Sun Java Enterprise System Upgrade Guide for Microsoft Windows |
Chapter 3
Directory Server and Administration ServerThis chapter describes how to upgrade Directory Server and Administration Server components to Java ES Release 4 (2005Q4). These upgrades are documented together because the two components work closely together.
The chapter provides a general overview of upgrade issues and procedures for the different upgrade paths supported by Java ES Release 4. The chapter covers the following:
Overview of Directory Server and Administration Server UpgradesThis section describes the following general aspects of Directory Server and its associated Administration Server component that impact upgrading to Java ES Release 4:
About Java ES Release 4
Java ES Release 4 versions of Directory Server and Administration Server represent only minor bug fixes and improvements. There are no new functional capabilities.
Java ES Release 4 Upgrade Roadmap
Table 3-1 shows the supported Directory Server and Administration Server upgrade path to Java ES Release 4.
Directory Server and Administration Server Data
Directory Server and Administration Server make use of Directory Server itself for storing configuration data. The data is stored in a specific tree structure within the directory. The Directory Server instance hosting the configuration is referred to as the configuration directory.
The configuration directory can be a dedicated Directory Server instance, which is a recommended security practice, or it can also host user identity data or service configuration data. The configuration directory can reside on the same computer as other Directory Server instances and the Administration Server; however in most deployment architectures, the configuration directory is remote from the other components that use it to store configuration information.
The following table shows the type of data that could be impacted by an upgrade of Directory Server and Administration Server, software.
Compatibility Issues
Release 4 Directory Server and Administration Server do not introduce any interface changes. These components are, as a group, backwardly compatible with earlier versions. However, any one of these components is not backwardly compatible with earlier versions of the others; all need to be upgraded as a unit.
Dependencies
Dependencies on other Java ES components can impact the procedure for upgrading and re-configuring Directory Server and Administration Server software. Each of these components has dependencies on Java ES components as follows:
Directory Server. Directory Server has dependencies on specific Java ES shared components (see Table 1-6). Directory Server has a dependency on Administration Server, which is used to configure Directory Server replication and other aspects of Directory Server functions.
Administration Server. Administration Server (and the Administration Console user interface) has dependencies on specific Java ES shared components (see Table 1-6). Administration Server has a dependency on Directory Server (specifically a configuration directory) where it stores configuration data.
Upgrading Directory Server and Administration Server from Java ES Release 3This section includes information about upgrading Directory Server, Administration Server from Java ES Release 3 to Java ES Release 4. The section covers the following topics:
Introduction
When upgrading Java ES Release 3 Directory Server and Administration Server to Release 4, consider the following aspects of the upgrade process:
- General Upgrade Approach. The upgrade is performed by applying patches to the Release 3 version. Re-configuration of Directory Server and Administration Server are achieved by synchronizing the configuration directory with the upgraded software.
- Upgrade Dependencies. While Directory Server and Administration Server have dependencies on a number of Java ES shared components (see Table 1-6), Release 4 Directory Server and Administration Server are compatible with the Release 3 versions of these shared components. Upgrade of these shared components is therefore optional with respect to upgrade of Directory Server and Administration Server to Release 4.
- Backward Compatibility. Release 4 Directory Server and Administration Server, are backwardly compatible with their Release 3 versions.
- Upgrade Rollback. A rollback of the Release 4 upgrade is achieved by removing the Release 4 upgrade patches and re-synchronizing the configuration directory with the previous software state.
Directory Server and Administration Server Upgrade
This section describes how to perform an upgrade of Directory Server and Administration Server from Java ES Release 3 to Java ES Release 4. The section covers the following topics:
Pre-Upgrade Tasks
Before you upgrade Directory Server and Administration Server you should perform the tasks described below.
Verify Current Version Information
You can verify the current version of Directory Server and associated components by restarting the Directory Server service using restart-slapd.bat
Upgrade Directory Server and Administration Server Dependencies
It is generally recommended that all Java ES components on a computer system (and in a computing environment) be upgraded to Java ES Release 4. However, because Directory Server and Administration Server do not require upgrading Release 3 shared components, this task is optional.
Back Up Directory Server Data
The Directory Server and Administration Server, upgrade process modifies configuration directory data. Therefore, before you upgrade, it is recommended that you back up your configuration directory data using the Directory Server Console or a command-line utility such as db2bak.
Obtain Required Configuration Information and Passwords
You should know the Directory Server administrator user ID and password for your currently installed version.
Upgrading Directory Server and Administration Server
This section discusses considerations that impact the upgrade procedure for Directory Server and Administration Server, followed by a description of the procedure itself.
