Clustered SSO upgade during a service break

Last reviewed: 2017-12-18

Overview

This page specifies the steps for updating a clustered deployment of Ubisecure SSO during a service break. If service breaks are not allowed or the system must all the time be operational for other reasons, please follow the instructions here.

Preliminary tasks

If you are using Windows operating system, find out which SSO node is the schema master (see step 1 here) and update Ubisecure SSO on the schema master node first. The schema master node is referred as SSO node 1 below.

Update procedure

  1. Start the service break e.g. by forwarding all traffic from the reverse proxy to a service break information page.
  2. Stop the Ubiloginserver process on both SSO nodes, keep Ubisecure Directory running.
  3. Update Ubisecure SSO on node 1 according to update instructions for Windows or Linux.
  4. Test all functionality including possible customizations by using the updated SSO node 1.
  5. Update Ubisecure SSO on node 2 according to following steps. Note that possible directory schema changes have been replicated from node 1 and therefore no actions are needed for Ubisecure Directory on node 2.
    1. Rename the ubilogin-sso directory to ubilogin-sso-old
    2. Copy the ubilogin-sso directory from node 1 to node 2
    3. Update Tomcat configuration by reinstalling it (DON’T RUN setup.cmd on SSO node 2):

      Windows:

      C:\cd /d "C:\Program Files\Ubisecure\ubilogin-sso\ubilogin"
      C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\remove.cmd
        The UbiloginServer service is not started.
        More help is available by typing NET HELPMSG 3521.
      C:\Program Files\Ubisecure\ubilogin-sso\ubilogin>config\tomcat\install.cmd

      Linux:

      cd /usr/local/ubisecure/ubilogin-sso/ubilogin
      ./config/tomcat/remove.sh
      ./config/tomcat/install.sh
      /etc/init.d/ubilogin-server start
  6. Stop Ubiloginserver process on SSO node 1 and test all functionality by using SSO node 2.
  7. Return to normal operation by starting Ubiloginserver process on SSO node 1 and returning the reverse proxy to the original configuration.