Two node in-place upgrade on Linux - CustomerID

Owned by Shraddha Shejawal
Last updated: 2023-11-23 by Juha Koponen
5 min read

Last reviewed: 2022-03-23

PLEASE NOTE!

Please note that this Knowledge Base article has been created only for 2023.1


Please note that the information in this Knowledge Base has not undergone extensive testing or verification by our Engineering team. While this article offers valuable insights, it may not guarantee flawless solutions for your specific Identity Server environment and configuration.

Please contact your Ubisecure partner and/or Ubisecure Support team to obtain more information.

Two node upgrade process

The idea is to keep one node of CID running and perform upgrade on slave node first. 

While performing upgrade, treat slave node as master node and complete the upgrade process for this node. 

Then switch over traffic to this upgraded node and start performing upgrade on remaining (old master node) node to make it as slave.  

Follow the steps in order. Issue all commands using the root user account.

Traffic Switchover : Make sure all traffic is going to only to SSO Node1 And CID Node1. 

Stop ubilogin-server.service in SSO Node2 and stop wildfly.sevice in CID Node2. 

It is good idea to take periodic backups of running installations. 

  1. Back up Ubisecure Directory. See instructions from Backup and restore Ubisecure Directory - SSO.

  2. Back up Ubisecure CustomerID. See instructions from Backup And Restore - CustomerID

    Backup
    cd /usr/local/ubisecure
mv customerid customerid-old

Perform on Ubisecure CustomerID new Master Node (Node2) :

  1. Unpack the distribution package. See instructions from Distribution package unpacking on Linux - CustomerID.
  2. Check Java. See instructions from Java check on Linux - CustomerID.
  3. Install WildFly. See instructions from Two node WildFly domain installation on Linux - CustomerID.

Perform once on CustomerID new Master Node (Node2):

  1. Extract the deployment template. See instructions from Deployment template extraction on Linux - CustomerID.
  2. Copy configuration files from old master to new, and setup.

    1. Transfer files from old master to new master.

      scp /usr/local/ubisecure/customerid/application/linux.config <new_master_node_user>@<new_master_node>:/usr/local/ubisecure/customerid/application/
scp -r /usr/local/ubisecure/customerid/application/custom <new_master_node_user>@<new_master_node>:/usr/local/ubisecure/customerid/application/

      (Ensure to copy all subfolders under custom).

    2. On the new master, go through each setting in /usr/local/ubisecure/customerid/application/linux.config  and compare to the configuration template for the new version in /usr/local/ubisecure/customerid/application/config/linux.config

      1. Add settings missing from the previous version, refer to Setup template on Linux - CustomerID for existing options
      2. Check settings related to the versions of 3rd party software: wildfly.home, database.driver.file
      3. Check and fix settings related to your environment, all the URLs, host names and IP addresses, especially: proxy.local.url, wildfly.ip_addr.master, and wildfly.ip_addr.slave

    3. Run setup.sh.

      cd /usr/local/ubisecure/customerid/application
./setup.sh
  3. Prepare WildFly for domain configuration. See instructions from Two node WildFly prepare for domain configuration on Linux - CustomerID.
  4. Configure HTTPS, See Two node SSL configuration on Linux - CustomerID -  This generates certificate files and Keystore (default location: %WILDFLY_HOME%\domain\configuration\keystore.pfx) is registered to WildFly in the next step  - master node WildFly configuration. 
  5. Configure WildFly on CustomerID Master Node. See instructions from Two node master WildFly configuration on Linux - CustomerID.
  6. Configure the singleton subsystem. See instructions from Two node singleton subsystem configuration on Linux - CustomerID.

Perform once for the whole Ubisecure CustomerID cluster (CID new Master Node):

  1. Perform database schema update depending on versions.
  2. When upgrading from CustomerID version 5.6.x or older update CustomerID LDAP entries to facilitate REST API OAuth2 authentication. See LDAP import instructions from SSO management web applications creation on Linux - CustomerID.

Perform once on CustomerID new Master Node (Node2) :

  1. Create JDBC data source to WildFly. See instructions from CustomerID Two Node JDBC Data Source Creation On Linux.
  2. Create a Mail Session configuration for WildFly. See instructions from Two node mail session creation on Linux - CustomerID
  3. Configure logging for CustomerID. See instructions from Two node logging on Linux - CustomerID
  4. Register "customerid.home" system property to WildFly. See instructions from WildFly system property registration on Linux - CustomerID

Perform on Ubisecure SSO Node2:

  1. Upgrade PostgreSQL JDBC driver to SSO node(s). See instructions from PostgreSQL JDBC driver installation to SSO on Linux - CustomerID.
  2. Upgrade Ubisecure CustomerID SSO Adapter to SSO node(s). See instructions from CustomerID SSO Adapter extension upgrade.

