Upgrading the LDT Agents in an LDT Communication Group from 7.2.0 to 7.3.0
Note
This is applicable for Linux and Windows.
When upgrading from CTE 7.2.0, all nodes in an LDT Communication Group must be upgraded together to 7.3.0. Rolling upgrades do not work because CTE 7.3.0 introduces security improvements and authentication features that involve the LDT Communication Group. All nodes must contain CTE 7.3.0 in order to be able to communicate.
For example, if an LDT Communication Group contains 10 nodes, then, with 7.2.0, you could upgrade them individually and still expect secfsd communication services to operate as expected. Note that the 10 nodes in the LDT Communication Group may or may not guard the same CIFS/NFS share, but they use the same LDT Communication Group master for communicating. With 7.2.0, if node1 were to be upgraded from 7.2.0.xxx to 7.2.0.yyy, then this does not affect the progress of LDT. Also, node1 is able to use all services correctly because it is admitted to the group by the upgraded communication master. So in this case, a rolling upgrade is possible.
With 7.3.0, Thales is introducing authentication for the LDT communication group nodes. Therefore, only nodes that have the capability to authenticate themselves can be part of the LDT Communication Group. As a result, for an upgrade operation, the entire set of 10 nodes in the LDT Communication Group have to be scheduled for maintenance at the same time. In the maintenance window, you must upgrade all nodes to 7.3.0. After a successful upgrade, the administrator should verify that all GuardPoints are green and working as expected. Any node with 7.2.0 will not be able to authenticate to the LDT Communication Group and, therefore, will not be admitted into the LDT Communication Group.
Procedure
-
Start a maintenance window by removing all nodes, in the LDT Communication Group, from production.
-
Upgrade all nodes to 7.3.0.
-
Verify that all GuardPoints are guarded on all nodes as expected, type:
voradmin ldt group check <gp path>
-
Verify that the LCG communications master is up and running, in Windows, by typing:
voradmin ldt group comm_info
Note
Linux is adding support for this command in a subsequent version.
-
When finished upgrading, add the nodes back into production.