I have a CPAM 1.5.0 2 node HA cluster. I'm looking to upgrade to version 1.5.2. The only documentation I see on Cisco's site is the upgrade for a single server, which is a fairly easy process. But what I don't know if is if I follow the steps exactly for each server or is there something else that needs to get done for the HA piece?
Just as a quick test of the setup process, I upgraded one of the nodes, but when I went to execute the upgrade, I was told I couldn't because a peer service was started. To work around that, I removed the shared IP out of the configuration for the one node. That allowed me to proceed and upgrade the box. However, again, is that the proper upgrade path or is there something else I'm missing? Is it as easy as just upgrading the second node and then re-entering the shared IP address?
Here are the steps I followed from the Release Notes for Cisco Physical Access
Control, Release 1.5.2
Upgrading CPAM from 1.5.0/1.5.1 to CPAM 1.5.2
Note The below given procedure should be followed before upgrading from 1.5.0 or 1.5.1 to 1.5.2. This
applies to CPS-MSP-1RU-K9, CPAM 1.5.x virtual machines and CPS-UCS-1RU-K9 platforms.
Step 1 Stop cpamacserver via webadmin.
Step 2 Copy the preupgrade-1.5.2.zip file to the server under /home/cpamadmin.
Step 3 Extract the preupgrade-1.5.2.zip file using the command unzip preupgrade-1.5.2.zip.
Step 4 Change the file to the preupgrade folder using the command cd preupgrade.
Step 5 Change the permission for all the 3 files namely preUpgrade.sh, immortal.sh and upgrade.sh files
using the command chmod 755 <filename>.
Step 6 Run the dos2unix <filename> command for both the scripts.
Step 7 Stop the immortal service using the command service immortal stop.
Step 8 Execute the preUpgrade.sh script alone.
Note Do not run the upgrade.sh script.
Step 9 Start immortal service using the command service immortal start.
Step 10 Upgrade to 1.5.2 by uploading the appropriate upgrade bin file from the webadmin.
Thanks for any help/advise.
You need to stop services on both servers, first on the HA, then on the Active.
Perform the upgrade.
Start the Active server, then start the HA server.
Did you remove the shared IP from both servers? If your active server is running currently, your standby is probably not actually sync'd anymore, due to the software differences.
Thanks for the reply. I had to stop the server service as well as remove the shared IP to even perform the upgrade, so both steps were done on both servers. Unfortunately I did NOT stop the server service or remove the shared IP on the secondary node BEFORE I did the upgrade on the primary. But, again, I did stop server and removed shared IP from primary before upgrading it.
My databases are out of sync still after performing upgrade on both and re-inputting the shared IP and starting the server service again. I'm not sure they are even in a "cluster" at this point. When I look in the High Availability Audit log, they both claim to be active, and the personnel is populated on the primary CPAM server when using the CPAM client, and the personnel list is empty on the secondary - not sure if that is by design or my suspicions are correct that the clustering/HA got messed up during the upgrade.
Would you happen to know how I can "kickstart" the HA again or is this a TAC call?
Thanks again Levi.
Unfortunately at this point... it's going to be a TAC call. The good news is, you have an active primary server with a good database. So this is recoverable. First step - Get that full config backup with events (events are optional... but I always try to grab them when possible) downloaded. Depending on how many badges you have, this backup will probably be in the 500 MB range. (1000 badges, 50-100 doors). If you download the backup file, and it's only a meg or two in size, you aren't getting the full backup and it'll probably have to be done from the command line.
I forget, is this a virtual environment? If so, I'd spin down the secondary server, throw a new VM out with just the HA license applied, and then re-input the shared IP settings. Give it a few hours to sync.
This isn't the first time I've ran into this, so I do believe the TAC team will be able to help get you back up to speed in relatively little time!