Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_os_updates [2019/12/17 07:42] fiserp [Performing the OS update] |
tutorial:adm:server_os_updates [2019/12/17 07:49] fiserp [Solving issues] |
||
---|---|---|---|
Line 42: | Line 42: | ||
- Perform the update | - Perform the update | ||
- Begin the maintenance. | - Begin the maintenance. | ||
+ | - Disable monitoring system notifications. | ||
- (If you use hot snapshots, make one.) | - (If you use hot snapshots, make one.) | ||
- Make sure no user or external application can access the IdM. | - Make sure no user or external application can access the IdM. | ||
Line 49: | Line 50: | ||
- Stop the IdM. | - Stop the IdM. | ||
- Disable automatic start of the IdM on OS start. | - Disable automatic start of the IdM on OS start. | ||
- | - (If you use cold snapshots, turn of the machine and make one.) | + | - (If you use cold snapshots, turn off the machine and make one.) |
- (If you do not use snapshots, make a backup of the IdM database and store it off-machine.) | - (If you do not use snapshots, make a backup of the IdM database and store it off-machine.) | ||
- Make backup of ``/boot``, ``/etc``, list of processes ``ps -ef`` and list of network services ``netstat -tulnp`` (or ``ss -tulnp``). Those dumps will help you check if all the services started. You can also recover some settings from backups in case something goes wrong (in a minor way) - you will not need to roll back whole snapshot. | - Make backup of ``/boot``, ``/etc``, list of processes ``ps -ef`` and list of network services ``netstat -tulnp`` (or ``ss -tulnp``). Those dumps will help you check if all the services started. You can also recover some settings from backups in case something goes wrong (in a minor way) - you will not need to roll back whole snapshot. | ||
- Perform the update (e.g. ``yum update``). | - Perform the update (e.g. ``yum update``). | ||
- | - Reboot the affected services or the whole machine if necessary. | + | - Restart |
- When the machine is up, check ``dmesg`` and ``/ | - When the machine is up, check ``dmesg`` and ``/ | ||
- Check running processes and network services whether everything started properly. | - Check running processes and network services whether everything started properly. | ||
- Namely PostgreSQL and HTTPd should be up and running. Those are parts of IdM deployment. | - Namely PostgreSQL and HTTPd should be up and running. Those are parts of IdM deployment. | ||
- If everything is ok, start the IdM service. | - If everything is ok, start the IdM service. | ||
- | - Enable autostart of IdM service upon OS start. | ||
- Check IdM logs whether it started successfuly. | - Check IdM logs whether it started successfuly. | ||
- Log into the IdM and test connection to end systems (configuration form for the system, green button "Test connector" | - Log into the IdM and test connection to end systems (configuration form for the system, green button "Test connector" | ||
- Check your testing use-cases. | - Check your testing use-cases. | ||
+ | - Enable autostart of IdM service upon OS start. | ||
+ | - (If there were changes to the database (e.g. PostgreSQL major version upgrade), make a backup of the upgraded database.) | ||
- Allow users to access the IdM. | - Allow users to access the IdM. | ||
+ | - Enable monitoring system notifications. | ||
- End the maintenance. | - End the maintenance. | ||
- Wrap-up | - Wrap-up | ||
Line 80: | Line 83: | ||
* Know how long (at worst) the whole rollback will take (rollback time **RT**). | * Know how long (at worst) the whole rollback will take (rollback time **RT**). | ||
* Have a maintenance window that spans at least **MT**+**RT** with some extra time **ET**. | * Have a maintenance window that spans at least **MT**+**RT** with some extra time **ET**. | ||
- | * You are not able to safely perform the maintenance in shorter window, there is simply not enough time. If something goes wrong, you need at most **RT** time to perform the rollback! | + | * You are not able to safely perform the maintenance in shorter window, there is simply not enough time. If something goes wrong, you will need **RT** time to perform the rollback! |
- | * If you do not have any **ET**, if anything goes wrong you have to perform rollback procedure. Therefore, **ET** gives you some time you can spend on solving the issue so you can carry on with updates. | + | * When you have no **ET**, if anything goes wrong you have to perform rollback procedure. Therefore, **ET** gives you some time you can spend on solving the issue so you can carry on with updates. |
You should have a rollback procedure that can safely restore the deployment. This depends on your environment. | You should have a rollback procedure that can safely restore the deployment. This depends on your environment. |