Search code examples
wso2wso2-api-managerwso2-identity-server

WSO2 - Upgrading identity server in cluster mode ( 5.10 to 5.11 )

I am trying to migrate an identity server from 5.10 version to 5.11 . The actual install (5.10) is in cluster mode (4 servers) and I am using ansible to perform the migration . The steps are the same for each server :

  1. stop identity server service
  2. copy the new version with the migration ressources (sql scripts + migration jar)
  3. configure the new version (5.11) as follow :
[super_admin]
username = "<username>"
password = "<password>"
create_admin_account = false

[authorization_manager.properties]
GroupAndRoleSeparationEnabled = false
  1. Launch the migration process
  2. Once the migration is done , re-configure the deployment.toml file as follow :
[super_admin]
username = "<username>"
password = "<password>"
create_admin_account = true
  1. restart the server without the migration options

The migration of the first server is successful but results in error for the 3 other ones at step 4. The migration process breaks and throws a UserStoreException exception :

ERROR {org.wso2.carbon.is.migration.MigrationClientImpl} - Migration process was stopped. org.wso2.carbon.identity.core.migr
ate.MigrationClientException:  WSO2 Product Migration Service Task : Error while migrating external role permissions.                                                    
        at org.wso2.carbon.is.migration.service.v5110.migrator.GroupsAndRolesMigrator.migrate(GroupsAndRolesMigrator.java:147)                                           
        at org.wso2.carbon.is.migration.VersionMigration.migrate(VersionMigration.java:52)                                                                               
        at org.wso2.carbon.is.migration.MigrationClientImpl.execute(MigrationClientImpl.java:76)                                                                         
        at org.wso2.carbon.identity.core.internal.IdentityCoreServiceComponent.activate(IdentityCoreServiceComponent.java:149)                                           
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)                                                                                                   
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)                                                                                 
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)                                                                         
        at java.lang.reflect.Method.invoke(Method.java:498)                                                                                                              
        at org.eclipse.equinox.internal.ds.model.ServiceComponent.activate(ServiceComponent.java:260)                                                                    
        at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.activate(ServiceComponentProp.java:146)                                                            
        at org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:345)                                                               
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:620)                                                                      
        at org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:197)                                                                     
        at org.eclipse.equinox.internal.ds.Resolver.getEligible(Resolver.java:343)                                                                                       
        at org.eclipse.equinox.internal.ds.SCRManager.serviceChanged(SCRManager.java:222)                                                                                
        at org.eclipse.osgi.internal.serviceregistry.FilteredServiceListener.serviceChanged(FilteredServiceListener.java:113)                                            
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:985)                                                               
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)                                                                         
        at org.eclipse.osgi.framework.eventmgr.ListenerQueue.dispatchEventSynchronous(ListenerQueue.java:151)                                                            
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEventPrivileged(ServiceRegistry.java:866)                                             
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.publishServiceEvent(ServiceRegistry.java:804)                                                       
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistrationImpl.register(ServiceRegistrationImpl.java:130)                                                  
        at org.eclipse.osgi.internal.serviceregistry.ServiceRegistry.registerService(ServiceRegistry.java:228)                                                           
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:525)                                                             
        at org.eclipse.osgi.internal.framework.BundleContextImpl.registerService(BundleContextImpl.java:544)                                                             
        at org.wso2.carbon.core.init.CarbonServerManager.initializeCarbon(CarbonServerManager.java:529)                                                                  
        at org.wso2.carbon.core.init.CarbonServerManager.removePendingItem(CarbonServerManager.java:305)                                                                 
        at org.wso2.carbon.core.init.PreAxis2ConfigItemListener.bundleChanged(PreAxis2ConfigItemListener.java:118)                                                       
        at org.eclipse.osgi.internal.framework.BundleContextImpl.dispatchEvent(BundleContextImpl.java:973)                                                               
        at org.eclipse.osgi.framework.eventmgr.EventManager.dispatchEvent(EventManager.java:234)                                                                         
        at org.eclipse.osgi.framework.eventmgr.EventManager$EventThread.run(EventManager.java:345)                                                                       
Caused by: org.wso2.carbon.user.core.UserStoreException: 30012 - RoleExistingRole name: admin exists in the system. Please pick another role name.                       
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.handleRoleAlreadyExistException(AbstractUserStoreManager.java:7516)                                 
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.doAddInternalRole(AbstractUserStoreManager.java:7483)                                               
        at org.wso2.carbon.user.core.common.AbstractUserStoreManager.addRole(AbstractUserStoreManager.java:6788)

The 4 servers are connected to the same database. My guess is that the error is due to the fact of launching the migration process in servers (the faulty ones) that are plugged into an already migrated database (fully migrated at the end of the migration process of the first 'successful' server) .

If that is the case , would it be safe to perform the migration on one server only , and then just configure the other servers of the cluster with the 5.11 version the classic way, since they are all connected to the same 'migrated' database ?

Thanks in advance .

Solution

  • AFAIK, Migration in WSO2 Identity Server mainly have

    • data migration at the database level
    • Metadata migration, configuration migration in the distribution level (modification in XML files and meta data files)

    Your setup has 1 database hence, performing the migration in one server will migrate the database to the required version.

    My suggestion is,

    • take a backup of your data and deployment
    • Stop 3 IS instances Migrate one IS instance
    • Connect IS 5.11 IS instances with migrated database along with migrated IS
    • Do some dry tests to validate the procedure.