1. Administering Oracle Internet Directory
  2. Appendixes
  3. Performing a Rolling Upgrade

A.16 Performing a Rolling Upgrade

This appendix describes how to perform a rolling upgrade for Oracle Internet Directory if a directory replication group (DRG) is configured for your environment. It includes the following sections:

A.16.1 About Rolling Upgrade

To upgrade the Oracle home directories in a DRG, you must shut down all replication servers in the DRG and then upgrade each Oracle home to the latest version individually. If you do not shut down the replication servers, you might encounter issues when upgrading the Oracle home directories.

To avoid the downtime and loss of service associated with this upgrade process, Oracle recommends that you follow a rolling upgrade procedure where each Oracle home directory is upgraded individually, while the other Oracle Internet Directory nodes and the corresponding replication servers in the DRG remain up and running.

A.16.2 Prerequisites for a Rolling Upgrade

Upgrade is only supported for Oracle Internet Directory 11g Release 1 (11.1.1.9.0).

A.16.3 Performing a Rolling Upgrade

This section describes the procedure to performing a rolling upgrade.

To upgrade an Oracle Internet Directory DRG:

  1. Stop the replication server on the first node you want to upgrade.
  2. Suspend the replication from the first node to each of the other nodes:
    remtool -psuspendrepl -fromnode first_node_host:first_node_port

    This command lists the replica IDs of all the Oracle Internet Directory nodes along with their respective directory version numbers. You must specify either the replica ID of each of the other nodes as prompted or enter all, which suspends replication to all the other nodes.

    See remtool, in Oracle Fusion Middleware Reference for Oracle Identity Management.

  3. Validate that replication has been suspended from the first node to all the other nodes in the DRG by running the following ldapsearch command:
    ldapsearch -h first_node_host -p OID_port  -b "" -s base "(objectclass=orclReplAgreementEntry)" orcllastappliedchangenumber

    Look for orcllastappliedchangenumber from the first node to the other nodes with subtype status. It should have value 0 and will be of the form: 

    orcllastappliedchangenumber;status$replica_id_of_first_node$replica_id_of_other_node;transport

    and

    orcllastappliedchangenumber;apply;status$replica_id_of_first_node$replica_id_of_other_node

    If there are any discrepancies, repeat Step 2.

  4. Stop Oracle Internet Directory on the node you are about to upgrade.
  5. Patch the node to the current release, as described in the Oracle Fusion Middleware Patching and Upgrade Overview in Oracle Fusion Middleware Patching Guide.
  6. Start Oracle Internet Directory on the node you have just upgraded.
  7. Because no other nodes have been upgraded yet, do not resume replication between the first node and any other node.
  8. Stop the replication server on the second node you want to upgrade.
  9. Suspend replication from the second node to each of the nodes that have not been upgraded.
    remtool -psuspendrepl -fromnode second_node_host:second_node_port

    This command lists the replica IDs of all the Oracle Internet Directory nodes along with their respective directory version numbers. You must specify the replica ID of each of the other nodes that have not been upgraded.

  10. Validate that replication has been suspended from the node you are about to upgrade to each node that has not been upgraded, using the same command as in Step 3 against the second node.
  11. Stop Oracle Internet Directory on the node you are about to upgrade.
  12. Patch the node to the current release, as described in the Oracle Fusion Middleware Patching and Upgrade Overview in Oracle Fusion Middleware Patching Guide.
  13. Start Oracle Internet Directory on the node you have just upgraded.
  14. Now two nodes have been upgraded, so resume replication from the first node you upgraded to the second node you upgraded.
    remtool -presumerepl -fromnode  first_upgraded_replica_host:port -tonode second_upgraded_replica_host:port
  15. Validate that replication has been resumed from first upgraded node to the second upgraded nodes in DRG by running the following ldapsearch command:
    ldapsearch -p OID_port -h first_upgraded_OID_host -b "" -s sub "(objectclass=orclReplAgreementEntry)" orcllastappliedchangenumber

    Look for orcllastappliedchangenumber from the first upgraded Oracle Internet Directory node to the second upgraded node with subtype status; it should have a value of 1.

    Repeat this ldapsearch command against all other earlier upgraded nodes. If there are any discrepancies, repeat Step 14.

  16. Start replication server on the second upgraded replica.
  17. Shut down the replication server on the third node you want to upgrade.
  18. Suspend replication from the third node to each node that has not yet been upgraded, if any.
  19. Validate that replication has been suspended from the third node to each node that has not been upgraded.
  20. Stop Oracle Internet Directory and other processes on the third node to be upgraded.
  21. Patch the node to the current release, as described in the Oracle Fusion Middleware Patching and Upgrade Overview in Oracle Fusion Middleware Patching Guide.
  22. Start Oracle Internet Directory on the third node.
  23. Resume replication from each node that has already been upgraded to the third node.
  24. Validate that replication has been resumed from each upgraded node to the third node.
  25. Start replication on the third node

Repeat this procedure for all nodes in the DRG.

Before upgrading a node, suspend replication from that node to each of the nodes that has not yet been upgraded and validate that it is suspended. Stop Oracle Internet Directory on the node you are about to upgrade. Upgrade the node. Start Oracle Internet Directory on the node you just upgraded. Resume replication from nodes that are already upgraded to the node you just upgraded. Start replication on the node you just upgraded.

