Upgrading PingFederate on Linux systems
You can use the Upgrade Utility on Linux servers to upgrade to the current version of PingFederate.
About this task
The Upgrade Utility copies all relevant sources of your current installation into the new target directory of your choice. It doesn’t change the current installation.
The Upgrade Utility migrates the existing versions of all PingFederate plugins by default. You can use the -c
command line parameter to override the default behavior and install the latest versions of each plugin.
Upgrade results are contained in the <pf_install_target>/pingfederate/upgrade/log/upgrade.log
file.
To use the Upgrade Utility on Linux servers to upgrade to the current version of PingFederate:
Steps
-
Download the latest version of the PingFederate Server distribution
.zip
archive from the Ping Identity website. -
Extract the
.zip
to the new target directory of your choice,<pf_install_target>
. -
Stop PingFederate.
-
On the command line, change directory to
<pf_install_target>/upgrade/bin
and execute the following command:./upgrade.sh <pf_install_source> <newLicense>] [-c] [--release-notes-reviewed]
where:
<pf_install_source>
::The full or relative path of the base
pingfederate
directory where the existing PingFederate software is installed.
The |
<newLicense>
-
The optional path and file name of the license to use for the upgraded PingFederate version.
If your current license is valid, the Upgrade Utility automatically copies it from the source installation to the target installation, and you don’t need to specify the If your license isn’t valid, obtain a valid license file and specify its path and file name for this parameter. |
-c
-
The optional parameter to run the tool in custom mode, which allows you to override newer default security settings (if any) and to upgrade to the newest version of each installed plugin.
--release-notes-reviewed
-
An optional parameter that indicates that you’ve already reviewed the release notes. This parameter prevents prompts during the upgrade that ask if you’ve read the release notes and the upgrade considerations.
The command prompt displays messages indicating upgrade progress. The process is complete when the following message appears:
Upgrade completed with [N] errors and [N] warnings
If there are errors, scroll up the command window to see them and then correct the indicated problems. Errors during the upgrade should be rare but might include problems such as missing or malformed configuration files in the source installation. The messages are also logged to the upgrade.log
file in the Upgrade Utility base directory.
-
If you’re using an older version of the Amazon Web Services (AWS) CloudHSM client:
-
Update the CloudHSM client and the CloudHSM Software Library for Java to a supported version and restart the client.
For more information, see System requirements.
-
Copy
<pf_install_target>/pingfederate/lib-ext/pf-aws-cloud-hsm-wrapper.jar
to theJAVA_HOME/jre/lib/ext
directory. -
Copy all of the files in the
/opt/cloudhsm/java
and/opt/cloudhsm/lib
directories to theJAVA_HOME/jre/lib/ext
directory.
If you’re upgrading a clustered PingFederate environment, repeat from step 1 to upgrade PingFederate on each engine node.
-
End users might experience disruptions while you upgrade your PingFederate environment. |
-
If PingFederate is running as a service, reconfigure the PingFederate service:
-
Edit the
<pf_install_target>/pingfederate/sbin/linux/pingfederate.service
systemd unit file (see step installing_and_uninstalling_pingfederate:pf_install_pf_service_on_linux_manually.adoc#pf_step_installPingfederateSystemdService in Installing PingFederate > Installing on Linux manually). -
Edit the
<pf_install_target>/pingfederate/sbin/linux/pingfederate
SysV initialization script (see step installing_and_uninstalling_pingfederate:pf_install_pf_service_on_linux_manually.adoc#pf_step_installPingfederateSysvInitializationScript in Installing PingFederate > Installing on Linux manually).
Start the new PingFederate installation.
-
If you’re upgrading a clustered PingFederate environment, start the new PingFederate instance on the console node.
If you’ve configured single sign-on using OpenID Connect (OIDC) as the console authentication scheme and set the endpoint settings back to your PingFederate environment, start the new PingFederate instance on the console node and one of the engine nodes.
-
Verify the new installation’s version:
-
Open the new installation’s administrative console.
-
On the toolbar, click the Question Mark icon. On the Help menu, click About.
-
Verify that the pop-up shows the new version.
-
-
If you’re upgrading a clustered PingFederate environment:
-
Start the new installation on each engine node, and then ensure all nodes are shown on the System → Server → Cluster Management page.
-
On the Cluster Management page, click Replicate Configuration.
-
-
Although the upgrade utility automatically merges, migrates, and copies the language packs'
.properties
files into the upgraded PingFederate installation, verify the language packs in the upgrade installation by looking at the.properties
files located in the upgraded<pf_install_target>/pingfederate/server/default/conf/language-packs
directory.-
Standard
.properties
files includepingfederate-email-messages.properties
,pingfederate-messages.properties
, andpingfederate-sms-messages.properties
. During the upgrade, these files are migrated and merged into the upgraded PingFederate installation. -
Localized
.properties
files (for example,pingfederate-messages_fr_CA.properties
), are also migrated and merged into the upgraded PingFederate installation. -
If the PingOne MFA or PingOne Protect integration kit was installed on PingFederate, you must manually migrate its
.properties
file after the upgrade. -
All other
.properties
files in<pf_install_target>/pingfederate/server/default/conf/language-packs
that don’t fit the previous criteria are copied (not merged) into the upgraded PingFederate installation.
-
Next steps
After upgrading PingFederate, perform the Post-upgrade tasks.