To update the notes from the 8.1 post, I had a working setup with a primary and replica 8.1 AM server, and a web server for each.
Updating the Authentication Manager's themselves was straightforward, edit the VMs to add a CD-ROM drive and mount the ISO of the 8.1SP1 update - 8.1.0 directly to 8.2 is not supported. Take a snapshot of the working 8.1 VM. Enter the Service Console, and navigate to updates in the maintenance menu. Then set the CD as the update source, do a scan, then select install on the resulting option. This got both AM servers to 8.1.1 in fairly short order. Delete the snapshots when complete.
Repeat to go from 8.1.1 to 8.2.
Repeat to go from 8.1.1 to 8.2.
In theory the web servers are similar, in practice I tried to update them to 8.1.1 and somewhere along the line things went awry and the primary one went into status 'reinstall required' while the secondary just became disconnected altogether.
I uninstalled the RSA software from each of them and reinstalled complete with a new web tier package file from the Manager, and all was well.
SSH to the primary as rsaadmin,
cd /opt/rsa/am/utils
./rsautil manage-secrets -a get com.rsa.db.dba.password
com.rsa.db.dba.password: blah blah long password here
cd ../pgsql/bin
./psql -h localhost -p 7050 -d db -U rsa_dba
./psql -h localhost -p 7050 -d db -U rsa_dba
Password for user rsa_dba: blah blah long password her
psql.bin (9.4.1)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off)
Type "help" for help.
db=# select * from rsa_rep.IMS_INSTANCE_NODE;
(returns a table of your authentication manager instances)
db=# update RSA_REP.IMS_INSTANCE set deployed_state='out_of_sync' where is_primary='FALSE';
UPDATE 1
db=#
Then you can go back into the Operations Console and select manual sync within replication reports and things are then fixed.
I uninstalled the RSA software from each of them and reinstalled complete with a new web tier package file from the Manager, and all was well.
Update
- All wasn't well, replication was broken. I found RSA DOC 49528 with a fix for it:SSH to the primary as rsaadmin,
cd /opt/rsa/am/utils
./rsautil manage-secrets -a get com.rsa.db.dba.password
com.rsa.db.dba.password: blah blah long password here
cd ../pgsql/bin
./psql -h localhost -p 7050 -d db -U rsa_dba
./psql -h localhost -p 7050 -d db -U rsa_dba
Password for user rsa_dba: blah blah long password her
psql.bin (9.4.1)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-SHA, bits: 256, compression: off)
Type "help" for help.
db=# select * from rsa_rep.IMS_INSTANCE_NODE;
(returns a table of your authentication manager instances)
db=# update RSA_REP.IMS_INSTANCE set deployed_state='out_of_sync' where is_primary='FALSE';
UPDATE 1
db=#
Then you can go back into the Operations Console and select manual sync within replication reports and things are then fixed.
No comments:
Post a Comment