A.16.4 Completing Post-Upgrade Task

To prevent leaving some nodes in the DRG with inconsistent data after you perform a rolling upgrade, Oracle Internet Directory performs these operations:

To prevent leaving some nodes in the DRG with inconsistent data after you perform a rolling upgrade, Oracle Internet Directory performs these operations:

  1. On the Oracle Internet Directory master node that is processing incoming LDAP update requests, a change log entry is generated for each update request. The master node can be any of the nodes in the DRG (node A, B, or C in Rolling Upgrade Example).
  2. The changes are subsequently applied to all other nodes in the DRG regardless of whether a node is down or being upgraded when an LDAP request comes in, as long as the nodes in the DRG are brought back up after the rolling upgrade operation completes.

    When a change is applied to a target node, the appropriate conflict resolution logic ensures convergence. The retry logic (by default, 10 times with some cycle delay) handles a transient conflict situation, such as when a target node is down.

A.16.5 Rolling Upgrade Example

The following example includes three Oracle Internet Directory nodes, A, B, and C, in a mulimaster DRG. All nodes need to be upgraded to the current release by using the rolling upgrade procedure

In this example, upgrade is done in Node A first, followed by Node B, and then Node C.

Note:

Before you begin the rolling upgrade procedure, apply any required patches, as described in Prerequisites for a Rolling Upgrade.

To upgrade the nodes:

  1. Stop the replication server on Node A.
  2. Suspend the replication from Node A to both Node B and Node C. For example:
    remtool -psuspendrepl  -fromnode  HostA:PortA

    This command displays the replica IDs of all three Oracle Internet Directory nodes. Provide the replica IDs of Node B and Node C as input to remtool. Alternatively, you can enter all, which causes remtool to automatically select the replica IDs of B and C.

  3. Validate that replication has been suspended from Node A to Node B by running the following ldapsearch command:
    ldapsearch -p  PortA  -h  hostA  -b  "" -s  base "(objectclass=orclReplAgreementEntry)" orcllastappliedchangenumber

    Look for the orcllastappliedchangenumber attribute with subtype status. This attribute has the value 0 and is of the form: 

    orcllastappliedchangenumber;apply;status$replica_id_of_node A$replica_id_of_node_B
orcllastappliedchangenumber:status$replicaid_of_node_A$replicaid_of_nodeB;transport

    If there is a discrepancy in the status value, repeat Step 2.

    Similarly, validate that replication has been suspended from Node A to Node C.

  4. Stop Oracle Internet Directory and other processes on Node A.
  5. Run the Patch Set Assistant (PSA) on Node A to upgrade the node to the current release.
  6. Bring up Oracle Internet Directory and the replication server on Node A. Note that there is no node with which Node A should resume replication.
  7. Stop the replication server on Node B.
  8. Suspend replication from Node B to Node C by executing the following command:
    remtool -psuspendrepl -fromnode HostB:PortB -tonode HostC:PortC
  9. Validate that replication has been suspended from Node B to Node C by running the following ldapsearch command:
    ldapsearch -p  PortB  -h  hostB  -b  "" -s  base "(objectclass=orclReplAgreementEntry)" orcllastappliedchangenumber

    Look for orcllastappliedchangenumber with subtype status. It has value 0 and is of the form: 

    orcllastappliedchangenumber;apply;status$replica_id_of_node_B$replica_id_of_node_C
orcllastappliedchangenumber:status$replicaid_of_node_B$replicaid_of_node_C;transport

    If there is any discrepancy in the status value, repeat Step 8.

  10. Stop Oracle Internet Directory and other processes on Node B.
  11. Run the PSA on Node B to upgrade the node to the current release.
  12. Bring up Oracle Internet Directory on Node B and resume replication from Node A to Node B, as follows:
     remtool -presumerepl -fromnode HostA:PortA -tonode HostB:PortB
  13. Validate that replication has been resumed from Node A to Node B by running the following ldapsearch command:
    ldapsearch -p OID_port -h hostA -b "" -s base "(objectclass= orclReplAgreementEntry)" orcllastappliedchangenumber

    Look for orcllastappliedchangenumber from the upgraded Node A to Node B with subtype status. It should have the value 1.

    If there is any discrepancy in the status value, repeat Step12.

  14. Bring up the replication server on Node B.
  15. Shut down the replication server on Node C.
  16. Stop Oracle Internet Directory and other processes on Node C. Since there are no other nodes to be upgraded, you do not need to suspend replication.
  17. Run PSA on Node C to upgrade the node to the current release.
  18. Bring up Oracle Internet Directory on Node C and resume replication from Node A to Node C, as follows.
    remtool -presumerepl -fromnode HostA:PortA -tonode HostC:PortC

    Resume replication from Node B to Node C.

    remtool -presumerepl -fromnode HostB:PortB -tonode HostC:PortC
  19. Validate that replication has been resumed successfully by performing an ldapsearch on Node A and Node B similar to Step 13. Validate replication:

    • From Node A to Node C

    • From Node B to Node C

  20. Bring up the replication server on Node C.