| | 2 | |
| | 3 | This page documents the configuration change test procedure in the IAM Shibboleth installation. The Shibboleth installation has two servers (hanin and heald) in a master and hot standby configuration. Currently heald is the hot standby and hanin is the master. |
| | 4 | |
| | 5 | 1. Check out the appropriate directory from subversion on the hot standby Shibboleth server. |
| | 6 | {{{ |
| | 7 | [sxjpm@heald Junk]$ svn co svn+ssh://sxjpm@iron.alaska.edu/usr/local/iam/shib-svn/idp/trunk/conf |
| | 8 | A conf/service.xml |
| | 9 | ... |
| | 10 | A conf/login.config |
| | 11 | Checked out revision 1. |
| | 12 | }}} |
| | 13 | |
| | 14 | 2. Copy the changed configuration file into place on the IdP. |
| | 15 | {{{ |
| | 16 | [root@heald ~]# cp ~sxjpm/Junk/conf/attribute-filter.xml /opt/shibboleth-idp/conf/attribute-filter.xml |
| | 17 | }}} |
| | 18 | |
| | 19 | 3. Restart the IdP. |
| | 20 | {{{ |
| | 21 | [sxjpm@heald Junk]$ pbrun su - |
| | 22 | [root@heald ~]# su - tomcat |
| | 23 | -bash-3.2$ |
| | 24 | -bash-3.2$ /opt/tomcat/bin/shutdown.sh |
| | 25 | -bash-3.2$ ps -ef | grep tomcat |
| | 26 | root 8811 8784 0 13:58 pts/1 00:00:00 grep tomcat |
| | 27 | tomcat 12756 1 0 Jun21 ? 00:03:50 /usr/lib/jvm/jre-1.6.0-sun.x86_64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Xmx1024m -XX:MaxPermSize=128m -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.endorsed.dirs=/opt/tomcat/endorsed -classpath /opt/tomcat/bin/bootstrap.jar -Dcatalina.base=/opt/tomcat -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp org.apache.catalina.startup.Bootstrap start |
| | 28 | -bash-3.2$ /opt/tomcat/bin/startup.sh |
| | 29 | }}} |
| | 30 | |
| | 31 | 4. Check the logs for startup anomalies and fix as necessary. |
| | 32 | {{{ |
| | 33 | -bash-3.2$ cat /opt/shibboleth-idp/logs/idp-process.log | grep "DEBUG" |
| | 34 | -bash-3.2$ cat /opt/shibboleth-idp/logs/idp-process.log | grep "ERROR" |
| | 35 | }}} |
| | 36 | |
| | 37 | 5. Test with web browser. |
| | 38 | * Linux: Modify local hosts file to point at standby IdP and then test SP/IdP interaction with local web browser. |
| | 39 | {{{ |
| | 40 | john@fearless:~$ sudo vi /etc/hosts |
| | 41 | ... |
| | 42 | # Heald |
| | 43 | 137.229.114.189 idp.alaska.edu |
| | 44 | ... |
| | 45 | :wq! |
| | 46 | }}} |
| | 47 | * Windows: TBD |
| | 48 | |
| | 49 | 6. If test results are good then repeat steps 1. and 2. from above on hanin. The IdP is configured to reload the attribute resolution, attribute filtering, and relying party configurations every 15 minutes. So wait 15 minutes or so and then revert hosts changes in step 5. and repeat step 5. |
