ForgeOps

Upgrade the platform to a newer 7.5 patch release

If you’ve installed version 7.5 of the Ping Identity Platform using artifacts from the forgeops repository, follow the steps provided on this page to upgrade to a new patch release of Ping Identity Platform 7.5.

Use these steps to upgrade the platform in place, with no downtime.

This upgrade methodology has been tested against a deployment based on ForgeOps-provided evaluation Docker images with basic configuration settings.

Because the Ping Identity Platform is highly customizable, it is challenging to test all possible upgrade scenarios. It is your responsibility to validate that these upgrade steps work correctly in a test environment with your customized configuration before you upgrade a production environment.

Prerequisites and assumptions

To upgrade the platform to a newer patch release, you’ll need:

  • A running version 7.5 small, medium, or large ForgeOps deployment.

  • A forgeops repository clone with a branch that contains the artifacts for the newer patch release.

Example commands in the steps on this page assume:

  • Your 7.5 ForgeOps deployment is a small cluster.

  • Your 7.5 ForgeOps deployment does not include PingGateway.

When you perform the upgrade:

  • Specify a different cluster size, if applicable.

  • Add commands to upgrade PingGateway, if applicable.

Back up critical data

Before upgrading, back up all critical data, including:

  • Directory data stored in the ds-idrepo and ds-cts backends

  • AM and IDM configuration data

  • Customized artifacts in your forgeops repository clone

After you’ve started to upgrade, you may not be able to roll back directory data easily because the data is upgraded in place; to roll back directory data, you must redeploy DS and restore directory data. Consider backing up directory data on volume snapshots for a simpler restore scenario.

Upgrade the ForgeOps deployment to the new patch release

  1. If you have AM or IDM configuration changes that you haven’t already exported to a configuration profile:

    1. Locate a branch of your forgeops repository clone that contains version 7.5 artifacts and check out the branch.

    2. Locate the namespace running a single-instance deployment of version 7.5 of the platform that has the AM and IDM configuration changes.

    3. Export the AM and IDM configurations from the running 7.5 single-instance ForgeOps deployment:

      $ cd /path/to/forgeops
$ ./bin/config export am my-config-profile --sort 
$ ./bin/config export idm my-config-profile --sort

    4. Run the am-config-upgrader utility to upgrade the AM configuration:

      $ cd /path/to/forgeops
$ ./bin/am-config-upgrader docker/am/config-profiles/my-config-profile

  2. Run the git add . and git commit commands.

  3. Set your Kubernetes context so that you can access the cluster on which the small, medium, or large ForgeOps deployment resides.

  4. Upgrade the ds-cts pods to the new patch release:

    $ cd /path/to/forgeops
$ ./bin/forgeops install ds-cts --small

    This command updates one ds-cts pod at a time. Run the kubectl get pods --watch command to observe the pod upgrades.

    After all the ds-cts pods have been upgraded, run the ds-debug.sh command to verify that directory replication is working correctly. Run commands similar to the following for each ds-cts pod:

    $ ./bin/ds-debug.sh rstatus podname

  5. Upgrade the ds-idrepo pods to the new patch release:

    $ cd /path/to/forgeops
$ ./bin/forgeops install ds-idrepo --small

    This command updates one ds-idrepo pod at a time. Run the kubectl get pods --watch command to observe the pod upgrades.

    After all the ds-idrepo pods have been upgraded, run the ds-debug.sh command to verify that directory replication is working correctly. Run commands similar to the following for each ds-idrepo pod:

    $ ./bin/ds-debug.sh rstatus podname

  6. Build Docker images for the newer patch release that contain your configuration profile:

    $ cd /path/to/forgeops
$ ./bin/forgeops build am --config-profile my-config-profile --push-to my-repo
$ ./bin/forgeops build idm --config-profile my-config-profile --push-to my-repo

    The newly-built Docker images are based on ForgeOps-provided evaluation Docker images.

  7. Upgrade the Ping Identity Platform pods to the new patch release:

    $ ./bin/forgeops install ui --small
$ ./bin/forgeops install am --small
$ ./bin/forgeops install idm --small

    Wait for the pod upgrades to complete. Run the kubectl get pods --watch command to observe the pod upgrades.

  8. Start the AM and IDM admin UIs in your upgraded small, medium, or large ForgeOps deployment. Verify that:

    • The start page for each admin UI displays the expected component version for the newer patch release.

    • AM and IDM use your custom configuration.

  9. If you are using a Kubernetes-based Ping Identity Platform deployment in production, you must rebuild Docker images based on the newer patch release, and then build custom Docker images based on those images:

    1. Build your own Docker base images. Refer to Your own base Docker images for more information.

    2. Rebuild your custom Docker images, and base them on your new base Docker images. Refer to Create Docker images for use in production for more information.