An update to the current release includes significant changes, and the introduction of a
topology registry, which will store information previously stored in the admin backend
(server instances, instance and secret keys, server groups, and administrator user
accounts). For the admin backend to be migrated, the update
tool must
be provided LDAP authentication options to the peer servers of the server being
updated.
The LDAP connection security options requested (either plain, TLS, StartTLS, or SASL) must be
configured on every server in the topology. The LDAP credentials must be present on
every server in the topology, and must have permissions to read from the admin backend
and the config backend of every server in the topology. For example, a root DN user with
the inherit-default-privileges
set to true (such as the
cn=Directory Manager
user) that exists on every server can be
used.
update
tool will verify that the following conditions are satisfied on
every server in the topology before allowing the update:- When the first server is being updated, all other servers in the topology must
be online. When updating additional servers, all topology information will be
obtained from one of the servers that has already been updated. The
update
tool will connect to the peer servers of the server being updated to obtain the necessary information to populate the topology registry. The provided LDAP credentials must have read permissions to the config and admin backends of the peer servers. - The instance name is set on every server, and is unique across all servers in
the topology. The instance name is a server’s identifier in the topology. After
all servers in the topology have been updated, each server will be uniquely
identified by its instance name. Once set, the name cannot be changed. If
needed, the following command can be used to set the instance name of a server
prior to the
update:
$ bin/dsconfig set-global-configuration-prop \ --set instance-name:uniqueName
-
The cluster-wide configuration is synchronized on all servers in the topology. Older versions have some topology configuration under
cn=cluster
,cn=config
(JSON attribute and field constraints). These items did not support mirrored cluster-wide configuration data. An update should avoid custom configuration changes on a server being overwritten with the configuration on the mirrored subtree master. To synchronize the cluster-wide configuration data across all servers in the topology, run theconfig-diff
tool on each pair of servers to determine the differences, and usedsconfig
to update each instance using theconfig-diff
output. For example:$ bin/config-diff --sourceHost hostName \ --sourcePort port \ --sourceBindDN bindDN \ --sourceBindPassword password \ --targetHost hostName \ --targetPort port \ --targetBindDN bindDN \ --targetBindPassword password
update
tool will
list all of the errors encountered for each server, and provide instructions on how to
fix them.