Security

The only items that could halt during the upgrade of the cluster is the ability for you to onboard or create new guest accounts. This will happen when you upgrade the PUB as this is he onky device that can write to the DB.

Profiling of new device also is PUB dependent.

Regarding the backup-PUB, the upgrade tool deals with this if you have it configured in your network. It will disable it and then re-enable after the upgrade.

Unfortunately a "quick" upgrade using the 6.5 upgrde tool took me 2 days to sort out.

The tool successfully upgraded the master publisher and one of my secondaries. Two other secondaries just said "Fail", looking at the logs didn't immediately tell me why they didn't come back. The backup publisher just  refused to talk to the master alltogether.

I ended up booting each of the secondaries back into the previous image (6.4.5), manually upgrading them and rebinding them into the cluster.

Also,

Don't like the fact that you're installing an upgrade tool that you can't de-install.

.. or that you can't abort an update once its started.

... or that you can't say "don't upgrade everything in parallel, do secondaries one at a time"

I made the mistake of saying upgrsde everything .... and watched as all the cluster nodes vanished one at a time!

Good job I had our FreeRadius sevice still there to use otherwise I would have had 2 days auth outage on our entire wireless network. ... that would have been fun!

From now on I'll stick to the CLI for doing these upgrades, they've always worked.

A