06-14-2016 03:38 AM
Just looking at performing a major upgrade from 6.5.4 to 6.6 on our CPPM cluster. The last upgrade from 6.4 to 6.5 didn't go that well but luckily our wireles users could fall back onto FreeRadius while I sorted the mess out. Unfortunately we've now got loads of ComWare switch stacks all using Clearpass and will NOT work using FreeRadius.
What I'm planning on doing is
Create new master publisher with both interfaces on same networks as production master publisher running 6.5.6
Backup existing master ... and
upgrade new master to same release as current master (6.5.6)
Run new master on temp license
Restore backup onto new master
Upgrade to 6.6 ( VSA change from HP to Hewlett-Packard-Enterprises was a major pain)
Bind new hardware appliance to new master forming a new cluster giving 10 K licenses
As we're load balancing using an F5, add the 2 new servers to F5 load balance pool
one by one unbind secondary publishers from old cluster, upgrade and bind to new one
( Shouldn't have any effect on auths as both clusters will be getting auth requests from the F5)
Eventually I'll have the old master publisher running in standalone mode and all clearpass servers bound to the new master.
This is the bit I'm not sure about.
1). I then need to shutdown the old master publisher and change the IP address of the new publisher primary interface to be the old one ( we've got a lot of UDPhelpers pushing DHCP info to the old master publsher). We don't use the master publisher for authentication and all bar 1 of the secondary servers have the secondary (data) network port connected together.
2). Our new hardware appliance will be locafed in a DR room elsewhere on campus and so will only be connecte to the cluster via its primary interface. I guess I'll need to unbind it from the new master publisher before I do the Ip address change and then rebind it after the adress change.
Does the above sound right?