Two node in-place upgrade on Windows - CustomerID

Owned by Shraddha Shejawal
Last updated: 2023-11-23 by Juha Koponen
5 min read

Last reviewed: 2022-03-23

PLEASE NOTE!

Please note that this Knowledge Base article has been created only for 2023.1


Please note that the information in this Knowledge Base has not undergone extensive testing or verification by our Engineering team. While this article offers valuable insights, it may not guarantee flawless solutions for your specific Identity Server environment and configuration.

Please contact your Ubisecure partner and/or Ubisecure Support team to obtain more information.

Two node upgrade process

The idea is to keep one node of CID running and perform upgrade on slave node first. 

While performing upgrade, treat slave node as master node and complete the upgrade process for this node. 

Then switch over traffic to this upgraded node and start performing upgrade on remaining (old master node) node to make it as slave.  

Follow the steps in order. Issue all commands in Windows command prompt using the Administrator user account.

Traffic Switchover : Make sure all traffic is going to only to SSO Node1 And CID Node1. 

Stop ubiloginserver service in SSO Node2 and stop wildfly sevice in CID Node2. 

It is good idea to take periodic backups of running installations. 

  1. Back up Ubisecure Directory. See instructions from Backup and restore Ubisecure Directory - SSO.
  2. Back up Ubisecure CustomerID. See instructions from Backup And Restore - CustomerID

Perform on Ubisecure CustomerID new Master Node (Node2) :

  1. Unpack the distribution package. See instructions from Distribution package unpacking on Windows - CustomerID.
  2. Check Java. See instructions from Java check on Windows - CustomerID.
  3. Install WildFly. See instructions from Two node WildFly installation on Windows - CustomerID. (Ensure to remove the old Wildfly service before installing the new one)

Perform once on CustomerID new Master Node (Node2):

  1. Extract the deployment template. See instructions from Deployment template extraction on Windows - CustomerID.
  2. Copy configuration files from old master to new, and setup.
    1. Transfer the following folder from the old master C:\Program Files\Ubisecure\customerid\application\custom to the new one under: C:\Program Files\Ubisecure\customerid\application (Ensure to copy all subfolders under custom).
    2. Transfer the following file from the old master C:\Program Files\Ubisecure\customerid\application\win32.config to the new one in the same location
    3. On the new master, go through each setting in C:\Program Files\Ubisecure\customerid\application\win32.config and compare to the configuration template for the new version in C:\Program Files\Ubisecure\customerid\application\config\win32.config
      1. Add settings missing from the previous version, refer to Setup template on Windows - CustomerID for existing options
      2. Check settings related to the versions of 3rd party software: wildfly.home, database.driver.file
      3. Check and fix settings related to your environment where the new servers are going to replace the old ones, all the URLs, host names and IP addresses, especially: proxy.local.url, wildfly.ip_addr.master, and wildfly.ip_addr.slave (Ensure wildfly.ip_addr.master points to the new Master Node (Node2), wildfly.ip_addr.slave to the old Master Node (Node2))

      4. Run setup script

        setup
        cd /D "%PROGRAMFILES%\Ubisecure\customerid\application\"
setup.cmd
  3. Prepare WildFly for domain configuration. See instructions from Two node WildFly preparation on Windows - CustomerID. (In case of following error: "Failed to connect to the controller. The controller is not available at localhost:9990: java.net.ConnectException: WFLYPRT0053". Ensure wildfly is started on new Master Node (Node2))
  4. Configure HTTPS, See Two node SSL configuration on Windows - CustomerID -  This generates certificate files and Keystore (default location: %WILDFLY_HOME%\domain\configuration\keystore.pfx) is registered to WildFly in the next step  - master node WildFly configuration. 
  5. Configure WildFly on CustomerID Master Node. See instructions from  Two node master WildFly configuration on Windows - CustomerID
  6. Configure the singleton subsystem. See instructions from  Two node singleton subsystem configuration on Windows - CustomerID

Perform once for the whole Ubisecure CustomerID cluster (CID new Master Node):

  1. Perform database schema update depending on versions.
  2. When upgrading from CustomerID version 5.6.x or older update CustomerID LDAP entries to facilitate REST API OAuth2 authentication. See LDAP import instructions from SSO management web applications creation on Windows - CustomerID.

