2.5 Upgrading eDirectory

When upgrading eDirectory, you can use one of the following upgrade paths:

NOTE:There are no special steps to upgrade from a 32-bit version of eDirectory to a 64-bit version of eDirectory. You can follow the same procedure as you would to upgrade from a 32-bit version to a new 32-bit version.

The following sections provide information to help you upgrade your existing eDirectory installation to the current version.

NOTE:The ndsconfig upgrade command is used to upgrade the necessary configuration of the individual components such as HTTP, LDAP, SNMP, SAS, and NetIQ Modular Authentication Service (NMAS).

2.5.1 Server Health Checks

With eDirectory 8.8, when you upgrade eDirectory, a server health check is conducted by default to ensure that the server is safe for the upgrade:

Based on the results obtained from the health checks, the upgrade will either continue or exit as follows:

  • If all the health checks are successful, the upgrade will continue.

  • If there are minor errors, the upgrade will prompt you to continue or exit.

  • If there are critical errors, the upgrade will exit.

See Section B.0, eDirectory Health Checks for a list of minor and critical error conditions.

Skipping Server Health Checks

To skip server health checks, run nds-install -j or ndsconfig upgrade -j from the installation folder.

For more information, see Section B.0, eDirectory Health Checks.

2.5.2 Upgrading on Linux Servers Other Than OES

eDirectory upgrade is supported from eDirectory 8.8 SP2 onwards. If you have eDirectory 8.8 SP2 or later versions installed, you can directly upgrade to eDirectory 8.8 SP8.

To upgrade, use the nds-install utility. This utility is located in the Setup directory of the downloaded file for Linux platform. Enter the following command from the Setup directory:

./nds-install

After the upgrade to eDirectory 8.8, the default location of the configuration files, data files, and log files are changed to /etc/opt/novell/eDirectory/conf, /var/opt/novell/eDirectory/data, and /var/opt/novell/eDirectory/log, respectively.

The new directory /var/opt/novell/eDirectory/data uses a symbolic link to the /var/nds directory.

The old configuration file /etc/nds.conf is migrated to /etc/opt/novell/eDirectory/conf directory. The old configuration file /etc/nds.conf and the old log files under /var/nds are retained for reference.

NOTE:Run ndsconfig upgrade after nds-install, if the upgrade of the DIB fails and nds-install asks to do so.

NOTE:Health check fails due to time sync. To resolve this issue, perform a time sync between the instances. You can ignore this warning message during upgrade.

2.5.3 Unattended Upgrade of eDirectory on Linux

On Linux, eDirectory provides switches and options along with the install script and configuration utility that facilitates the unattended upgrade. The following sections discuss various steps for unattended eDirectory upgrade on Linux:

  1. Perform the health check of eDirectory:

    Health check of all the root instances planned for upgrade is manually done by using ndscheck utility.

    1. export LD_LIBRARY_PATH to the <untarred location of eDirectory>/eDirectory/setup/utils

    2. Run ndscheck using one of the below commands:

      <untarred location of eDirectory>/eDirectory/setup/utils/ndscheck -a <user name> -w passwd --config-file <nds.conf with absolute path> 
      

      Passing the password through environment variable: <untarred location of 88SP8>/eDirectory/setup/utils/ndscheck -a <user name> -w env:<environment variable> --config-file <nds.conf with absolute path>

      Passing the password through file: <untarred location of 88SP8>/eDirectory/setup/utils/ndscheck -a <user name> -w file:<filename> --config-file <nds.conf with absolute path>

      Any one of the above can be used in the automated script for the health check. For example:

      /Builds/eDirectory/utils/ndscheck -a admin.novell -w n 
      /Builds/eDirectory/utils/ndscheck -a admin.novell -w env:ADM_PASWD 
      /Builds/eDirectory/utils/ndscheck -a admin.novell -w file:adm_paswd 
      
  2. Upgrade the eDirectory 8.8 packages:

    1. Run the nds-install script to upgrade the packages as below:

      nds-install -u -i -j
      
  3. Update the following environment variables:

    PATH=/opt/novell/eDirectory/bin:/opt/novell/eDirectory/sbin:$PATH 
    LD_LIBRARY_PATH=/opt/novell/eDirectory/lib:/opt/novell/eDirectory/lib/nds-modules:/opt/novell/lib:$LD_LIBRARY_PATH 
    MANPATH=/opt/novell/man:/opt/novell/eDirectory/man:$MANPATH 
    TEXTDOMAINDIR=/opt/novell/eDirectory/share/locale
    