Perform on the CustomerID New Master Node (Node2) :

  1. Run following commands to ensure files are in correct ownership and file mode.

    chown -R wildfly. /usr/local/ubisecure/customerid/application/custom
chmod 644 /usr/local/ubisecure/customerid/application/custom/jndi.properties
  2. Deploy the Worker Enterprise Archive to the WildFly domain. See instructions from Two node deploying Worker EAR on Linux - CustomerID
  3. Deploy CustomerID Enterprise Archive to the WildFly domain. See instructions from Two node deploying CustomerID EAR on Linux - CustomerID

Perform on Ubisecure CustomerID new Master Node (Node2):

  1. Configure SELinux. See instructions from SELinux configuration - CustomerID.
  2. Restart Ubisecure CustomerID. See instructions from Restart on Linux - CustomerID.

Perform on Ubisecure SSO Node2:

  1. Restart Ubisecure SSO. See instructions from Installation related SSO restart on Linux - CustomerID.

Traffic Switchover : After this step switch traffic to new Master node. 

Stop ubilogin-server.service from Ubisecure SSO Node1 and stop  wildlfy.service from CID old master node (Node1).

Verify application to confirm you can access SSO Management and CustomerID (Basic flows like login works and no problems to load data on screen). 

Perform next steps to upgrade remaining CID node which will act as slave node after upgrade. 

Perform on Ubisecure SSO Node1:

  1. Upgrade PostgreSQL JDBC driver to SSO node(s). See instructions from PostgreSQL JDBC driver installation to SSO on Linux - CustomerID.
  2. Upgrade Ubisecure CustomerID SSO Adapter to SSO node(s). See instructions from CustomerID SSO Adapter extension upgrade.

    Note : After this step you can start ubilogin-server.service in SSO Node1 to restore SSO HA setup.

Perform on CustomerID New Slave Node (Node1):

  1. Unpack the distribution package. See instructions from Distribution package unpacking on Linux - CustomerID.
  2. Check Java. See instructions from Java check on Linux - CustomerID.
  3. Install WildFly. See instructions from Two node WildFly domain installation on Linux - CustomerID
  4. Transfer the installation folder from master node. See instructions from Two node installation folder transfer on Linux - CustomerID.
  5. Configure HTTPS, See Two node SSL configuration on Linux - CustomerID -  This generates certificate files and Keystore (default location: %WILDFLY_HOME%\domain\configuration\keystore.pfx) is registered to WildFly in the next step  - master node WildFly configuration. Note - If the key is not changed, then keystore.pfx can be just copied over from the master node and this step can be skipped. 
  6. Configure WildFly on CustomerID Slave Node. See instructions from Two node slave WildFly configuration on Linux - CustomerID
  7. Configure SELinux. See instructions from SELinux configuration - CustomerID.

  8. Perform on the CustomerID New Slave Node (Node1) :

    1. Run following command to ensure files are in correct ownership and file mode.

      chown -R wildfly. /usr/local/ubisecure/customerid/application/custom
chmod 644 /usr/local/ubisecure/customerid/application/custom/jndi.properties
  9. Restart Ubisecure CustomerID. See instructions from Restart on Linux - CustomerID.

Perform on Ubisecure SSO Node 1:

  1. Restart Ubisecure SSO. See instructions from Installation related SSO restart on Linux - CustomerID.

Finalize Upgrade : 

  Kindly verify customerid_diag.log file to see if both cid nodes are active and logs are getting printed for both cid nodes in logs. 

Ensure to check memory allocation for tomcat and wildfly from the old environment and to apply that to any new environment:

To check memory allocated to Wildfly:

Goto /home/wildfly/wildfly-21.0.2.Final/domain/configuration/domain.xml - Check value of following in old environment and update in new environments.

<jvm name="default">

  <heap size="4G" max-size="4G"/>

</jvm>

To check memory allocated for tomcat:

Goto  /usr/local/ubisecure/ubilogin-sso/ubilogin/config/tomcat/jsvc.sh - Check value of following in old environment and update in new environments.

JAVA_OPTS="-Xms4g -Xmx4g"

Ubisecure Privacy Policy & Cookie Statement