DS: Zero Downtime upgrade strategy using a blue/green deployment
Introduction
This is the continuation of the previous blog on Zero Downtime upgrade strategy using a blue/green deployment for AM. Traditionally, ForgeRock DS upgrades are handled via a rolling upgrade strategy using an in-place update. As many deployments have constraints around this approach (zero downtime, immutable etc), a parallel deployment approach or a blue/green strategy can be leveraged for upgrading ForgeRock DS servers.
This blog provides a high-level approach of using a blue/green methodology for updating ForgeRock DS-UserStores.
This corresponds to Unit 3: DS-UserStores in our overall ForgeRock upgrade approach.
Unit 3: DS-User Store Upgrade
Prerequisites/ Assumptions
- This approach assumes that your infrastructure processes have the ability to install a parallel deployment for an upgrade or you are already using a blue/green deployment.
- In the above diagram, the blue cluster reflects an existing DS deployment (like a 3.5.x version), and the green reflects a new DS deployment (like a 6.5.x version)
- There are N+1 DS servers deployed in your existing deployment: N servers are used for your production workload and one server is reserved for maintenance activities like backup, upgrades, etc. If there is no maintenance server, then you may need to remove one server from the production cluster (thereby reducing production load capacity) or install an additional DS server node for this upgrade strategy.
- Review release notes for all DS versions between existing and target DS deployment for new, deprecated features, bug fixes etc. E.g. for DS 3.5 to DS 6.5 upgrade, review the release notes for DS 5.0, 5.5, 6.0 and 6.5 versions.
Upgrade Process
- Unconfigure replication for the DS-3 user store. Doing so ensures that the upgrade doesn’t impact your existing DS deployment.
- Upgrade DS-3 in-place using DS upgrade process.
- Create a backup from DS-3 using DS backup utility.
- Configure Green RS-1’s replication with the existing Blue replication topology.
- Configure Green RS-2’s replication with the existing Blue replication topology.
- Install Green DS-1 and restore data from backup using the DS restore utility.
- Install Green DS-2 and restore data from backup using the DS restore utility.
- Install Green DS-3 and restore data from backup using the DS restore utility.
- Configure Green DS-1’s replication with Green RS-1.
- Configure Green DS-2’s replication with Green RS-1.
- Configure Green DS-3’s replication with Green RS-1.
Switch over to the new deployment
12. After validating that the new deployment is working correctly, switch the load balancer from blue to green. This can also be done in an incremental way. In case of any issues, you can always rollback to blue deployment.
In case direct hostnames are used by DS clients such as AM, IDM etc, then those configurations need to be updated to leverage new green hostnames.
Post Go-live
13. Unconfigure the blue RS1 replication server to remove this server from blue’s replication topology.
14. Unconfigure the blue RS2 replication server to remove this server from blue’s replication topology.
15. Stop the blue DS servers.
16. Stop the blue RS servers.
17. Deprovision the blue deployment (Not shown in the diagram)
Conclusion
Although a blue/green deployment requires a high level of deployment maturity, this approach provides an elegant approach for minimizing downtime for ForgeRock deployment upgrades. It is always advisable to practice upgrade strategy in lower environments like dev, stage before moving to production environment.
Depending on the complexity of your deployment, there can be multiple things to be considered for these upgrades such as customizations, new FR features, etc. It is always recommended to break the entire upgrade process into multiple releases like “base upgrade” followed by “leveraging new features” etc.