  4. Upgrade eDirectory by using the ndsconfig utility for all the root instances by using the following commands:

    ndsconfig upgrade -a <user name> -w passwd -c --config-file <nds.conf with absolute path>
    

    Passing the password through environment variable: ndsconfig upgrade -a <user name> -w env:<environment variable> -c --config-file <nds.conf with absolute path>

    Passing the password through file: ndsconfig upgrade -a <user name> -w file:<filename with absolute/relative path> -c --config-file <nds.conf with absolute path>

    Any of the above can be used in the automated script for the eDirectory upgrade. For example:

    ndsconfig upgrade -a admin.novell -w n -c -–config-file /etc/opt/novell/eDirectory/conf/nds.conf 
    
    ndsconfig upgrade -a admin.novell -w env:ADM_PASWD -c --config-file /etc/opt/novell/eDirectory/conf/nds.conf 
    
    ndsconfig upgrade -a admin.novell -w file:/Builds/88SP8/adm_paswd -c --config-file /etc/opt/novell/eDirectory/conf/nds.conf
    

2.5.4 Upgrading eDirectory on Existing OES

This version is not supported on OES. For more information on upgrading eDirectory on an existing OES installation, refer to the Updating (Patching) an OES 11 SP2 Server section in the OES Installation Guide.

2.5.5 Upgrading the Tarball Deployment of eDirectory 8.8

If you want to upgrade the tarball deployment from eDirectory 8.8 to eDirectory 8.8 SP8, perform the following steps:

  1. Download the tarball build.

  2. Take backup of the following configuration files:

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ndsimon.conf

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ice.conf

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ndsimonhealth.conf

    • $NDSHOME/eDirectory/etc/opt/novell/eDirectory/conf/ndssnmp/ndssnmp.cfg

    • $NDSHOME is the location where eDirectory is installed.

  3. For upgrade of eDirectory versions lower than 8.8 SP1, do the following:

    • Perform disk space check using ndscheck -D --config-file conf_file_path

    • Create an empty file upgradeDIB under the DIB location of each server instance.

      The list of instances can be obtained using the ndsmanage utility.

  4. Run pre upgrade health check for the all instances using ndscheck and check the ndscheck.log file for any errors before proceeding with the upgrade.

  5. Stop all instances using ndsmanage.

  6. Untar the tarball in the same location ($NDSHOME) where eDirectory is installed. By untarring the tarball in the same location, you are overwriting the binaries and libraries.

  7. Upgrade the following package if necessary.

    Platform

    Command

    Packages

    Linux

     

    • novell-NOVLsubag-8.8.8-x.x86_64.rpm

    • nici64-2.7.7-x.x.x86_64.rpm

      NOTE:For more information on installing 64-bit NICI, refer to the Installing NICI.

  8. Restore the configuration files.

  9. Run the $NDSHOME/eDirectory/opt/novell/eDirectory/bin/ndspath for setting all environment variables.

  10. Run ndsconfig upgrade -j for all instances. While running ndsconfig upgrade follow the order in which the master replica is the first and followed by Read/Write and others.

2.5.6 Upgrading Multiple Instances

This section contains the following information:

Root User has Multiple Instances

If you run nds-install after upgrading the package, it prompts you to upgrade the DIB files of all the eDirectory server instances, which might take a long time to complete. If you wish to perform the DIB upgrade in parallel, you can do it manually. For information about manually upgrading the DIB, refer to the eDirectory Readme. If you upgrade the DIB for all the active instances one by one, it runs the ndsconfig upgrade command separately for each instance. If you have a larger DIB, you can select No and run the ndsconfig upgrade in parallel in separate shells, which can reduce the upgrade time of each instance.

Non Root User's Instances

If you have non root users’ instances which are using root users’ binaries, before doing the package upgrade you need to run ndscheck for such instances and make sure that their health is proper by referring the ndscheck.log file. If you run nds-install, it stops all the instances, including the non root user's instances. After doing the package upgrade, the nds-install command does not call ndsconfig upgrade for nonroot user's instances. You need to manually run ndsconfig upgrade for all nonroot user's instances to start these instances.

Order of Upgrade

While running ndsconfig upgrade, it is recommended to follow the order in which master replica comes first and then Read/Write or other replicas.