Single node upgrade on Linux from version 5.x.x - CustomerID
These are the upgrade instructions to the latest release: CustomerID 6.0. If you are upgrading to a CustomerID 5.x.x version, please check the upgrade instructions for that particular release.
NOTE: Two upgrade paths supported
If you are upgrading from a CustomerID version older than 5.7.0, you need to perform all the steps including Wildfly installation.
If you are upgrading from a CustomerID version 5.7.0 or newer, you may use the existing Wildfly installation when the Wildfly version in the CustomerID installation package is the same as in your current installation. The deviations in the process are described in the following steps:
- step 6. Wildfly installation - can be skipped
- step 10. Widlfly configuration - can be skipped
- step 12 b. JDBC data source creation in Wildfly - can be skipped
- step 17. Deploy CustomerID EAR files - undeployment is needed first
In both cases, you need to upgrade Java version to Java 11 (step 2), see System Recommendations and Supported Platforms.
Issue all the commands using the root user account.
Stop Ubisecure CustomerID service and make sure no changes are made to the database during the following steps. Take care you still have Java 8 installed and the related environment variables set at this stage.
systemctl stop wildfly.service
- Remove Java 8 installation, install Java 11 and set JAVA_HOME according to Java Check On Linux.
Back up Ubisecure CustomerID. See instructions from Backup And Restore - CustomerID. You should do this regularly but for the upgrade process we advise you in this step to move the existing installation to a specific location
customerid-old
which is used in this document.cd /usr/local/ubisecure mv customerid customerid-old
- Back up Ubisecure Directory (OpenLDAP). See instructions from Backup And Restore - Ubisecure Directory.
- Unpack the new distribution package. See instructions from Distribution Package Unpacking On Linux. Your unpack directory e.g.
~/customerid
must be empty before doing this step. When upgrading from 5.6 or older, or you have an existing WildFly installation which has different version number than the one included in the distribution package, you need to uninstall the old version and install the new one. See instructions from WildFly Installation On Linux.
before uninstalling the previous version
export WILDFLY_HOME=/usr/local/wildfly-<old-version-number>.Final
before installing the new version
export WILDFLY_HOME=/usr/local/wildfly-<new-version-number>.Final
Extract the deployment template
cid-deployment-template-x.x.x-linux.tar.gz
. Your installation directory e.g./usr/local/ubisecure/customerid
must be empty before doing this step.cd /usr/local/ubisecure tar xzvf ~/customerid/cid-deployment-template-x.x.x-linux.tar.gz
- Import configuration settings from the previous installation.
- In order to resume the service after the upgrade it is necessary to copy some configuration settings from the previous installation. These settings are contained in the file
/usr/local/ubisecure/customerid-old/application/linux.config
. In the new installation the
linux.config
file is located further down the similar path in theconfig
sub-folder and must first be copied to the application folder.cd /usr/local/ubisecure/customerid/application cp config/linux.config ./
The values must be copied carefully from the previous installation as the configuration options may have changed. You should copy only those values that have the same keys on both old and new
linux.config
files. Refer to page Setup template on Linux - CustomerID for more information about the current configuration options.NOTE: If you have made configuration changes to any of the
linux.config
parameters directly ineidm2.properties
file after previously running thesetup.sh
ensure that these changes are included in the newlinux.config
file. For example, if you have changed the REST credentials ineidm2.properties
file, make sure the same values are now present in thelinux.config
file.
- In order to resume the service after the upgrade it is necessary to copy some configuration settings from the previous installation. These settings are contained in the file
Run the setup script.
cd /usr/local/ubisecure/customerid/application ./setup.sh
- When upgrading from 5.6 or older, or you have reinstalled Wildfly, configure WildFly. See instructions from WildFly Configuration On Linux. When Wildfly has been started, check each step:
- Copy the existing SSL certificate to
$WILDFLY_HOME/standalone/configuration/keystore.pfx
- Set WildFly UndertowRealm and verify HTTPS connection as instructed
- Set up
customerid.home
as instructed - Set up logging as instructed
- Set up a mail session as instructed
- Copy the existing SSL certificate to
Start Ubisecure SSO service which was stopped during WildFly installation step if you performed it.
systemctl start ubilogin-server
- Prepare Database for Ubisecure CustomerID.
