Sun Java Enterprise System 5 Update 1 Upgrade Guide for UNIX |
Chapter 16
Portal Server Secure Remote AccessThis chapter describes how to upgrade Portal Server Secure Remote Access to Java ES 5 Update 1 (Release 5U1): Sun Java System Portal Server Secure Remote Access 7.1U2. It covers both feature upgrades from previous Java ES release families and maintenance upgrades from Java ES.
The chapter provides an overview of upgrade considerations for the different upgrade paths supported by Release 5U1. The chapter covers upgrades on both the Solaris and Linux operating systems:
Overview of Portal Server Secure Remote Access UpgradesThis section describes the following general aspects of Portal Server Secure Remote Access that impact upgrading to Java ES 5 Update 1 (Release 5U1):
About Release 5U1 Portal Server Secure Remote Access
Portal Server Secure Remote Access (consisting of Gateway, Rewriter Proxy, Netlet Proxy components is closely coupled to Portal Server, though usually deployed on computers different from the one hosting Portal Server. Portal Server Secure Remote Access components use the same administrative infrastructure as Portal Server proper and interact with servlets and applets residing on the computer hosting Portal Server.
Release 5U1 Portal Server Secure Remote Access is a maintenance release that fixes bugs in Release 5U1 Portal Server Secure Remote Access. Release 5U1 Portal Server Secure Remote Access was a feature release, with many new enhancements and features with respect to Release 4.
Many of these changes were made in an Interim Feature Release (IFR) subsequent to Release 4. Release 5U1 therefore represents only minor feature changes with respect to the IFR. For information about the IFR enhancements and new features, see the Sun Java System Portal Server 7.1 Release Notes, http://docs.sun.com/doc/819-4986/6n4l3f365?a=view. In particular, the Release 4 command line administrative interface was replaced by the psadmin command.
Portal Server Secure Remote Access Upgrade Roadmap
Table 16-2 shows the supported Portal Server Secure Remote Access upgrade paths to Release 5U1. The table applies to both Solaris and Linux operating systems.
Portal Server Secure Remote Access Data
The following table shows the type of data that could be impacted by an upgrade of Portal Server Secure Remote Access software.
Portal Server Secure Remote Access Upgrade Strategy
Your strategy for upgrading Portal Server Secure Remote Access generally depends on the many considerations discussed in Chapter 1, "Planning for Upgrades": upgrade path, dependencies between Java ES components, selective upgrade versus upgrade all, multi-instance deployments, and so forth.
This section is to particularize that general discussion to Portal Server Secure Remote Access by presenting issues that might influence your Portal Server Secure Remote Access upgrade plan.
Compatibility Issues
Release 5 Portal Server Secure Remote Access introduced public interface changes in the psadmin command used to start and stop Gateway, Rewriter Proxy, and Netlet Proxy components. See the Sun Java System Portal Server 7.1 Command-Line Reference, http://docs.sun.com/doc/819-5030.
Individual Portal Server Secure Remote Access components (including the Gateway, the Rewriter Proxy, and the Netlet Proxy) are not backwardly compatible with earlier versions; all need to be synchronized, along with Portal Server itself, at Release 5U1. This requirement applies to Portal Server Secure Remote Access components that are local as well as distributed.
In addition, there is an incompatibility between the Directory Server data structures used by Release 5 and Release 5U1 Portal Server and earlier Portal Server versions. This incompatibility impacts a rolling upgrade of multiple Portal Server Secure Remote Access instances using the same Directory Server data.
Portal Server Secure Remote Access Dependencies
Portal Server Secure Remote Access is closely coupled with Portal Server, depending on software packaged with Portal Server and running on the same computer as Portal Server.
However, Portal Server Secure Remote Access also depends on other Java ES components. These dependencies can impact your procedure for upgrading and re-configuring Portal Server Secure Remote Access software. Changes in Portal Server Secure Remote Access interfaces or functions, for example, could require upgraded version of components upon which Portal Server Secure Remote Access depends. The need to upgrade such components depends upon the specific upgrade path.
Portal Server Secure Remote Access components have dependencies on the following Java ES components:
- Shared components. Portal Server Secure Remote Access components have dependencies on specific Java ES shared components (see Table 1-10).
- Portal Server Portal Server Secure Remote Access components have a mandatory dependency on Portal Server, which includes local components that are needed to support Portal Server Secure Remote Access functions.
- Access Manager (or Access Manager SDK). Portal Server Secure Remote Access components have a mandatory dependency on Access Manager to provide authentication and authorization services for end users, including single sign-on. If Access Manager is run on a remote computer, then Access Manager SDK must be available locally.
- Directory Server. Portal Server Secure Remote Access has a mandatory dependency on Directory Server, which stores user data. As a result, Portal Server Secure Remote Access upgrades might require extensions of directory schema.
Selective Upgrade Issues
While, in general, Java ES 5 Update 1 supports selective upgrade of all components on a computer, the fact that Portal Server Secure Remote Access is closely tied to Portal Server means that Portal Server Secure Remote Access must be upgraded if Portal Server is upgraded. Similarly, upgrade of Portal Server Secure Remote Access requires that Portal Server also be upgraded.
As a result, the upgrade of Portal Server Secure Remote Access is bound by the same restrictions as Portal Server (see Portal Server Selective Upgrade Issues): you can either upgrade Portal Server Secure Remote Access and all of its product component dependencies to Release 5U1, or upgrade only Portal Server Secure Remote Access and Portal Server to Release 5U1, leaving other product component dependencies at Release 4.
Dual Upgrade
Dual upgrades, in which both Portal Server Secure Remote Access and operating system are upgraded (as described in Dual Upgrades: Java ES and Operating System Software) can be performed using the in-place operating system upgrade approach:
- Back up existing Portal Server Secure Remote Access data.
See Portal Server Secure Remote Access Data for the location of essential data.
- Upgrade the operating system.
The upgrade leaves the existing file system in place.
- Upgrade to Release 5U1 Portal Server Secure Remote Access.
See the appropriate section of this chapter, depending on upgrade path.
Upgrading Portal Server Secure Remote Access from Java ES 5This section includes information about upgrading Portal Server Secure Remote Access from Java ES 5 (Release 5) to Java ES 5 Update 1 (Release 5U1). The section covers the following topics:
Introduction
When upgrading Release 5 Portal Server Secure Remote Access to Release 5U1, consider the following aspects of the upgrade process:
- General Upgrade Approach. The upgrade is achieved by patching Release 5 Portal Server Secure Remote Access and running a psupdate script.
