Web Policy Agents 2024.6

Major upgrade

Perform a major upgrade

  1. Read the release notes for information about changes in Web Agent.

  2. Download the agent binaries from the BackStage download site.

  3. Plan for server downtime.

    Plan to route client applications to another server until the process is complete and you have validated the result. Make sure the owners of client application are aware of the change, and let them know what to expect.

  4. Back up the directories for the agent installation and web server configuration and store them in version control so that you can roll back if something goes wrong:

  5. Redirect client traffic away from the protected website.

  6. Stop the web server where the agent is installed.

  7. Remove the old Web Agent, as described in Remove Web Agent.

  8. Delete the following shared memory files:

    • /dev/shm/am_cache_0

    • /dev/shm/am_log_data_0

    Depending on your configuration, the files can be named differently.

  9. If the HTTP proxy or certificate requires credentials, set installation environment variables for one or both of the following properties:

    Learn more from AM_SSL_PASSWORD and AM_PROXY_PASSWORD in Installation environment variables.

  10. Install the new agent.

    In local configuration mode, provide the agent.conf file.

    The installer generates the following files:

  11. Review the agent configuration:

  12. In the new agent-password.conf file, set the value of Agent Profile Password to the value of the encrypted password.

  13. (NGINX Plus and Unix Apache agents only) Configure shared runtime resources and shared memory. Learn more from Configure shared runtime resources and memory.

  14. Ensure the communication between AM and the web agent is secured with the appropriate keys. Learn more from Configuring AM to sign authentication information.

  15. Start the web server where the agent is installed.

    Web Agent 5 changed the default size of the agent session and policy cache from 1 GB to 16 MB. In the unlikely case that an old Apache agent could not release the shared memory, the new Apache agent may not start. For more information, refer to Troubleshooting.
  16. Allow client traffic to flow to the protected website.

  17. Validate that the agent is performing as expected in the following ways:

    • Check in /path/to/web_agents/agent_type/log/system_n.log that the new version of the agent is running.

    • Go to a protected page on the website and confirm whether you can access it according to your configuration.

    • Check logs files for errors.

    To troubleshoot your environment, run the agentadmin command with the --V option.

Roll back from a major upgrade

Before you roll back to an earlier version of Web Agent, consider whether any change to the configuration during or since upgrade could be incompatible with the earlier version.

To roll back from a major upgrade, run through the procedure in Major upgrade, but use the backed up directories for the agent installation and web server configuration.

Copyright © 2010-2024 ForgeRock, all rights reserved.