AAA, NAC, Guest Access & BYOD

How to Upgrade CPPM Cluster nodes with High Availability Configured?

by on ‎06-27-2014 11:13 AM - edited on ‎07-02-2014 09:58 AM by

To upgrade cluster nodes with High Availability configurations, always make sure that the Cluster nodes are in sync or Cluster sync status is healthy.

Steps to Upgrade Cluster nodes with High Availability configurations:

1. Always Upgrade Publisher First, followed by upgrading of remaining cluster nodes/subscribers.

2. It will prompt to turn off the Publisher Standby Configuration before performing upgrade. This is
done so that, Designated Standby should not get promoted as new publisher.

3. Once the Designated Standby configuration is set to False, Upgrade of Publisher succeeds.

4. Now try upgrading remaining cluster nodes.

Suppose you unknowingly upgraded a cluster of nodes, where designated standby is out of sync, the
cluster sync status may end up something like below:

Problem: 

On upgrading an out of sync cluster with VIP and Designated Standby enabled, following is the state:

On Publisher:  Cluster Sync status for Subscriber Node (Designated Standby) = IN_PROGRESS
On Subscriber:  Cluster Sync status = Out of Sync.

This means, subscriber cannot be joined back to cluster, until the same is dropped from Publisher.

 


Solution:

Drop subscriber from Publisher.

1. On Publisher, Drop subscriber will be refused, and an error is prompted to disable Designated
Standby configuration.

2. Next set Designated Standby configuration to False using Cluster Wide parameters.

3. If subscriber node is part of VIP configuration, then Drop subscriber will be refused again, and an
error is prompted to disable VIP configuration.

4. After disabling the above, Drop subscriber completes successfully on Publisher.

5. Since Cluster is out of sync, manually reset the database on Subscriber and perform Make
subscriber on this node.

6. Once the subscriber is added back to cluster, reconfigure the VIP and Designated standby
configuration as before to have high availability working as expected.

Comments
Islam Zidan
I beive it will be better to drop subscriber and upgrade each one and then readding them

Hi Zidan,

 

We have seen many successful upgrades of Cluster Nodes. Upgrading the Cluster without dropping the nodes ensures failover/high-availability to the Production networks.

 

ClearPass Upgrade may take several hours based on the config/log database, we need to set enough amount of maintenance window.

When you reboot the server after the upgrade, please login to CLI and check for the banner indicating "Upgrade is still in progress". If you see this banner, do not take any action like Rebooitng Server, Restarting Services, Configuration Change and start upgrading any other node in same cluster.  Please wait untill the banner disappers in the CLI. You could also login to the WEB UI and check the Event Viewer to confirm the Server Upgrade status.

 

Always Upgrade the Publisher first and then proceed upgrading the Subscribers one by one.

 

 

 

 

 

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.