How to automate the upgrade process of NetIQ Access Manager using Ansible

How to automate the upgrade process of NetIQ Access Manager using Ansible

1. Introduction:

This article discusses how to upgrade Access Manager to the newer version. You must take a backup of the existing configurations before upgrading Access Manager components. For the current scenario we are considering the upgrade of NetIQ Access Manager from 4.4 SP4 to 4.5.

2. Abbreviations:

  • NAM: NetIQ Access Manager
  • AC: Admin Console
  • IDP: Identity Server
  • AG: Access Gateway

3. Pre-requisites:

        a. NAM version 4.4 SP4 (Or other supported version for upgrading to 4.5.

For checking the NAM versions refer this link

        b. Ansible version 2.7 or above. (For more info refer:   https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html).

For checking the current Ansible version, run the following command in the terminal of the host machines:

            ansible --version

Ansible_version.png

 

Fig 1: Checking the Ansible version.

      c. For this scenario, we are considering Linux based client and hosts with python version 2.7.10 or above installed on them.

      d. Download the auto-upgrade.zip and extract it into the /etc/ansible (Warning: If the auto-upgrade.zip is directly extracted into the /etc/ansible folder It will overwrite the existing file in that folder.)

      e.  For the current scenario, we are considering setup with two Admin Consoles (AC), two Identity Servers (IDP) and two Access Gateways (AG), all running on individual Linux based systems.

      f.  Enter the IP Addresses of the AC, IDP and AG in the Hosts file as follows.

format_of_Hosts_filenosp.jpgFig 2: Syntax of the HOSTS file.

sample_host_file_entriesnosp.jpg

 Fig 3: Example of entries in the HOSTS file.

     g. Customized files to be mentioned in the following roles:

  1. /etc/ansible/roles/backup.idpfiles/tasks/main.yml (for backup of IDP files)
  2. /etc/ansible/roles/backup.magfiles/tasks/main.yml (for backup of AG files)

        As shown in Fig 4.backupfiles.png

 Fig 4:For adding new files to be backed up.

     h.  The credentials for the Admin Console are Assumed to be

           Username: admin

           Password: novell

           If using other credentials, make the changes in the following roles:

  • /etc/ansible/roles/ac.upgrade/tasks/main.yml
  • /etc/ansible/roles/idp.upgrade/tasks/main.yml
  • /etc/ansible/roles/mag.upgrade/tasks/main.yml

upgrade_script.pngFig 5: The underlined text shows the location of the build on the web server and the credentials.

     i.  We are downloading the installer from our local servers, if using some other location for downloading the build, then specify that specific location in the files mentioned in prerequisites h, as shown in Fig 5.

    j.  All the hosts should be accessible through the client machine using SSH.

4. Data Flow Diagram:

Flowchart_backupadded.png

Fig 6: Dataflow for the upgrade

Description for the Steps of the data flow :

  • Checking if the components are up and running: This is for verifying if the components of NAM (AC, IDP and AG) are in working state, for which we are doing the following:
  1. AC: we access the admin console page and based on that we are concluding if the AC is up and running.
  2. IDP: we access the IDP Health URL and validating if the IDP is in working state.
  3. AG: we access the AG Health-status URL and validating if the AG is in working state.
  • Checking for a successful upgrade:

            For verifying if, the upgrade was successful, we are comparing the rpm versions of the installed components and the rpm files in the installer, assuming that the installer is extracted in the folder /installer/NAM/

NOTE: This is just for verifying if the upgrade was successful, thus if not required it can be skipped.

  • Backup customized files:

           Before upgrading the setup, we are coping the following files to a separate folder (/backup).

The files included are:

        IDP -  

      1. /opt/novell/nam/idp/conf/tomcat.conf 

  1. /opt/novell/nids/lib/webapp/WEB-INF/web.xml 
  2. /opt/novell/nam/idp/conf/server.xml

         AG-    

      1. /opt/novell/nam/mag/conf/tomcat.conf 

  1. /etc/opt/novell/apache2/conf/extra/httpd-mpm.conf
  2. /opt/novell/nam/mag/conf/server.xml

        NOTE: For including any other files for backup refer Prerequisite g.

5. Steps to run the Automation :

  1. Run the playbook ( main.yml ) to upgrade the Setup to 4.5.0, for doing so execute the following command:

           ansible-playbook main.yml -e “build_version=4.5”

           And wait for the process to complete.

Output:

output_sample.png

 Fig 7: Sample Output

6. Checking the version of the components:

 

  1. Log in to the Admin Console with your credentials, and click on Troubleshooting.clicktrblshooting.png

    Fig 8: Click on Troubleshooting in the Admin Console.

  2. On the Troubleshooting page click on the version tab.Untitledclick_version.jpg

    Fig 9: Click on Version on the troubleshooting page.

  3. The displayed page will have information about the versions of all the components.
    version450.png  

Fig 10: Version Details of all the components.

7. Checking the Health Status:

  1. Login to the Admin Console with your credentials, and click on Troubleshooting.

clicktrblshooting.png

 Fig 11: Click on Troubleshooting in the Admin Console.

     2. On the Troubleshooting page click on Device Health

 

device_health.png

 

 

Fig 12: Click on Device Health on the Troubleshooting page.

    3. The page will show health status about the components.

deviceheallthpage.png

 Fig 13: Health Status of all the components.

 

Labels (1)
Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
11 of 11
Last update:
‎2019-08-14 04:52
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.