- Upgrade Dependencies. Portal Server Secure Remote Access has dependencies on a number of Java ES shared components (see Table 1-10), none of which need to be upgraded when you perform a maintenance upgrade of Portal Server Secure Remote Access.
- Backward Compatibility. Release 5UI Portal Server Secure Remote Access is backwardly compatible with the Release 5 version.
- Upgrade Rollback. A rollback of the Release 5U1 upgrade is achieved on Solaris OS by backing out the patch upgrade, but on Linux rollback can be achieved only if you have manually backed up the Release 5 image and then revert back to that image.
- Platform Issues. The general approach for upgrading Portal Server Secure Remote Access is the same on both Solaris and Linux operating systems.
Release 5 Portal Server Secure Remote Access Upgrade
This section describes how to perform an upgrade of Portal Server Secure Remote Access from Java ES Release 5 to Release 5U1 on both the Solaris and Linux platform. Where a topic depends on platform-specific procedures, the topic will indicate the operating system to which it applies. The section covers the following topics:
Pre-Upgrade Tasks
Before you upgrade Portal Server Secure Remote Access software you should perform the following tasks:
Verify Current Version Information
You can verify the current version of Portal Server Secure Remote Access using the following command:
PortalServer7-base/bin/psadmin --version --adminuser admin_ID
-f adminpasswordfile.
Table 16-4 Portal Server Secure Remote Access Version Verification Outputs
Java ES Release
Portal Server Version Number
Release 2
6.3
Release 3
6.3.1
Release 4
6.3.11
IFR Release
7.0
Release 5
7.1
Release 5U1
7.1U2
1The only difference between Release 3 and Release 4 is a patch. You can check for the Release 4 patches using the Solaris showrev -p | grep patch_ID command and the Linux rpm -qa sun-portal-core command and comparing the versions to those listed in the Java ES Release 4 Upgrade Guide.
Upgrade Portal Server Secure Remote Access Dependencies
It is generally recommended that all Java ES components on a computer system (and in a computing environment) be upgraded to Release 5U1. Release 5U1 Portal Server Secure Remote Access has no hard upgrade dependencies on shared components. Upgrade of shared components is therefore optional. However, Release 5U1 Portal Server Secure Remote Access has a hard upgrade dependency on Portal Server, which must therefore be upgraded to Release 5U1 before upgrading Portal Server Secure Remote Access.
Back Up Release 5 Portal Server Secure Remote Access Configuration Information
Upgrade of Portal Server Secure Remote Access to Release 5U1 does not require the reconfiguration of Portal Server Secure Remote Access software. Therefore backup of configuration information is optional.
Obtain Required Configuration Information and Passwords
The psupdate script used in performing the upgrade of Release 5 Portal Server Secure Remote Access requires you to input the following information required for Directory Server access:
Be sure to assemble the relevant information before beginning the Portal Server Secure Remote Access upgrade.
Upgrading Release 5 Portal Server Secure Remote Access (Solaris)
This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access, followed by a description of the procedure itself.
Upgrade Considerations (Solaris)
The upgrade of Portal Server Secure Remote Access software to Java ES Release 5U1 takes into account the following considerations:
- In a deployment architecture in which there are multiple instances of Portal Server running on a single computer (all corresponding to the same installed Portal Server image), you only have to upgrade the Portal Server image once.
- Portal Server software consists of subcomponents that perform a number of different roles, but are all upgraded together:
- Portal-base. Includes administrative Mbeans and accompanying administrative software, Logging Framework, and monitoring-related software, all of which are packaged together.
- Portal Server web applications. Consists of a number of web applications that are deployed in a web container. At least some of these web applications require support from Access Manager and, in turn, Directory Server.
- Secure Remote Access core. Software that supports Portal Server Secure Remote Access: some servlets and applets embedded in jar files and some supporting files that cannot be deployed in a web container.
- The Release 5U1 Portal Server upgrade patches for Solaris OS are shown in the following table:
Table 16-5 Patches1 to Upgrade Portal Server Secure Remote Access on Solaris
Description
Patch ID: SPARC
Solaris 9 & 10
Patch ID: X86
Solaris 9 & 10
Portal Server core
124301-07
124302-07
Portal Server localization
(If Release 5 Portal Server had been freshly installed or upgraded from Release 2, 3, or 4 Portal Server)125301-04
125301-04
Portal Server localization
(If Release 5 Portal Server had been upgraded from Portal Server IFR 7.0)123254-04
124590-04
1Patch revision numbers are the minimum required for upgrade to Release 5U1. If newer revisions become available, use the newer ones instead of those shown in the table.
- The psupdate script, needed to complete the upgrade of Portal Server Secure Remote Access requires you to input information required for Directory Server access (see Obtain Required Configuration Information and Passwords).
Upgrade Procedure (Solaris)
The procedure documented below applies to Portal Server Secure Remote Access instances residing locally on the computer where the upgrade is taking place.
- Log in as root or become superuser.
su -
- Make sure you have upgraded any Java ES components upon which Portal Server Secure Remote Access has hard upgrade dependencies (see Upgrade Portal Server Secure Remote Access Dependencies).
- Stop any instances of the Portal Server Secure Remote Access Gateway, Rewriter Proxy, or Netlet Proxy that might be running locally.
PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type gatewayPortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type nlproxyPortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type rwproxyCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555
- Obtain the latest Portal Server Secure Remote Access upgrade patches, based on Table 16-5.
To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.
- Apply the appropriate Portal Server Secure Remote Access core and, if needed, localization patches in Table 16-5, in that order.
patchadd /workingDirectory/patch_ID
Be sure to consult the README.patch_ID file for additional patch installation instructions.
- Confirm that the patch upgrades were successful:
showrev -p | grep patch_ID
The output should return the versions of patch IDs applied in Step 5.
- Run the psupdate script.
cd PortalServer7-base/bin
./psupdate -aIf the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.
The script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).
Note
Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.
- Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 3.
PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type gatewayPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type nlproxyPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type rwproxyUpgrading Release 5 Portal Server Secure Remote Access (Linux)
This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access, followed by a description of the procedure itself.
Upgrade Considerations (Linux)
The upgrade of Portal Server Secure Remote Access software to Java ES Release 5U1 on the Linux platform takes into account the same considerations as on the Solaris platform (see Upgrade Considerations (Solaris)), except that the Linux Release 5U1 upgrade patches differ from the Solaris patches.
