Sie zeigen eine alte Version dieser Seite an. Zeigen Sie die aktuelle Version an.

Unterschiede anzeigen Seitenhistorie anzeigen

« Vorherige Version anzeigen Version 4 Nächste Version anzeigen »

Local additions to the official upgrade instructions from the Shibboleth wiki, to be re-visited for each upgrade of the IDP software.

This page describes the steps to update your IDP 4.x – when you're already running IDPv4!
See IDP 4 Migration from previous releases when you're still running an older IDP release.

Install new IDP 4.x software over the existing IDP 4.x installation

Download and unpack the latest Shibboleth IDP software, adjusting the value of $VER to the latest/current version. Optional (but recommended, if you understand how PGP and the Web of Trust work) commands for verification of the software using cryptographic signatures from the Shibboleth devlopers are included below.

First we'll stop the running Tomcat because it might otherwise try to reload the Shibboleth application even before we're done with all the required steps provided below:

systemctl stop tomcat9

Next start the upgrade:

{include} konnte nicht gerendert werden Die eingeschlossene Seite konnte nicht gefunden werden.

This will use the current directory (/usr/local/src/shibboleth-identity-provider-$VER) as source and the default directory (/opt/shibboleth-idp) as target, and should produce output like this:

Source (Distribution) Directory (press <enter> to accept default: [/usr/local/src/shibboleth-identity-provider-4.1.2]
Installation Directory: [/opt/shibboleth-idp]
Rebuilding /opt/shibboleth-idp/war/idp.war ...
...done
BUILD SUCCESSFUL
Total time: 4 seconds

Adjust permissions

It will be necessary to re-apply file system permission changes done during installation, so just run these again:

{include} konnte nicht gerendert werden Die eingeschlossene Seite konnte nicht gefunden werden.

You'll also want to regenerate the list of the IDP's JARs that shouldn't be scanned during Tomcat startup, see section Slow Startup towards the end of that Shibboleth wiki page. Those will go into /etc/tomcat9/context.xml so we'll make a time-stamped backup copy of that file before replacing its content:

{include} konnte nicht gerendert werden Die eingeschlossene Seite konnte nicht gefunden werden.

Restart Tomcat, which may take a bit, and check the logs for WARN and ERROR messages: By default the IDP logs to /opt/shibboleth-idp/logs/idp-process.log but if something is seriously wrong and the IDP isn't even able to start up you'll have to look at Tomcat's journal entries:

systemctl restart tomcat9
multitail /opt/shibboleth-idp/logs/idp-process.log -l 'journalctl -u tomcat9.service -f'  # exit with 'q'

Now the IDP should be running the current version and you can test the output of the status command line utility:

/opt/shibboleth-idp/bin/version.sh
/opt/shibboleth-idp/bin/status.sh
  • Keine Stichwörter