You are here

Home › Airlock WAF Cluster Upgrade Guide with full installation

Airlock WAF Cluster Upgrade Guide with full installation

Submitted on 3. December 2018 - 13:11 by meierfra.
Last update on 24. January 2023 - 16:19.
Affects product: 
Airlock WAF
Affects version(s): 
Airlock Gateway 7.x

 

This article is deprecated. Please watch the chapter "Failover Cluster Upgrade with full system installation" in the documentation of Airlock Gateway 8.0 and newer on docs.airlock.com.

The following procedure describes how to upgrade an Airlock WAF HA cluster setup while performing a full installation of the nodes. This may be nessesary if no update of the nodes is possible, for example when upgrading to a new major version (e.g. from 6.x to 7.x).

Upgrade steps

1. Upgrading system A (passive System):

  • Export the cluster configuration (include sensitive data).
  • Take system A offline by clicking the "Offline" button found in "System Setup > System Admin > System Control".
  • System B should remain in active mode and all applications should still be accessible as normal.
  • Install Airlock WAF on system A.
  • Take the system A offline.
  • Deploy add-on modules if necessary.
  • Import the cluster configuration (exported before the reinstall). Resolve Errors if necessary.
  • Activate the configuration. After activation system A should remain in offline mode.
  • Make sure that the configuration is complete and correct.
  • Export the latest configuration from system A (include sensitive data).

2. Synchronize session store, to upgrade without losing the active sessions

If no seamless cluster upgrade without session loss is intended, this section may be skipped and continued with the next section.

  • open a console (SSH shell) on system A
  • copy the SSH public key of system A to system B with the following command: "ssh-copy-id <system B>"
  • In the Airlock WAF Configuration Center of system A, the banner saying "Cluster partner node <system B> not reachable" should disappear after a minute (page refresh needed).
  • Take the system A online. System A should enter passive state while system B remains active.
  • In the logs of system A you should find the "EVENT_SY-H-DBSYNC-OK" event saying "Database synchronization with passive Airlock successful".

3. Switch from system B (old) to system A (new):

  • Take system B (old) offline and, if not already done, system A online.
  • System A (new) should switch to active mode.
  • Make sure that the traffic is served through system A and everything runs properly.

4. Upgrading system B:

  • Install Airlock WAF on system B.
  • Take the system B offline.
  • Deploy add-on modules if necessary.
  • Import the latest configuration exported from system A.
  • Activate the configuration. After activation system B should remain in offline mode.
  • Export the latest configuration from system B (include sensitive data).
  • Log out from Airlock WAF Configuration Center on system B.

5. Complete the cluster setup:

  • Import the latest configuration exported from system B to system A.
  • Activate the configuration only on system A. Choose "Activate on 'system A'" on the activation pop-up.
  • In the Airlock WAF Configuration Center of system B, the banner saying "Cluster partner node <system A> not reachable" should disappear after a minute (page refresh needed).
  • Set system B online. It should directly switch to passive mode.
  • System A should be active and system B passive.
  • Check if the traffic is still served only through system A and everything runs properly.
Knowledge Base Categories: 
Installation
Configuration
Operating
© Ergon Informatik AG