The Release 5U1 Portal Server Secure Remote Access upgrade patches for Linux OS are shown in the following table:
Table 16-6 Patches1 to Upgrade Portal Server Secure Remote Access on Linux
Description
Patch ID and RPM names
Portal Server core
124303-07
- sun-portal-admin-7.1-2.07.i386.rpm
- sun-portal-base-7.1-2.07.i386.rpm
- sun-portal-portlets-7.1-2.07.i386.rpm
- sun-portal-search-7.1-2.07.i386.rpm
- sun-portal-sracommon-7.1-2.07.i386.rpm
- sun-portal-sracore-7.1-2.07.i386.rpm
- sun-portal-sragateway-7.1-2.07.i386.rpm
- sun-portal-sranetletproxy-7.1-2.07.i386.rpm
- sun-portal-srarewriterproxy-7.1-2.07.i386.rpm
Portal Server localization
125302-04
1Patch revision numbers are the minimum required for upgrade to Release 5U1. If newer revisions become available, use the newer ones instead of those shown in the table.
Upgrade Procedure (Linux)
The procedure documented below applies to Portal Server Secure Remote Access instances residing locally on the computer where the upgrade is taking place.
Caution
An upgrade from Release 5 to Release 5U1 on Linux cannot be rolled back. Make sure you back up your system before performing the following procedure.
- Log in as root or become superuser.
su -
- Make sure you have upgraded any Java ES components upon which Portal Server Secure Remote Access has hard upgrade dependencies (see Upgrade Portal Server Secure Remote Access Dependencies).
- Stop any instances of the Portal Server Secure Remote Access Gateway, Rewriter Proxy, or Netlet Proxy that might be running locally.
PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type gatewayPortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type nlproxyPortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type rwproxyCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555
- Obtain the latest Portal Server Secure Remote Access upgrade patches, based on Table 16-6.
To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.
- Apply the core and, if needed, localization patch for Portal Server Secure Remote Access, in that order.
For the core patch:
cd /workingDirectory/patch_ID
./updateThe update script installs the RPM's.
For the localization patch, install each RPM using the following command:
rpm -Fvh patchName-version.rpm
Be sure to consult the README.patch_ID file for additional patch installation instructions.
- Confirm that the patch upgrades were successful.
rpm -qa | grep sun-portal
The new version numbers of the RPMs should be returned.
- Run the psupdate script.
cd PortalServer7-base/bin
./psupdate -aThe script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).
Note
Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.
- Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 3.
PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type gatewayPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type nlproxyPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type rwproxyVerifying the Upgrade
You can verify the upgrade of Portal Server Secure Remote Access to Release 5U1 using the following command:
See Table 16-4 for output values.
Post-Upgrade Tasks
There are no post-upgrade tasks beyond the steps described in Upgrade Procedure (Solaris) and Upgrade Procedure (Linux).
Rolling Back the Upgrade (Solaris)
This section describes the Release 5U1 upgrade rollback procedure for Portal Server Secure Remote Access on the Solaris platform.
PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type gatewayPortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type nlproxyPortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile --name sraProfileName --type rwproxyCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555
- Remove the appropriate Portal Server Secure Remote Access core and, if needed, localization patches in Table 16-5, in that order.
patchrm patch_ID
- Run the psupdate script for the appropriate Portal Server Secure Remote Access core patch.
cd PortalServer7Data-base/psupdate.patch_ID
./psupdate -rIf the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.
- Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 2.
PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type gatewayPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type nlproxyPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type rwproxyMultiple Instance Upgrades
In some deployment architectures Portal Server Secure Remote Access is deployed on multiple computer systems to provide for scalability and to improve availability. For example, you might have Portal Server Secure Remote Access instances running on multiple computers with a load balancer to distribute the load.
In the case of load-balanced instances of Portal Server Secure Remote Access, you can perform a rolling upgrade in which you upgrade the Portal Server Secure Remote Access instances sequentially without interrupting service. The rolling upgrade is achieved by disabling a Portal Server Secure Remote Access instance in the load balancer, performing the upgrade as described in Release 5 Portal Server Secure Remote Access Upgrade, and then enabling the instance in the load balancer. Perform this procedure for each Portal Server Secure Remote Access instance.
Upgrading Portal Server Secure Remote Access from Java ES Release 4This section includes information about upgrading Portal Server Secure Remote Access from Java ES 2005Q4 (Release 4) to Java ES 5 Update 1 (Release 5U1).
The section covers the following topics:
Introduction
When upgrading Java ES Release 4 Portal Server Secure Remote Access to Release 5U1, consider the following aspects of the upgrade process:
- General Upgrade Approach. The upgrade is performed using an upgrade script, psupgrade. The script removes old packages, installs new packages, and migrates configuration data when necessary.
- Upgrade Dependencies. Portal Server Secure Remote Access has dependencies on a number of Java ES shared components (see Table 1-10). While Release 5U1 Portal Server Secure Remote Access is compatible with the Release 4 version of these shared components, upgrade of shared components is nevertheless necessary because the psupgrade script used to upgrade Portal Server Secure Remote Access requires the Release 5U1 version of the ANT shared component.
However, Release 5U1 Portal Server Secure Remote Access has a hard upgrade dependency only on Portal Server. Release 5U1 Portal Server Secure Remote Access also has soft upgrade dependencies upon Access Manager and Directory Server, as described in Portal Server Secure Remote Access Dependencies.
Two approaches to upgrading these product component dependencies are supported (see Selective Upgrade Issues):
The approach taken for Portal Server Secure Remote Access must be the same as the approach taken by Portal Server.
- Backward Compatibility. Release 5U1 Portal Server Secure Remote Access is backwardly compatible with the Release 4 version.
- Upgrade Rollback. Rollback of the Release 5U1 upgrade of Portal Server Secure Remote Access to Release 4 consists of restoring Release 4 packages and restoring Release 4 Directory data.
- Platform Issues. The general approach for upgrading Portal Server Secure Remote Access is the same on both Solaris and Linux operating systems, however Release 5U1 Portal Server Secure Remote Access is installed in a new path on Solaris OS, but in the same Release 4 path on Linux OS.
Release 4 Portal Server Secure Remote Access Upgrade
This section describes how to perform an upgrade of Portal Server Secure Remote Access from Java ES Release 4 to Release 5U1 on both the Solaris and Linux platform. Where a topic depends on platform-specific procedures, the topic will indicate the operating system to which it applies. The section covers the following topics:
Release 4 Pre-Upgrade Tasks
Before you upgrade Portal Server Secure Remote Access you should perform the following tasks:
Verify Current Version Information
You can verify the current version of Portal Server Secure Remote Access using the following command:
PortalServer6-base/bin/version
Table 16-7 Portal Server Secure Remote Access Version Verification Outputs
Java ES Release
Portal Server Secure Remote Access Version Number
Release 2
6.3
Release 3
6.3.1
Release 4
6.3.11
IFR Release
7.0
Release 5
7.1
1The only difference between Release 3 and Release 4 is a patch. You can check for the Release 4 patches using the Solaris showrev -p | grep patch_ID command and the Linux rpm -qa sun-portal-core command and comparing the versions to those listed in the Java ES Release 4 Upgrade Guide.
