How to automate the upgrade process of NetIQ Access Manager using Ansible
This article discusses how to upgrade Access Manager to the newer version. You must take a backup of the existing configurations before upgrading Access Manager components. For the current scenario we are considering the upgrade of NetIQ Access Manager from 4.4 SP4 to 4.5.
- NAM: NetIQ Access Manager
- AC: Admin Console
- IDP: Identity Server
- AG: Access Gateway
a. NAM version 4.4 SP4 (Or other supported version for upgrading to 4.5.
For checking the NAM versions refer this link
b. Ansible version 2.7 or above. (For more info refer: https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).
For checking the current Ansible version, run the following command in the terminal of the host machines:
Fig 1: Checking the Ansible version.
c. For this scenario, we are considering Linux based client and hosts with python version 2.7.10 or above installed on them.
d. Download the auto-upgrade.zip and extract it into the /etc/ansible (Warning: If the auto-upgrade.zip is directly extracted into the /etc/ansible folder It will overwrite the existing file in that folder.)
e. For the current scenario, we are considering setup with two Admin Consoles (AC), two Identity Servers (IDP) and two Access Gateways (AG), all running on individual Linux based systems.
f. Enter the IP Addresses of the AC, IDP and AG in the Hosts file as follows.
Fig 2: Syntax of the HOSTS file.
Fig 3: Example of entries in the HOSTS file.
g. Customized files to be mentioned in the following roles:
- /etc/ansible/roles/backup.idpfiles/tasks/main.yml (for backup of IDP files)
- /etc/ansible/roles/backup.magfiles/tasks/main.yml (for backup of AG files)
As shown in Fig 4.
Fig 4:For adding new files to be backed up.
h. The credentials for the Admin Console are Assumed to be
If using other credentials, make the changes in the following roles:
Fig 5: The underlined text shows the location of the build on the web server and the credentials.
i. We are downloading the installer from our local servers, if using some other location for downloading the build, then specify that specific location in the files mentioned in prerequisites h, as shown in Fig 5.
j. All the hosts should be accessible through the client machine using SSH.
4. Data Flow Diagram:
Fig 6: Dataflow for the upgrade
Description for the Steps of the data flow :
- Checking if the components are up and running: This is for verifying if the components of NAM (AC, IDP and AG) are in working state, for which we are doing the following:
- AC: we access the admin console page and based on that we are concluding if the AC is up and running.
- IDP: we access the IDP Health URL and validating if the IDP is in working state.
- AG: we access the AG Health-status URL and validating if the AG is in working state.
- Checking for a successful upgrade:
For verifying if, the upgrade was successful, we are comparing the rpm versions of the installed components and the rpm files in the installer, assuming that the installer is extracted in the folder /installer/NAM/
NOTE: This is just for verifying if the upgrade was successful, thus if not required it can be skipped.
- Backup customized files:
Before upgrading the setup, we are coping the following files to a separate folder (/backup).
The files included are:
NOTE: For including any other files for backup refer Prerequisite g.
5. Steps to run the Automation :
- Run the playbook ( main.yml ) to upgrade the Setup to 4.5.0, for doing so execute the following command:
ansible-playbook main.yml -e “build_version=4.5”
And wait for the process to complete.
Fig 7: Sample Output
6. Checking the version of the components:
- Log in to the Admin Console with your credentials, and click on Troubleshooting.
Fig 8: Click on Troubleshooting in the Admin Console.
- On the Troubleshooting page click on the version tab.
Fig 9: Click on Version on the troubleshooting page.
The displayed page will have information about the versions of all the components.
Fig 10: Version Details of all the components.
7. Checking the Health Status:
- Login to the Admin Console with your credentials, and click on Troubleshooting.
Fig 11: Click on Troubleshooting in the Admin Console.
2. On the Troubleshooting page click on Device Health
Fig 12: Click on Device Health on the Troubleshooting page.
3. The page will show health status about the components.
Fig 13: Health Status of all the components.