Upgrade the platform from version 7.4 to 7.5
If you’ve already installed Ping Identity Platform version 7.4 using artifacts
from the forgeops
repository, follow the steps provided on this page to
upgrade to version 7.5.
Use these steps to upgrade the platform in place.
This upgrade methodology has been tested against a deployment based on ForgeRock’s evaluation-only Docker images with basic configuration settings.
Because the Ping Identity Platform is highly customizable, it is difficult for ForgeRock to test all possible upgrade scenarios. It is your responsibility to validate that these upgrade steps work correctly in a test environment with your customized configuration before you upgrade a production environment. |
Prerequisites and assumptions
To upgrade the platform from version 7.4 to 7.5, you’ll need:
-
A running version 7.4 single-instance deployment with your current AM and IDM configurations.
-
A running version 7.4 small, medium, or large ForgeOps deployment.
-
A
forgeops
repository clone with a branch that contains 7.4 artifacts. -
A
forgeops
repository clone with a branch that contains 7.5 artifacts.
Example commands in the steps on this page assume:
-
7.4-profile
is the name of the 7.4 configuration profile. -
Your 7.4 small, medium, or large ForgeOps deployment is a small cluster.
-
Your 7.4 small, medium, or large ForgeOps deployment does not include ${ig.abbr}.
When you perform the upgrade:
-
Choose a different name for the configuration profile if you prefer.
-
Specify a different cluster size, if applicable.
-
Add commands to upgrade ${ig.abbr}, if applicable.
Subscribe to release note updates
Get updates from ForgeRock when there are changes to ForgeOps 7.5.
For more information about getting notifications or subscribing to the ForgeOps 7.5 RSS feed, refer to ForgeOps 7.5 release notes.
Back up critical data
Before upgrading, back up all critical data, including:
-
Directory data stored in the
ds-idrepo
andds-cts
backends -
AM and IDM configuration data
-
Customized artifacts in your
forgeops
repository clone
After you’ve started to upgrade, you may not be able to roll back directory data easily because the data is upgraded in place. If you need to roll back directory data, you’ll have to redeploy DS and restore directory data from a backup.
Export the version 7.4 AM and IDM configurations
-
Locate a branch of your
forgeops
repository clone that contains version 7.4 artifacts and check out the branch. -
(Optional) Check out a new branch based on the branch that contains version 7.4 artifacts.
-
Locate a namespace running version 7.4 of the single-instance deployment that contains your current AM and IDM configurations.
-
Export the AM and IDM configurations from the 7.4 single-instance deployment:
$ cd /path/to/forgeops $ ./bin/config export am 7.4-profile --sort $ ./bin/config export idm 7.4-profile --sort
-
Run the git add . and git commit commands.
Upgrade the exported configuration profiles to version 7.5
-
Locate the branch of your
forgeops
repository clone that contains version 7.5 artifacts and check out the branch.The latest branch with 7.5 artifacts is the
release/7.5-20240618
branch. -
(Optional) Check out a new branch based on the branch that contains version 7.5 artifacts.
-
Copy the configuration profiles you exported from your 7.4 single-instance deployment into the 7.5 branch:
-
Copy the AM 7.4 configuration profile into the /path/to/forgeops/docker/am/config-profiles directory.
-
Copy the IDM 7.4 configuration profile into the /path/to/forgeops/docker/idm/config-profiles directory.
-
-
Upgrade the AM configuration in the 7.5 branch.
Run the am-config-upgrader utility:
$ cd /path/to/forgeops $ ./bin/am-config-upgrader docker/am/config-profiles/7.4-profile
-
Upgrade the IDM configuration in the 7.5 branch.
Follow the steps in Migrate your configuration in the IDM documentation.
-
Run the git add . and git commit commands.
Upgrade the 7.4 pods to 7.5 and build custom 7.5 Docker images
-
Set your Kubernetes context so that you can access the cluster on which you deployed the version 7.4 small, medium, or large ForgeOps deployment
-
Check out the branch of your
forgeops
repository clone that contains version 7.5 artifacts.If you’ve checked out a branch that contains version 7.4 artifacts, the forgeops install command reinstalls version 7.4 instead of upgrading your pods to version 7.5.
-
(Optional) If your 7.4 ForgeOps deployment uses the deprecated DS operator and you want to continue using it, skip this step.
Remove the deprecated DS operator from your small, medium, or large ForgeOps deployment:
$ kubectl delete --ignore-not-found=true \ -f https://github.com/ForgeRock/ds-operator/releases/latest/download/ds-operator.yaml
After you remove the DS operator, your deployment is not available until after you upgrade the ds-idrepo
andds-cts
pods in the next two steps. Do not remove the DS operator from your ForgeOps deployment if you need the deployment to remain continuously up and running. -
Remove
ldif-importer
andamster
jobs if they exist:$ kubectl delete job ldif-importer amster
-
Install the ForgeOps 7.5 base components:
$ cd /path/to/forgeops/bin $ ./forgeops install base --small --fqdn my-fqdn
-
Upgrade the
ds-cts
pods from 7.4 to 7.5:$ cd /path/to/forgeops $ ./bin/forgeops install ds-cts --small
This command updates one
ds-cts
pod at a time. Run thekubectl get pods --watch
command to observe the pod upgrades.After all the
ds-cts
pods have been upgraded, run the ds-debug.sh command to verify that directory replication is working correctly. Run commands similar to the following for eachds-cts
pod:$ ./bin/ds-debug.sh -p podname rstatus
-
Upgrade the
ds-idrepo
pods from 7.4 to 7.5:$ cd /path/to/forgeops $ ./bin/forgeops install ds-idrepo --small
This command updates one
ds-idrepo
pod at a time. Run thekubectl get pods --watch
command to observe the pod upgrades.After all the
ds-idrepo
pods have been upgraded, run the ds-debug.sh command to verify that directory replication is working correctly. Run commands similar to the following for eachds-idrepo
pod:$ ./bin/ds-debug.sh -p podname rstatus
-
Check out the branch of your
forgeops
repository clone that contains version 7.5 artifacts.This branch should contain the
7.4-profile
configuration profile you upgraded to work with version 7.5. -
Build Docker images for version 7.5 that contain the
7.4-profile
configuration profile:$ cd /path/to/forgeops $ ./bin/forgeops build am --config-profile 7.4-profile --push-to my-repo $ ./bin/forgeops build idm --config-profile 7.4-profile --push-to my-repo
The newly-built Docker images are based on ForgeRock’s evaluation-only Docker images.
-
Upgrade the Ping Identity Platform pods from 7.4 to 7.5:
$ ./bin/forgeops install ui --small $ ./bin/forgeops install am --small $ ./bin/forgeops install idm --small
Wait for the pod upgrades to complete. Run the
kubectl get pods --watch
command to observe the pod upgrades. -
Start the AM and IDM admin UIs in your upgraded small, medium, or large ForgeOps deployment. Verify that:
-
The start page for each admin UI indicates the component version is 7.5, not 7.4.
-
AM and IDM use your custom configuration.
-
-
If you are using a Kubernetes-based Ping Identity Platform deployment in production, you must rebuild base Docker images for version 7.5, and then build custom Docker images based on those images:
-
Build your own Docker base images. Refer to Your own base Docker images for more information.
-
Rebuild your custom Docker images, basing them on the images you built in the previous step. Refer to Create Docker images for use in production for more information.
-