Upgrade Portal Server Secure Remote Access Dependencies
It is generally recommended that all Java ES components on a computer system (and in a computing environment) be upgraded to Release 5U1.
While Release 5U1 Portal Server Secure Remote Access is compatible with the Release 4 version of Java ES shared components, upgrade of shared components is nevertheless necessary because the psupgrade script used to upgrade Portal Server Secure Remote Access requires the Release 5U1 version of the ANT shared component.
In addition, Portal Server Secure Remote Access requires the upgrade of Portal Server. However it does not require upgrading other Java ES Release 4 product components upon which it depends.
In fact, your dependency upgrade approach is the same as that taken for Portal Server: if any of the dependencies are to be upgraded to Release 5U1, they all need to be upgraded (see Selective Upgrade Issues). However, because of the Portal Server Secure Remote Access dependency on Portal Server, the upgrade of Portal Server takes care of Portal Server Secure Remote Access dependencies, except, for shared components.
When you upgrade Portal Server Secure Remote Access dependencies to Release 5U1, the dependencies should be upgraded in the order below (skipping any that might already have been upgraded), before you upgrade Portal Server Secure Remote Access.
- Shared Components. Instructions for synchronizing Java ES shared components to Release 5U1 are provided in Upgrading Java ES Shared Components.
- Portal Server. Instructions for upgrading Portal Server are provided in Chapter 15, "Portal Server".
Back Up Release 4 Portal Server Secure Remote Access Data
Upgrade of Portal Server Secure Remote Access to Release 5U1 does not require the reconfiguration of Portal Server Secure Remote Access software. However, as a safety measure the psupgrade script will back up the following directories where configuration information is stored:
Remove Configuration for Load Balancer
In cases in which Portal Server Secure Remote Access instances are accessed through a load balancer, the value of the LOAD_BALANCER_URL property used to configure such access can interfere with Portal Server Secure Remote Access upgrade. This setting must therefore be modified before performing upgrade of any Portal Server Secure Remote Access components. To modify the LOAD_BALANCER_URL property setting:
- Note which of the following configuration files are locally resident (some of which support Portal Server components that might be locally installed):
PortalServer6Config-base/PSConfig.properties (if Portal Server is local)
PortalServer6Config-base/GWConfig.properties (if Gateway is local)
PortalServer6Config-base/RWPConfig.properties (if Rewriter Proxy is local)
PortalServer6Config-base/NLPConfig.properties (if Netlet Proxy is local)- Record the current value of the LOAD_BALANCER_URL property in these configuration files.
- Modify the value of the LOAD_BALANCER_URL property to point to the corresponding Portal Server Secure Remote Access instance being upgraded:
LOAD_BALANCER_URL=hostName:port/portal
- Make sure that the following configuration properties, if present, reference the relevant Portal Server Secure Remote Access component (and not the load balancer), as shown below:
In PortalServer6Config-base/platform.conf.default file:
gateway.host=Gateway_hostName
In PortalServer6Config-base/GWConfig.properties and
PortalServer6Config-base/GWConfig-default.properties files:GW_HOST=Gateway_hostName
GW_IP=Gateway_hostIPIn PortalServer6Config-base/RWPConfig.properties and
PortalServer6Config-base/RWPConfig-default.properties files:RWP_HOST=RewriterProxy_hostName
RWP_IP=RewriterProxy_hostIPIn PortalServer6Config-base/NLPConfig.properties and
PortalServer6Config-base/NLPConfig-default.properties files:NLP_HOST=NetLetProxy_hostName
NLP_IP=NetLetProxy_hostIPRemove Configuration for Directory Proxy Server
In cases in which Portal Server Secure Remote Access instances access Directory Server through a Directory Proxy Server instance, the Directory Proxy Server host and port number settings must be modified before performing the upgrade and then restored to their original values after upgrade is complete.
To modify the appropriate settings:
- Record the current value of the com.iplanet.am.directory.host and com.iplanet.am.directory.port properties in the following Access Manager configuration file:
AccessManagerConfig-base/config/AMConfig.properties
- Modify the values of these properties to point directly to the relevant Directory Server instance.
Obtain Required Configuration Information and Passwords
Depending on the upgrade scenario, the psupgrade script requires you to input information about the following admin accounts:
Upgrading Release 4 Portal Server Secure Remote Access (Solaris)
This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.
Upgrade Considerations (Solaris)
The upgrade of Portal Server Secure Remote Access software to Release 5U1 takes into account the following considerations:
- Portal Server Secure Remote Access software consists of subcomponents that perform a number of different roles, but must all be upgraded to Release 5U1 together:
- Portal-base. Includes administrative Mbeans and accompanying administrative software, Logging Framework, and monitoring-related software, all of which are packaged into the SUNWportal-base package.
- Secure Remote Access applications. Include the Gateway, Rewriter Proxy, and Netlet Proxy. These applications are normally deployed on one or more computers different from the computer hosting Portal Server proper. Secure Remote Access applications do not require a web container.
- When the Gateway, Rewriter Proxy and Netlet Proxy are not deployed on the same computer, then the Rewriter Proxy and Netlet Proxy should be upgraded before the Gateway is upgraded.
- All Portal Server Secure Remote Access subcomponents correspond to the same installed Portal Server Secure Remote Access image and, if present on the computer being upgraded, are upgraded at the same time.
- The psupgrade script automatically detects which Portal Server Secure Remote Access subcomponents are installed on the host computer and upgrades those components.
Upgrade Procedure (Solaris)
The procedure documented below applies to t he Portal Server Secure Remote Access component on the computer where the upgrade is taking place.
- Log in as root or become superuser.
su -
- If you have not already done so, synchronize all shared components to Release 5U1.
Instructions are provided in Chapter 2, "Upgrading Java ES Shared Components".
This step is a necessary prerequisite to running the psupgrade script in Step 8.
- Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.
PortalServer6-base/bin gateway stop
PortalServer6-base/bin netletd stop
PortalServer6-base/bin rwproxyd stopCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555- Make sure Access Manager is running.
- Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script. For example,
export ANT_HOME=/usr/sfw
export JAVA_HOME=/usr/jdk/entsys-j2se- Make sure you have adequate swap space on your computer.
As a guideline, the swap space should be set to twice the amount of physical ram.