Perform once on CustomerID new Master Node (Node2) :

  1. Create JDBC data source to WildFly. See instructions from Two node JDBC data source creation on Windows - CustomerID
  2. Create a Mail Session configuration for WildFly. See instructions from  Two node mail session creation on Windows - CustomerID
  3. Configure logging for CustomerID. See instructions from  Two node logging configuration on Windows - CustomerID
  4. Register "customerid.home" system property to WildFly. See instructions from WildFly system property registration on Windows - CustomerID

Perform on Ubisecure SSO Node2:

  1. Upgrade PostgreSQL JDBC driver to SSO node(s). See instructions from PostgreSQL JDBC driver installation to SSO on Windows - CustomerID.
  2. Upgrade Ubisecure CustomerID SSO Adapter to SSO node(s). See instructions from CustomerID SSO Adapter extension upgrade

Perform on the CustomerID New Master Node (Node2) :

  1. Deploy the Worker Enterprise Archive, CustomerID Enterprise Archive to the WildFly domain. See instructions from Two node deployment to WildFly on Windows - CustomerID.

Perform on Ubisecure CustomerID new Master Node (Node2):

  1. Restart Ubisecure CustomerID. See instructions from  Restart on Windows - CustomerID.

Perform on Ubisecure SSO Node2:

  1. Restart Ubisecure SSO. See instructions from  Installation related SSO restart on Windows - CustomerID.

Traffic Switchover : After this step switch traffic to new Master node. 

Stop  UbiloginServer service from Ubisecure SSO Node1 and stop  wildlfy service from CID old master node (Node1).

Verify application to confirm you can access SSO Management and CustomerID (Basic flows like login works and no problems to load data on screen). 

Perform next steps to upgrade remaining CID node which will act as slave node after upgrade. 

Perform on Ubisecure SSO Node1:

  1. Unpack the distribution package. See instructions from Distribution package unpacking on Windows - CustomerID.
  2. Upgrade PostgreSQL JDBC driver to SSO node(s). See instructions from PostgreSQL JDBC driver installation to SSO on Windows - CustomerID.
  3. Upgrade Ubisecure CustomerID SSO Adapter to SSO node(s). See instructions from CustomerID SSO Adapter extension upgrade.

Note : After this step you can start Ubiloginserver service in SSO Node1 to restore SSO HA setup.

Perform on CustomerID New Slave Node (Node1):

  1. Check Java. See instructions from  Java check on Windows - CustomerID.
  2. Install WildFly. See instructions from Two node WildFly installation on Windows - CustomerID.
  3. Transfer the installation folder from master node. See instructions from Two node installation folder transfer on Windows - CustomerID.
  4. Prepare WildFly for domain configuration. See instructions from Two node WildFly preparation on Windows - CustomerID.
  5. Configure HTTPS, See Two node SSL configuration on Windows - CustomerID -  This generates certificate files and Keystore (default location: %WILDFLY_HOME%\domain\configuration\keystore.pfx) is registered to WildFly in the next step  - master node WildFly configuration. Note - If the key is not changed, then keystore.pfx can be just copied over from the master node and this step can be skipped. 
  6. Configure WildFly on CustomerID Slave Node. See instructions from Two node slave WildFly configuration on Windows - CustomerID

At least under slow connections the script (config-wildfly-domain-slave.cmd) may show error message "Failed to establish connection in 6044ms" when reloading configurations. If you see it in the end-of-the script it is a good idea to verify your slave node Wildfly is running properly and can access the master node.

      6. Restart Ubisecure CustomerID. See instructions from Restart on Windows - CustomerID

In case, Wildfly take a long time to stop and fails in Stopping state you need to perform step 'Fix Slave Node shutdown parameters' from Two node WildFly installation on Windows - CustomerID

Perform on Ubisecure SSO Node 1:

  1. Restart Ubisecure SSO. See instructions from Installation related SSO restart on Windows - CustomerID.

Finalize Upgrade : 

Kindly verify customerid_diag.log file to see if both CID nodes are active and logs are getting printed for both CID nodes in logs. 

Ensure to check memory allocation for tomcat and wildfly from the old environment and to apply that to any new environment:

To check memory allocated to Wildfly:

Goto C:\Program Files\wildfly-21.0.2.Final\domain\configuration\domain.xml - Check value of following in old environment and update in new environments.

<jvm name="default">

  <heap size="4G" max-size="4G"/>

</jvm>

To check memory allocated for tomcat:

Goto  C:\Program Files\Ubisecure\ubilogin-sso\tomcat\bin\setenv.bat - Check value of following file if present in old environment and update in new environments.

set "JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx1024m -XX:MaxPermSize=512m -server"

Ubisecure Privacy Policy & Cookie Statement