- Check if you need to do any modifications in the existing PostgreSQL database for this CustomerID version from Database changes - CustomerID
When upgrading from 5.6 or older, or you have reinstalled Wildfly, create the JDBC data source to WildFly. There is a script in the distribution package's tools folder for this purpose but before executing it verify that the driver file is found in the location you have specified in
linux.config: database.driver.path
anddatabase.driver.file
settings.cd /usr/local/ubisecure/customerid/tools ./create-datasource.sh
- When upgrading from 5.6 or older, upgrade PostgreSQL server (for supported versions, see System Recommendations) following PostgreSQL official upgrade documentation at https://www.postgresql.org/docs/12/upgrading.html.
We have created Knowledge Base "How-to" article with information how we have tested the upgrade and also include estimated migration times. See Upgrade and migrate to new version of PostgreSQL - Upgrade PostgreSQL JDBC driver on SSO side (for supported versions, see System Recommendations)
Transfer the
postgresql-x.x.x.jar
library to the Ubisecure SSO server and copy it to the following folder:/usr/local/ubisecure/ubilogin-sso/tomcat/lib
. See also PostgreSQL JDBC driver installation to SSO on LinuxRestart SSO
systemctl restart ubilogin-server
Restore the local customization from the previous installation and update it to be compliant with the installed version. Do not override any of the files which have been already created by the setup script especially
eidm2_generated.properties
.cp -a -u /usr/local/ubisecure/customerid-old/application/custom /usr/local/ubisecure/customerid/application/ chown -R wildfly:wildfly /usr/local/ubisecure/customerid chmod -R o-xrw /usr/local/ubisecure/customerid
NOTE: Before continuing open document Configuration changes in versions - CustomerID which lists all changes you need to do between different versions. Using that document as a guide delete all removed keys, add new ones if needed and replace all changed keys from the custom files in your new installation.
- When upgrading from CustomerID version 5.6.x or older, update CustomerID LDAP entries to facilitate REST API OAuth2 authentication, see also Configuring OAuth2 authentication for REST API
- Copy the LDIF files found from
on the Ubisecure CustomerID server to Ubisecure SSO server. You can place them on the desktop in a folder called/usr/local/ubisecure/customerid/application/ldap
customerid-ldifs
. On the SSO server side use the script to import the definitions
cd /usr/local/ubisecure/ubilogin-sso/ubilogin/ldap/openldap ./import.sh ~/customerid-ldifs/customerid.ldif ./import.sh ~/customerid-ldifs/customerid-secrets.ldif
Tip: If both CustomerID and SSO installation reside on the same server you can simply do the following instead:cd /usr/local/ubisecure/ubilogin-sso/ubilogin/ldap/openldap ./import.sh ../../../../customerid/application/ldap/customerid.ldif ./import.sh ../../../../customerid/application/ldap/customerid-secrets.ldif
- Copy the LDIF files found from
Deploy Ubisecure CustomerID enterprise archives (EARs) to the WildFly J2EE container - use the location where you have extracted the installation package and the proper version number in the file name. Note that also Ubisecure Directory service needs to be running for the deployment to succeed (
systemctl start ubilogin-directory
) . If you did not reinstall Wildfly when upgrading from 5.7 or newer, you need first start the service and undeploy the EAR files from the previous CustomerID versionWhen Wildfly is running and there are no EAR files from the previous CustomerID installation deployed, continue with the deployment:
cd /usr/local/ubisecure/customerid/tools ./deploy-ear.sh ~/customerid/cid-ear-x.x.x.ear ./deploy-ear.sh ~/customerid/cid-worker-ear-x.x.x.ear
Successful deployment will show
Deploying CustomerID EAR to Wildfly... Press any key to continue . . .
- Upgrade SSO Adapter. See instructions from CustomerID SSO Adapter extension upgrade
UPGRADE IS NOW COMPLETE! Log in with your credentials.