- If the Portal Server Secure Remote Access component you are upgrading is remote from Portal Server, copy the dpadmin executable from the computer hosting Portal Server to the computer hosting the Portal Server Secure Remote Access component.
The dpadmin executable can be found in the following location:
PortalServer7-base/SUNWps.bak/bin/dpadmin, if Portal Server has been upgraded.
PortalServer6-base/bin/dpadmin, if Portal Server has not yet been upgraded.
- Run the psupgrade script from the Java ES 5 Update 1 distribution.
cd os_arch/Products/portal_svr/Tools/upgrade/bin
./psupgradewhere os_arch matches your platform, such as Solaris_sparc.
The psupgrade script invokes the Java ES installer to install new packages and requests the following information:
- Start instances of the Gateway, Rewriter Proxy, or Netlet Proxy that were stopped in Step 3.
PortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type gatewayPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type nlproxyPortalServer7-base/bin/psadmin start-sra-instance -u amadminUser
-f passwordFile --name default --type rwproxyIf the above commands fail, you must first register (enable) Portal Server Secure Remote Access components:
PortalServer7-base/bin/psadmin provision-sra -u amadminUser
-f passwordFile -p Portal_ID --gateway-profile profileName --enable- Apply the latest Portal Server Secure Remote Access maintenance patches, if any.
Use the procedure documented in Upgrading Release 5 Portal Server Secure Remote Access (Solaris), except apply the procedure to upgrading from Release 5U1 instead of from Release 5.
Upgrading Release 4 Portal Server Secure Remote Access (Linux)
This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.
Upgrade Considerations (Linux)
The upgrade of Portal Server Secure Remote Access software to Release 5U1 on the Linux platform takes into account the same considerations as on the Solaris platform (see Upgrade Considerations (Solaris)), except that Release 5U1 Portal Server Secure Remote Access is installed in the same path as Release 4 on Linux OS. As a result, the psupgrade script removes the previous RPMs when installing the Release 5U1 RPMs.
Upgrade Procedure (Linux)
The procedure documented below applies to Portal Server Secure Remote Access on the computer where the upgrade is taking place.
Caution
An upgrade from Release 4 to Release 5U1 on Linux cannot be rolled back. Make sure you back up your system before performing the following procedure.
- Log in as root or become superuser.
su -
- If you have not already done so, synchronize all shared components to Release 5U1.
Instructions are provided in Chapter 2, "Upgrading Java ES Shared Components".
This step is a necessary prerequisite to running the psupgrade script in Step 8.
- Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.
PortalServer6-base/bin gateway stop
PortalServer6-base/bin netletd stop
PortalServer6-base/bin rwproxyd stopCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555- Make sure Access Manager is running.
- Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script. For example,
export ANT_HOME=/opt/sun
export JAVA_HOME=/usr/jdk/entsys-j2se- Make sure you have adequate swap space on your computer.
As a guideline, the swap space should be set to twice the amount of physical ram.
- If the Portal Server Secure Remote Access component you are upgrading is remote from Portal Server, copy the dpadmin executable from the computer hosting Portal Server to the computer hosting the Portal Server Secure Remote Access component.
The dpadmin executable can be found in the following location:
PortalServer7-base/SUNWps.bak/bin/dpadmin, if Portal Server has been upgraded.
PortalServer6-base/bin/dpadmin, if Portal Server has not yet been upgraded.
- Run the psupgrade script from the Java ES 5 Update 1 distribution.
cd os_arch/Products/portal_svr/Tools/upgrade/bin
./psupgradewhere os_arch matches your platform, such as Solaris_sparc.
The psupgrade script invokes the Java ES installer to install new packages and requests the following information:
- Apply the latest Portal Server Secure Remote Access maintenance patches, if any.
Use the procedure documented in Upgrading Release 5 Portal Server Secure Remote Access (Solaris), except apply the procedure to upgrading from Release 5U1 instead of from Release 5.
Verifying the Upgrade
If the Portal Server Secure Remote Access component you are upgrading is remote from Portal Server, you can verify the installation of Release 5U1 packages by checking the version information in the following file:
However, if the Portal Server Secure Remote Access component you are upgrading is resides on the same computer as Portal Server, you can verify the upgrade using the following command:
See Table 16-7 for output values.
You can also check the upgrade log files at:
/var/sadm/install/logs/Sun_Java_System_Portal_Server_upgrade.log
Release 4 Post-Upgrade Tasks
There are no post-upgrade tasks required when upgrading Portal Server Secure Remote Access to Release 5U1, except for the following situations:
Restore Configuration for Load Balancer
If Portal Server Secure Remote Access instances have been accessed through a load balancer, the following steps need to be performed after upgrade to restore the load balancer configuration:
- Set the following parameters in the PortalServer7Config-base/platform.conf.default file:
gateway.virtualhost=loadBalancer_hostName loadBalancer_hostIP
gateway.external.ip=loadBalancer_hostIP
gateway.dsame.agent=http\://loadBalancer_hostName\:
80/portal/RemoteConfigServlet- Set the following parameter in the PortalServer7Config-base/GWConfig-default.properties file.
gateway.ipaddress=Gateway_hostIP
- Set the parameters corresponding to Step 1 and Step 2 for Rewriter Proxy and Netlet Proxy, when these instances are deployed on computers remote from the Portal Server host.
- Restart Portal Server and the load-balanced Portal Server Secure Remote Access instances.
Restore Configuration for Directory Proxy Server
If Portal Server Secure Remote Access instances have accessed Directory Server through a Directory Proxy Server instance, the Directory Proxy Server host and port number settings must be restored to their original values before upgrade. See Remove Configuration for Directory Proxy Server, in which the values of these properties were modified in preparation for upgrade.
Rolling Back the Upgrade (Solaris)
This section describes considerations that impact the upgrade rollback procedure for Portal Server Secure Remote Access followed by the procedure itself.
Rollback Considerations (Solaris)
The procedure for rolling back the upgrade to Release 5U1 consists of reverting back to the Release 4 installation at PortalServer6-base.
Rollback Procedure (Solaris)
- Log in as root or become superuser.
su -
- If Access Manager has been upgraded to Release 5U1, roll back Access Manager to Release 4.
The rollback of Portal Server to Release 4 will not succeed if Access Manager remains at Release 5U1.
- Restore Directory Server to the state it was in before upgrade.
Use the Directory Server backup/restore command line and GUI utilities. See the Directory Server Backup and Restore chapter of the Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide, http://docs.sun.com/doc/819-0995.
- Remove the Release 5U1 Portal Server Secure Remote Access packages.
- Restore the PortalServer6-base and PortalServer6Config-base directories to their original locations.
During upgrade they were move to directories with a .bak extension.