Upgrade Considerations
The upgrade of Directory Server and Administration Server software to Java ES Release 4 takes into account the following considerations:
- Any Java ES components using a Directory Server instance (such as Access Manager, Communications Express, Messaging Server, Portal Server, and so forth) should be shut down before you upgrade that instance. However, most deployment architectures use multiple instances of Directory Server to provide high availability or scalability. In such cases, you can perform a rolling upgrade of Directory Server and the Directory Server clients need not be shut down.
- The upgrade of these components must be done in the following sequence: Administration Server and then Directory Server. This sequence is because the re-configuration data must take place in a particular order.
- The component being upgraded must be shut down when patches are being applied, however the associated configuration directory must subsequently be running to re-configure the component being upgraded.
- In a deployment architecture in which there are multiple instances of Directory Server running on a single computer (all corresponding to the same installed Directory Server image), upgrading the Directory Server image will upgrade all the instances. In such architectures, there is only one Administration Server instance per installed Directory Server image.
- In many deployment architectures the configuration directory is a separate Directory Server instance. It might be local or on a different computer system from where the upgrade is being performed. Similarly, the Administration Server might be local or on a different computer system from where the upgrade of Directory Server is being performed.
- In some deployment architectures Directory Server has been installed standalone by deselecting Administration Server at installation time. In that case, however, the Administration Server upgrade procedure must still be performed, in addition to the Directory Server upgrade procedure, as described in the instructions that follow.
- The Release 4 upgrade patches are shown in the Table 1-3:
Upgrade Procedure
The procedure documented below applies to Directory Server and Administration Server instances residing locally on the computer where the upgrade is taking place.
- Obtain the required patches, based on Table 1-3.
Patches can be downloaded from:
http://sunsolve.sun.com
- Stop the Administration Console if it is running locally.
- Shut down all Java ES components dependent on the Directory Server and Administration Server instances that are to be upgraded. This step might depend on how these components are replicated within your deployment architecture.
Components should be shut down in the following order:
- Make sure you have upgraded any Java ES components upon which Directory Server and Administration Server have hard upgrade dependencies (see Upgrade Directory Server and Administration Server Dependencies).
- Upgrade Administration Server.
You need to perform this step even if Directory Server had originally been installed in standalone mode on the computer where the upgrade is taking place.
- Upgrade Directory Server.
- If you are running Directory Server in standalone mode, without Administration Server, perform the following procedure, otherwise proceed directly to Step 6b.
- Change directory to the serverroot directory.
- Create a configuration directory:
admin-serv\config under <Server-Root>
- Create an adm.config file:
- Add the following text
isie: cn=Administration Server, cn=Server Group, cn=hostname, ou=administration_domain, o=NetscapeRoot
All on one line where hostname is the fully qualified Directory Server host name and administration_domain is typically the host’s domain name.
- Run the prepatch.pl before executing the patch:
perl prepatch.pl <Server-Root>
- Apply the patch by double-clicking the <Patch-id>.exe.
- After applying the patch, run the following:
perl postpatch.pl <Server-Root> <Admin id> <Admin Password>
- Restart all Java ES components in the reverse order they were shut down in Step 3.
Verifying the Upgrade
You can verify successful upgrade of Directory Server and associated components by restarting the Directory Server service using restart-slapd.bat
See Table 3-2 for output values.
Post-Upgrade Tasks
There are no post-upgrade tasks beyond the steps described in Upgrade Procedure.
Rolling Back the Upgrade
This section describes considerations that impact the upgrade rollback procedure for Directory Server and Administration Server followed by the procedure itself.
Rollback Considerations
The procedure for rolling back the upgrade to Release 4 of Directory Server and Administration Server is pretty much the reverse of the procedure for upgrading to Release 4. The patches are removed and the configuration directory is re-synchronized.
One special consideration is that when you apply patches, you upgrade the SSL certificate database to a cert8 format. The patch backs up the cert7 data, and then converts it to cert8 format. If you subsequently decide to roll back the upgrade and have added new certificates to the certificate database, you should manually extract these certificates, back out the patches, and then add the certificates back to the previous cert7 format certificate database.
When you roll back an upgrade after having changed the SSL certificate database, you cannot start in SSL mode. To work around this problem, turn off SSL mode, restart Administration Server, Directory Server or Directory Proxy Server, reinstall the certificate, and then enable SSL mode.
Rollback Procedure
- Stop the Administration Console if it is running locally.
- Shut down all Java ES components dependent on the Directory Server and Administration Server instances that are to be rolled back. This step depends on how these components are replicated within your deployment architecture.
Components should be shut down in the following order:
- Roll back the Directory Server upgrade.
- Roll back the Administration Server upgrade.
- Roll back upgrades to any Java ES components upon which Directory Server and Administration Server have hard upgrade dependencies.
- Restart all Java ES components in the reverse order they were shut down in Step 2.