PAM Server inline patch cluster upgrade procedure
This section looks at how to inline upgrade a cluster deployment.
Prerequisites
Before starting your inline patch release cluster upgrade make sure the following prerequisites are met:
Prerequisite | Description |
---|---|
Hardware & Software | Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements. |
Ports | Ensure TCP ports 443 and 9002 are open as they are required for the client-side and PAM UI. TCP 2379 (etcd, i.e. key-value store), 2380 (etcd, i.e. key-value store), 2390 (cluster setup API), 2391 (cluster delegation API), 5432 (postgres, i.e. database) For a full list of ports used by the PAM Server click here. |
Software downloads | Click here to download the latest upgrade kit that has the same major and feature release version (the A and B in A.B.C). |
Recent backup | We recommend that you have a recent Osirium backup of the leader as well as VM Level backup or Snapshot of all nodes in the cluster (not just the node being upgraded). |
No active user connections | Ensure there are no active user connections on any nodes. |
Osirium Support account | Within the Admin Interface ensure the Osirium Support account has been enabled and a password set. |
Network time protocol (NTP) | The clocks of all nodes must be within two seconds drift of each other. The PAM Server OVA is preconfigured with public ntp.org NTP servers but these can be changed to your internal corporate servers (if required) by clicking here. |
Node identifiers | Nodes are identified by their address which can either be a fully qualified domain name (FQDN) (i.e. clusterleader.companyABC.net) or an IP Address. Cluster nodes communicate with each other using their assigned address, therefore the address must be unique to allow a node to resolve the address of other nodes. If you wish to use FQDNs then the names must resolve to a local address on the node before the installation can continue. All nodes must be able to resolve all FQDNs of all other nodes. |
Server not NATted | If you wish to run nodes on premise and in the cloud, they must be able to communicate with each other bidirectionally using their given IP address (for example through a VPN) and not be NATted. |
All nodes are v7.5.2 or above | All nodes in the cluster are v7.5.2 or above. |
All nodes on same major and feature release version | All nodes in the cluster are on the same major release version and feature release version. |
.local DNS domains | If you are using .local DNS domains, ensure matching records have been entered in the DNS Search Suffixes. |
Upgrade procedure
The diagram provides a high-level overview of the process for upgrading a specific node in the cluster.
Patch release upgrade procedure flowchart
Upgrade steps
-
Open a file transfer tool of your preference and copy the upgrade kit onto the node using the osirium_support account. You can first upgrade the leader or a follower node.
-
Open the PAM Server Console window, then press ALT + F2. The server login prompt appears.
Note
Alternatively, you could use an SSH connection to the PAM Server.
-
Enter osirium_support at the login prompt and press ENTER.
-
When prompted, enter the password of the osirium_support account and press ENTER.
-
Extract the upgrade kit copied to the server using the following command:
sudo bash Osirium_PAM_Server_vA.B.C_upgrade.bin
Where A.B.C is the version you are upgrading to.
-
Enter the osirium_support account password when prompted and press ENTER.
-
When the kit has been extracted, type the command specified on the screen and press ENTER.
-
Press ENTER when prompted to start the setup and configuration.
-
The EULA screen will be displayed. Press ENTER once you have read it.
-
Wait while the upgrade completes and the server is rebooted.
-
These steps should be repeated when upgrading other nodes in the cluster.
Info
If your upgrade fails please contact Osirium Support.
Post upgrade tasks
Once the patch release upgrade has successfully completed, logon to Osirium PAM and check the following before allowing users to reconnect:
Post upgrade task | Description |
---|---|
Backup of all nodes | Take an Osirium backup of the leader and a VM level backup of all nodes. See Backup & Recovery for further details. |
Check cluster health | Check the System Configuration -> Clustering tab of the Leader node to ensure all nodes are displayed and the Cluster status is shown as Healthy. See Clustering tab for further details. |