Rolling Back the Upgrade (Linux)
Because the upgrade to Release 5U1 requires the removal of the Release 4 binaries, it is very difficult to roll back the upgrade on Linux.
One approach to rollback would be to create a parallel system before upgrading and testing that system before attempting an upgrade. If you need to roll back the upgrade, you can revert back to that parallel system.
Multiple Instance Upgrades
In some deployment architectures Portal Server Secure Remote Access components, such as Gateway, are deployed on multiple computer systems to provide for security and scalability and to improve availability. For example, you might have Gateway components running on multiple computers with a load balancer to distribute the load.
In the case of load-balanced instances of Gateway, you can perform a rolling upgrade in which you upgrade Gateway instances sequentially without interrupting service, as described below. The procedure takes into account the following constraint: individual Portal Server Secure Remote Access components are not backwardly compatible with earlier versions; all need to be synchronized, along with Portal Server itself, at Java ES 5 Update 1. However during a rolling upgrade Release 4 Portal Server Secure Remote Access instances can remain running while Portal Server instances are being upgraded.
The deployment architecture shown in Figure 16-1 will be used to illustrate the rolling upgrade procedure.
In this architecture, multiple Portal Server instances are accessed by way of Portal Server Secure Remote Access Gateway instances. Both the Portal Server instances and the Gateway instances are load balanced to provide for availability and scalability.
The Portal Server instances, in turn, access Access Manager instances through a load balancer. The Access Manager and Access Manager SDK instances access a directory that is set up for multi-master replication (MMR). While other Directory Server replication schemes are possible, MMR is representative of highly available and scalable directory services.
In Figure 16-1, the multiple instances of Gateway, Portal Server, Access Manager, and Directory Server are grouped to facilitate explanation of the upgrade procedure. Portal Server 2, for example, is representative of the second through nth instances of Portal Server.
Figure 16-1 Example Deployment Architecture for Multiple Portal Server Instances
Rolling upgrade of Release 4 Gateway (and Portal Server) to Release 5U1 is performed as follows:
- If you are upgrading Release 4 Access Manager to Release 5U1, perform a rolling upgrade as documented in Multiple Instance Upgrades. Note that in upgrading Release 4 Gateway or Release 4 Portal Server to Release 5U1, you are not required to upgrade Release 4 Access Manager to Release 5U1.
- Modify the configuration of Portal Server and Gateway instances as follows.
- Configure Portal Server 2 to point to Directory Server 2 rather than Directory Server 1.
For brevity, in this and succeeding steps, "Portal Server 2" will mean Portal Server 2 through Portal Server n.
- Configure Gateway 2 to point to Directory Server 2 rather than Directory Server 1.
For brevity, in this and succeeding steps, "Gateway 2" will mean Gateway 2 through Gateway n.
- Upgrade Portal Server 1.
- Disable Portal Server 1 in Load Balancer B.
Requests will no longer be routed to Portal Server 1.
- Disable Directory Server MMR.
Directory Server 2 will no longer by synchronized with Directory Server 1.
- Upgrade Access Manager SDK 1B to Release 5U1.
Use the procedure in Release 4 Access Manager SDK-only Upgrades.
- Upgrade Portal Server 1 to Release 5U1.
Perform the upgrade of the Portal Server instance as described in Release 4 Portal Server Secure Remote Access Upgrade, noting the following:
- Make special note of the following pre-upgrade task: Remove Configuration for Load Balancer.
- Confirm, before performing the upgrade, that the value of am.encryption.pwd in the AccessManagerConfig-base/config/AMConfig.properties file is the same for the local Access Manager SDK as for its associated remote Access Manager instance.
- Make sure that you provide a non-null, unique value for the Portal Instance ID parameter requested by psupgrade for each Portal Server instance that you are upgrading.
Portal Server data for Directory Server 1 is updated to Release 5U1.
- Upgrade Gateway 1.
- Disable Gateway 1 in Load Balancer C.
Requests will no longer be routed to Gateway 1.
- Upgrade Access Manager SDK 1A to Release 5U1.
Use the procedure in Release 4 Access Manager SDK-only Upgrades.
- Upgrade Gateway 1 to Release 5U1.
Perform the upgrade of Gateway as described in Release 4 Portal Server Secure Remote Access Upgrade, noting the following:
- Make special note of the following pre-upgrade task: Remove Configuration for Load Balancer.
- Confirm, before performing the upgrade, that the value of am.encryption.pwd in the AccessManagerConfig-base/config/AMConfig.properties file is the same for the local Access Manager SDK as for its associated remote Access Manager instance.
- Enable the previously disabled Portal Server 1 and Gateway 1 in their respective load balancers, as follows:
- Disable Portal Server 2 and Gateway 2 in their respective load balancers, as follows:
- Upgrade Portal Server 2.
- Restore the configuration of Portal Server 2 to point to Directory Server 1.
- Upgrade Access Manager SDK 2B to Release 5U1.
Use the procedure in Release 4 Access Manager SDK-only Upgrades.
- Upgrade Portal Server 2 to Release 5U1.
Use the same procedure as in Upgrade Portal Server 1, Step d.
- Enable Portal Server 2 in Load Balancer B.
Requests will be once again routed to Portal Server 2.
- Upgrade Gateway 2.
- Restore the configuration of Gateway 2 to point to Directory Server 1.
- Upgrade Access Manager SDK 2A to Release 5U1.
Use the procedure in Release 4 Access Manager SDK-only Upgrades.
- Upgrade Gateway 2 to Release 5U1.
Use the same procedure as in Upgrade Gateway 1, Step c.
- Enable Gateway 2 in Load Balancer C.
Requests will be once again routed to Gateway 2.
- Enable Directory Server MMR.
The Portal Server data for Directory Server 2, is now synchronized with Directory Server 1.
Upgrading Portal Server Secure Remote Access from Java ES Release 3The procedure for upgrading Java ES 2005Q1 (Release 3) Portal Server Secure Remote Access to Release 5U1 is the same as that for upgrading Release 4 Portal Server Secure Remote Access to Release 5U1, with the following exceptions:
Upgrading Portal Server Secure Remote Access Dependencies
However, when upgrading Portal Server Secure Remote Access from Release 3, you have to upgrade Access Manager to Release 4 or to Release 5U1 before upgrading Portal Server Secure Remote Access, and you cannot leave any other dependencies at Release 3, nor upgrade some dependencies to Release 4 and others to Release 5U1. For more information, see Selective Upgrade Issues.
The following dependencies need to be upgraded in the order shown below.
