Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Last revision Both sides next revision
tutorial:adm:server_os_updates [2020/01/06 12:45]
fiserp [Things to consider]
tutorial:adm:server_os_updates [2020/01/13 12:22]
fiserp [Server updates - OS updates]
Line 1: Line 1:
 ====== Server updates - OS updates ====== ====== Server updates - OS updates ======
-<note warning>Page in construction, please do not use (yet).</note> 
 To ensure secure operation, servers in the infrastructure have to be kept up to date. This tutorial addresses the need for OS updates of the IdM server and gives basic guidelines and recommendations. To ensure secure operation, servers in the infrastructure have to be kept up to date. This tutorial addresses the need for OS updates of the IdM server and gives basic guidelines and recommendations.
  
Line 16: Line 15:
     * Restarting IdM cancels the LRT that was currently running, LRT **will not pick up automatically** after IdM goes up again.     * Restarting IdM cancels the LRT that was currently running, LRT **will not pick up automatically** after IdM goes up again.
     * Nightly LRTs usually read HR system data. This means there are dependecies between them (e.g. synchronize identities, then contracts and/or time slices, then run recompute on them and finally run HR processes which enable/disable identities based on freshly synchronized data). Given the nature of deployment, those dependencies may be "hard" and it may be dangerous to skip some of LRTs or run them in different order.     * Nightly LRTs usually read HR system data. This means there are dependecies between them (e.g. synchronize identities, then contracts and/or time slices, then run recompute on them and finally run HR processes which enable/disable identities based on freshly synchronized data). Given the nature of deployment, those dependencies may be "hard" and it may be dangerous to skip some of LRTs or run them in different order.
 +  * Impact on entity events
 +    * Entity events that are currently running **are lost** on IdM restart. This usually affects from one to ten events; actual number of affected events depends on number of ''event-executor'' threads.
 +    * Entity events in other states are persisted into the database so they are not lost on IdM restart.
 +    * No entity events should be in the event queue at the time of OS update. Because events are generated by LRTs or user actions, killing off LRTs and disconnecting users from IdM web interface is sufficient.
   * Impact on end systems connected to IdM   * Impact on end systems connected to IdM
     * There is no direct impact on other systems.     * There is no direct impact on other systems.
  • by fiserp