IG 2023.6

Upgrade

For information about upgrade between supported versions of IG, refer to Release and Lifecycle dates | Identity Gateway.

This section describes how to upgrade a single IG instance. The most straightforward option when upgrading sites with multiple IG instances is to upgrade in place. One by one, stop, upgrade, and then restart each server individually, leaving the service running during the upgrade.

IG supports the following types of upgrade:

Drop-in software update

Usually, an update from a version of IG to a newer minor version, as defined in Release naming. For example, the update from 2023.2 to 2023.4.

Drop-in software updates can introduce additional functionality and fix bugs or security issues. Consider the following restrictions for drop-in software updates:

  • Do not require any update to the configuration

  • Cannot cause feature regression

  • Can change default or previously configured behavior only for bug fixes and security issues

  • Can deprecate but not remove existing functionality

Major upgrade

Usually, an upgrade from a version of IG to a newer major version, as defined in Release naming. For example, the upgrade from 7.2 to 2023.2.

Major upgrades can introduce additional functionality and fix bugs or security issues. Major upgrades do not have the restrictions of drop-in software update. Consider the following features of major upgrades:

  • Can require code or configuration changes

  • Can cause feature regression

  • Can change default or previously configured behavior

  • Can deprecate and remove existing functionality

Plan the upgrade

Do these planning tasks before you start an upgrade:

Planning task Description

Find the upgrade path

Refer to [supported-upgrades] to see if you need a drop-in upgrade or a major upgrade.

Find out what changed

Read the release notes for all releases between the current version and the new version. Understand the new features and changes in the new version compared to the current version.

Check the requirements

Make sure you meet all of the requirements in the release notes for the new version. In particular, make sure you have a recent, supported Java version.

Plan for server downtime

At least one of your IG servers will be down during upgrade. Plan to route client applications to another server until the upgrade process is complete and you have validated the result. Make sure the owners of client application are aware of the change, and let them know what to expect.

If you have a single IG server, make sure the downtime happens in a low-usage window, and make sure you let client application owners plan accordingly.

Back up

The IG configuration is a set of files, including admin.json, config.json, logback.xml, routes, and scripts. Back up the IG configuration and store it in version control, so that you can roll back if something goes wrong.

Back up any tools scripts you have edited for your deployment and any trust stores used to connect securely.

Plan for rollback

Sometimes even a well-planned upgrade fails to go smoothly. In such cases, you need a plan to roll back smoothly to the pre-upgrade version.

For IG servers, roll back by restoring a backed-up configuration.

Prepare a test environment

Before applying the upgrade in your production environment, always try to upgrade IG in a test environment. This will help you gauge the amount of work required, without affecting your production environment, and will help smooth out unforeseen problems.

The test environment should resemble your production environment as closely as possible.

Drop-in software update with binaries

  1. Read and act on Plan the upgrade.

  2. Back up the IG configuration and store it in version control so that you can roll back if something goes wrong.

  3. Download the IG .zip file.

  4. Stop IG.

  5. Make the new configuration available on the file system.

    By default, IG configuration files are located under $HOME/.openig (on Windows appdata\OpenIG). For information about how to use a different location, refer to Change the base location of the IG configuration.

  6. Restart IG.

    By default, IG configuration files are located under $HOME/.openig (on Windows appdata\OpenIG). For information about how to use a different location, refer to Change the base location of the IG configuration.

  7. In a test environment that simulates your production environment, validate that the upgraded service performs as expected with the new configuration. Check the logs for new or unexpected notifications or errors.

  8. Allow client application traffic to flow to the upgraded site.

Drop-in software update with Docker files

  1. Read and act on Plan the upgrade.

  2. Back up the IG configuration and store it in version control so that you can roll back if something goes wrong.

  3. Stop the Docker image.

  4. Build the new base image for IG.

  5. Run the Docker image.

  6. In a test environment that simulates your production environment, validate that the upgraded service performs as expected with the new configuration. Check the logs for new or unexpected notifications or errors.

  7. Allow client application traffic to flow to the upgraded site.

Major upgrade with binaries

  1. Read and act on Plan the upgrade.

  2. Use the release notes for all releases between the version you currently use and the new version, and create a new configuration as follows:

    • Review all incompatible changes and removed functionality, and adjust your configuration as necessary.

    • Switch to the replacement settings for deprecated functionality. Although deprecated objects continue to work, they add to the notifications in the logs and are eventually removed.

    • Check the lists of fixes, limitations, and known issues to find out if they impact your deployment.

    • Recompile your Java extensions. The method signature or imports for supported and evolving APIs can change in each version.

    • Read the documentation updates for new examples and information that can help with your configuration.

  3. Back up the IG configuration and store it in version control so that you can roll back if something goes wrong.

  4. Download the IG .zip file.

  5. Stop IG.

  6. Make the new configuration available on the file system.

    By default, IG configuration files are located under $HOME/.openig (on Windows appdata\OpenIG). For information about how to use a different location, refer to Change the base location of the IG configuration.

  7. Restart IG.

    By default, IG configuration files are located under $HOME/.openig (on Windows appdata\OpenIG). For information about how to use a different location, refer to Change the base location of the IG configuration.

  8. In a test environment that simulates your production environment, validate that the upgraded service performs as expected with the new configuration. Check the logs for new or unexpected notifications or errors.

  9. Allow client application traffic to flow to the upgraded site.

Major upgrade with Docker files

  1. Read and act on Plan the upgrade.

  2. Use the release notes for all releases between the version you currently use and the new version, and create a new configuration as follows:

    • Review all incompatible changes and removed functionality, and adjust your configuration as necessary.

    • Switch to the replacement settings for deprecated functionality. Although deprecated objects continue to work, they add to the notifications in the logs and are eventually removed.

    • Check the lists of fixes, limitations, and known issues to find out if they impact your deployment.

    • Recompile your Java extensions. The method signature or imports for supported and evolving APIs can change in each version.

    • Read the documentation updates for new examples and information that can help with your configuration.

  3. Back up the IG configuration and store it in version control so that you can roll back if something goes wrong.

  4. Stop the Docker image.

  5. Build the new base image for IG.

  6. Run the Docker image.

  7. In a test environment that simulates your production environment, validate that the upgraded service performs as expected with the new configuration. Check the logs for new or unexpected notifications or errors.

  8. Allow client application traffic to flow to the upgraded site.

Post upgrade tasks

After upgrade, review the what’s new section in the release notes and consider activating new features and functionality.

Rollback

Before you roll back to a previous version of IG, consider whether any change to the configuration during or since upgrade could be incompatible with the previous version.
Roll back with binaries
  1. Plan for server downtime

    Plan to route client applications to another server until the rollback process is complete and you have validated the result. Make sure the owners of client application are aware of the change, and let them know what to expect.

  2. Stop IG

  3. Download the replacement IG .zip file

  4. Make the new configuration available on the file system.

    By default, IG configuration files are located under $HOME/.openig (on Windows appdata\OpenIG). For information about how to use a different location, refer to Change the base location of the IG configuration.

  5. Restart IG.

Roll back with Dockerfiles
  1. Plan for server downtime

    Plan to route client applications to another server until the rollback process is complete and you have validated the result. Make sure the owners of client application are aware of the change, and let them know what to expect.

  2. Stop the Docker image.

  3. Build the new base image for IG.

  4. Run the Docker image.

Copyright © 2010-2023 ForgeRock, all rights reserved.