Overview
From time to time AAF will be upgrading the IdP3 installer. This is a basic guide to identify the steps needs to be taken to mange this process.
New Release
When a new version of the Shibboleth IdP become available, the AAF will be testing the new version and update the AAF installer. Once it is tested and reviewed it will be add to the AAF Github repository: https://github.com/ausaccessfed/shibboleth-idp-installer
The current version and all the previous versions are also listed in the Github site: http://ausaccessfed.github.io/shibboleth-idp-installer/about/release.html
Notifications
The AAF will announce the new release via the following channels
- Email notification: via new mailing list: [email protected]
- AAF technical newsletter
Upgrading and Maintenance
The upgrading of your IdP should be much simpler now you are using the V3. AAF suggested reading the release note first. This may have the important information that you need to perform during the upgrade.
Once you are ready to upgrade, run the upgrade in test environment first to make sure that it won’t cause any issues before running in the production environment.
To upgrade the current version, run the update script with –u option, which will update the configurations and underlying software packages eg: jetty if required.
update_idp.sh –u
Testing
Functional Testing
- Ensure the IdP started correctly and jetty service is running
systemctl status idp ● idp.service - Shibboleth Identity Provider Loaded: loaded (/usr/lib/systemd/system/idp.service; enabled; vendor preset: disabled) Active: active (running) since Fri 2019-07-05 05:39:07 UTC; 3s ago Process: 28233 ExecStop=/bin/bash -c /opt/jetty/current/bin/jetty.sh stop (code=exited, status=0/SUCCESS) Main PID: 28271 (bash) CGroup: /system.slice/idp.service ├─28271 bash /opt/jetty/current/bin/jetty.sh start └─28315 sleep 4<span class="fr-marker" data-id="0" data-type="false" style="display: none; line-height: 0;"></span>
- federation-metadata.xml
- eduGAIN-metadata.xml (if integrated with eduGAIN)
ls -lah /opt/shibboleth/shibboleth-idp/current/metadata -rw-rw-r-- 1 jetty jetty 30M Jul 5 05:40 eduGAIN-metadata.xml -rw-rw-r-- 1 jetty jetty 4.0M Jul 5 05:40 federation-metadata.xml
tail -f /var/log/shibboleth-idp/idp-process.log
Check the following log directories are owned by jetty and have correct permissions as below
drwx------. 2 jetty jetty 20480 Jul 5 00:00 jetty drwx------. 2 jetty jetty 20480 Jul 5 00:14 shibboleth-idp
4. To verify you are now running the latest version
For Shibboleth
- A new directory /opt/shibboleth/shibboleth-idp/shibboleth-idp-3.x.y has been created.
- The symbolic link /opt/shibboleth/shibboleth-idp/current point to the directory above.
export JAVA_HOME=/usr /opt/shibboleth/shibboleth-idp/current/bin/version.sh
- A new directory /opt/jetty/jetty-distribution-9.n.nn.vyyyymmdd has been created
- The symbolic link /opt/jetty/current point to the directory above.
export JAVA_HOME=/usr /opt/shibboleth/shibboleth-idp/current/bin/status.sh -u http://localhost:8080/idp
6. Use the AAF attribute validator to test your attributes and verify your attribute values. This will also verify connection to DB is working correctly
7. Check a few federated services to ensure you can login successfully
- CloudStor
- Nectar
Additional checks
df -h
top
ps ax | grep idp
netstat -a | grep http
netstat -a | grep mysql
Questions and Feedback
If you have any questions or feedback please send to AAF Support