break. If service breaks are not allowed or the system must all the time be operational for other reasons, please see instructions from Clustered upgrade on Windows - SSO.

Preliminary tasks

If you are using Windows operating system, find out which SSO node is the schema master (see step 1 from Clustered upgrade on Windows - SSO) and update Ubisecure SSO on the schema master node first. The schema master node is referred as SSO node 1 below.

Update procedure

  1. Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.
  2. Stop the Ubiloginserver process on both SSO nodes, keep Ubisecure Directory running.
  3. Update Ubisecure SSO on node 1 according to update instructions in Clustered upgrade on Windows - SSO or Upgrade on Linux - SSO.
  4. Test all functionality including possible customizations by using the updated SSO node 1.
  5. Update Ubisecure SSO on node 2 according to following steps. Note that possible directory schema changes have been replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
    1. Rename the ubilogin-sso directory to ubilogin-sso-old
    2. Copy the ubilogin-sso directory from node 1 to node 2
    3. Update Tomcat configuration by reinstalling it (DON’T RUN setup.cmd on SSO node 2):

      Windows:

      C:\cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
      C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\remove.cmd
        The UbiloginServer service is not started.
        More help is available by typing NET HELPMSG 3521.
      C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\install.cmd

      Linux:

      cd /usr/local/ubisecure/ubilogin-sso/ubilogin
      ./config/tomcat/remove.sh
      ./config/tomcat/install.sh
      /etc/init.d/ubilogin-server start
  6. Stop Ubiloginserver process on SSO node 1 and test all functionality by using SSO node 2.
  7. Return to normal operation by starting Ubiloginserver process on SSO node 1 and returning the reverse proxy to the original configuration.