- Shared Components. Instructions for upgrading Java ES shared components to Release 5U1 are provided in Chapter 2, "Upgrading Java ES Shared Components".
- Directory Server. Instructions for upgrading Directory Server to Release 5U1 are provided in Upgrading Directory Server from Java ES Release 2.
- Access Manager (Access Manager SDK). Instructions for upgrading Access Manager to Release 5U1 are provided in Chapter 14, "Access Manager".
- Portal Server. Instructions for upgrading Portal Server are provided in Chapter 15, "Portal Server".
Upgrading Release 3 Portal Server Secure Remote Access
To upgrade Release 3 Portal Server Secure Remote Access to Release 5U1, use the instructions in Upgrading Portal Server Secure Remote Access from Java ES Release 4, except substitute Release 3 wherever Release 4 is referenced.
Multiple Instance Upgrades
In some deployment architectures Portal Server Secure Remote Access components, such as Gateway, are deployed on multiple computer systems to provide for security and scalability and to improve availability. For example, you might have Gateway components running on multiple computers with a load balancer to distribute the load.
When performing multiple instance upgrades from Release 3 Portal Server Secure Remote Access, use the procedure documented in Multiple Instance Upgrades, except replace "Release 4" with "Release 3" wherever Release 4 is referenced. You must also upgrade Access Manager, as described in Step 1.
Upgrading Portal Server Secure Remote Access from Java ES Release 2Direct upgrade of Java ES 2004Q2 (Release 2) Portal Server Secure Remote Access to Release 5U1 is not supported.
However you can perform this upgrade by first upgrading Release 2 Portal Server Secure Remote Access to Release 5 (as documented in the Java Enterprise System 5 Update 1 Upgrade Guide for UNIX, http://docs.sun.com/doc/819-6553:) and then upgrading Release 5 Portal Server Secure Remote Access to Release 5U1 (as documented in Upgrading Portal Server Secure Remote Access from Java ES 5).
Upgrading Portal Server Secure Remote Access from the Interim Feature Release 7.0This section includes information about upgrading Portal Server Secure Remote Access from the Interim Feature Release (IFR) 7.0 2005Q4 to Java ES 5 Update 1 (Release 5U1).
The section covers the following topics:
Introduction
When upgrading Portal Server Secure Remote Access IFR 7.0 to Release 5U1, consider the following aspects of the upgrade process:
- The upgrade of Portal Server IFR 7.0 to Release 5U1 Portal Server involves the application of two sets of patches (a Portal Server 7.1 patch and a Release 5U1 patch) and running of two scripts (psupgrade and psupdate).
- The psupgrade script, used for upgrading Portal Server IFR to Release 5U1, does not install new packages, as in the case of upgrade from Release 4. Instead, the upgrade procedure will require you to apply the following Portal Server 7.1 patches:
Table 16-8 Patches1 to Upgrade Portal Server Secure Remote Access IFR to Release 5U1
Description
Patch ID: Solaris 9 & 10
Patch ID: Linux
Portal Server 7.1 core
121465-28 (SPARC)
121466-28 (x86)
121467-28
Portal Server 7.1
localization123254-04 (SPARC)
124590-04 (x86)
125302-04
1Patch revision numbers are the minimum required for upgrade to Java ES Release 5U1. If newer revisions become available, use the newer ones instead of those shown in the table.
Portal Server Secure Remote Access IFR 7.0 Upgrade
This section describes how to perform an upgrade of Portal Server Secure Remote Access from the IFR to Release 5U1 on both the Solaris and Linux platform. Where a topic depends on platform-specific procedures, the topic will indicate the operating system to which it applies. The section covers the following topics:
Pre-Upgrade Tasks
Pre-upgrade tasks for the IFR upgrade are the same as for the Release 4 upgrade (see Release 4 Pre-Upgrade Tasks), except for the section, Obtain Required Configuration Information and Passwords:
Information is requested by both the psupgrade and psupdate scripts that are used in upgrading from Portal Server Secure Remote Access IFR:
- The information required by the psupgrade script is detailed in Obtain Required Configuration Information and Passwords.
- The information required by the psupdate script is detailed in Obtain Required Configuration Information and Passwords
Upgrading Portal Server Secure Remote Access IFR 7.0 (Solaris)
This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.
IFR 7 Upgrade Considerations (Solaris)
The Portal Server Secure Remote Access IFR upgrade to Release 5U1 takes into account the same considerations as the Release 4 upgrade (see Upgrade Considerations (Solaris)).
IFR 7 Upgrade Procedure (Solaris)
The procedure documented below applies to Portal Server Secure Remote Access on the computer where the upgrade is taking place.
- Log in as root or become superuser.
su -
- Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.
PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile -t gateway -N gatewayProfileNamePortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile -t rwproxy -N gatewayProfileNamePortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile -t nlproxy -N gatewayProfileNameCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555- Make sure Access Manager is running.
- Apply the required Portal Server Secure Remote Access 7.1 patches.
- Obtain the required patches, based on Table 16-8.
Always use the latest patch revisions available, unless directed to use a specific revision.
Patches can be downloaded to /workingDirectory from: http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
- Apply the appropriate Portal Server patch and, if needed, localization patch.
patchadd /workingDirectory/patch_ID
Be sure to consult the README.patch_ID file for additional patch installation instructions.
- Confirm that the patch upgrades were successful:
showrev -p | grep patch_ID
The output should return the versions of patch IDs applied in Step b.
- Apply the required Release 5U1 patch.
- Obtain the required patch, based on Table 16-5.
To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.
- Apply the appropriate Portal Server patch and, if needed, localization patch in Table 16-5.
patchadd /workingDirectory/patch_ID
Be sure to consult the README.patch_ID file for additional patch installation instructions.
- Confirm that the patch upgrades were successful:
showrev -p | grep patch_ID
The output should return the versions of patch IDs applied in Step b.
- Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script:
export ANT_HOME=/usr/sfw
export JAVA_HOME=/usr/jdk/entsys-j2se- Make sure you have adequate swap space on your computer.
As a guideline, the swap space should be set to twice the amount of physical ram.
- Run the psupgrade script.
cd PortalServer7-base/bin
./psupgradeThe psupgrade script is not run from the Java ES 5 Update 1 distribution and does not invoke the Java ES installer (the packages were already patched).
- Run the psupdate script.
cd PortalServer7-base/bin
./psupdate -aIf the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.
The script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).
Note
Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.
- Restart Common Agent Container, if it has not been upgraded to Release 5U1 and restarted as part of that upgrade.
rel5CAC-admin-dir/bin/cacaoadm stop
rel5CAC-admin-dir/bin/cacaoadm startUpgrading Portal Server Secure Remote Access IFR 7.0 (Linux)
This section discusses considerations that impact the upgrade procedure for Portal Server Secure Remote Access followed by a description of the procedure itself.
IFR 7 Upgrade Considerations (Linux)
The upgrade of Portal Server Secure Remote Access software to Release 5U1 on the Linux platform takes into account the same considerations as on the Solaris platform (see Upgrade Considerations (Solaris)), except that installing Linux patches removes the previous RPMs.
IFR 7 Upgrade Procedure (Linux)
The procedure documented below applies to Portal Server Secure Remote Access on the computer where the upgrade is taking place.
Caution
An upgrade from Portal Server Secure Remote Access IFR to Release 5U1 on Linux cannot be rolled back. Make sure you back up your system before performing the following procedure.
- Log in as root or become superuser.
su -
- Stop any instances of the Gateway, Rewriter Proxy, or Netlet Proxy that are running locally.
PortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile -t gateway -N gatewayProfileNamePortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile -t rwproxy -N gatewayProfileNamePortalServer7-base/bin/psadmin stop-sra-instance -u amadminUser
-f passwordFile -t nlproxy -N gatewayProfileNameCheck that the processes have stopped:
Gateway: netstat -an | grep 443
Rewriter Proxy: netstat -an | grep 10443
Netlet Proxy: netstat -an | grep 10555- Make sure Access Manager is running.
- Apply the required Portal Server Secure Remote Access 7.1 patches.
- Obtain the required patches using the patch numbers from Table 16-8.
Always use the latest patch revisions available, unless directed to use a specific revision.
Patches can be downloaded to /workingDirectory from: http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
- Apply the Portal Server Secure Remote Access patch and, if needed, localization RPMs for Portal Server Secure Remote Access in Table 16-8, in that order.
See the Readme file for the Portal Server patch, which describes how to use a script to apply the patch's RPMs:
cd /workingDirectory
where /workingDirectory is the directory to which you download the patch.
./upgradeportalrpm
The update script installs the RPM's.
For the localization patch, install each RPM using the following command:
rpm -Fvh patchName-version.rpm
Be sure to consult the README.patch_ID file for additional patch installation instructions.
- Confirm that the patch upgrade was successful:
rpm -qa | grep sun-portal
The upgrade revision numbers of the RPMs should be returned.
- Apply the required Release 5U1 patch.
- Obtain the latest Portal Server upgrade patches, based on Table 16-6.
To obtain the patch, see Accessing Java ES Patches. Patches can be downloaded to /workingDirectory.
- Apply the core and, if needed, localization patch for Portal Server Secure Remote Access in Table 16-6, in that order.
cd /workingDirectory/patch_ID
./update- Confirm that the patch upgrades were successful.
rpm -qa | grep sun-portal
The new version numbers of the RPMs should be returned.
- Set two environment variables (ANT_HOME and JAVA_HOME) needed by the psupgrade script:
export ANT_HOME=/opt/sun
export JAVA_HOME=/usr/jdk/entsys-j2se- Make sure you have adequate swap space on your computer.
As a guideline, the swap space should be set to twice the amount of physical ram.
- Run the psupgrade script.
cd PortalServer7-base/bin
./psupgradeThe psupgrade script is not run from the Java ES 5 Update 1 distribution and does not invoke the Java ES installer (the packages were already patched).
- Run the psupdate script.
cd PortalServer7-base/bin
./psupdate -aThe script requests you to input additional information needed to upgrade Portal Server Secure Remote Access (see Obtain Required Configuration Information and Passwords).
The information requested for psupdate is specified in Obtain Required Configuration Information and Passwords.
Note
Be sure you enter correct values for psupdate parameters, as you can't go back and change them, and it is also very difficult to roll back changes made by the psupdate script.
- Restart Common Agent Container, if it has not been upgraded to Release 5U1 and restarted as part of that upgrade.
rel5CAC-admin-dir/bin/cacaoadm stop
rel5CAC-admin-dir/bin/cacaoadm startVerifying the Upgrade
You can verify the patching of Portal Server Secure Remote Access packages to Release 5U1 using the following command:
See Table 16-7 for output values.
You can also check the upgrade log files at:
/var/sadm/install/logs/Sun_Java_System_Portal_Server_upgrade.0.0.log
Post-Upgrade Tasks
There are no post-upgrade tasks required when upgrading Portal Server Secure Remote Access to Release 5U1.
Rolling Back the Upgrade (Solaris)
This section describes considerations that impact the upgrade rollback procedure for Portal Server Secure Remote Access followed by the procedure itself.
Rollback Considerations (Solaris)
The procedure for rolling back the upgrade to Release 5U1 consists of reverting back to the IFR installation at PortalServer7-base.
Rollback Procedure (Solaris)
- Log in as root or become superuser.
su -
- Restore Directory Server to the state it was in before upgrade.
Use the Directory Server backup/restore command line and GUI utilities. See the Directory Server Backup and Restore chapter of the Sun Java System Directory Server Enterprise Edition 6.0 Administration Guide, http://docs.sun.com/doc/819-0995.
- Remove the appropriate Release 5U1 core and, if needed, localization patches in Table 16-5, in that order.
patchrm patch_ID
- Run the psupdate script for the appropriate Portal Server Secure Remote Access core patch.
cd PortalServer7Data-base/psupdate.patch_ID
./psupdate -rIf the psupdate command fails on the Solaris 10 platform, modify the value of LD_LIBRARY_PATH to remove /usr/lib (or prepend /usr/lib/mps/sasl2) and then run the psupdate script again.
- Back out the Portal Server Secure Remote Access 7.1 patch in Table 16-8.
patchrm patch_ID
Rolling Back the Upgrade (Linux)
On the Linux platform there is no procedure for rolling back the upgrade.
Multiple Instance Upgrades
In some deployment architectures Portal Server Secure Remote Access is deployed on multiple computer systems to provide for scalability and to improve availability. For example, you might have Portal Server Secure Remote Access components running on multiple computers with a load balancer to distribute the load.
In the case of load-balanced instances of Portal Server Secure Remote Access, you can perform a rolling upgrade in which you upgrade the Portal Server Secure Remote Access instances sequentially without interrupting service. You upgrade each instance of Portal Server Secure Remote Access while the others remain running. You perform the upgrade of each instance as described in Portal Server Secure Remote Access IFR 7.0 Upgrade.
When performing multiple instance upgrades from IFR Portal Server Secure Remote Access, use the procedure documented in Multiple Instance Upgrades, except replace "Release 4" with "IFR" wherever Release 4 is referenced. You must also upgrade Access Manager, as described in Step 1.