Context
When upgrading from Aerospike local authentication to external authentication, each server is separately authenticated, but maintenance of groups is done by one elected server within the cluster.Method
An in-place upgrade can be supported as long as the following operational procedure is followed:
- Update all clients to a version which supports external authentication (and thus the sensing of whether a server supports the old or new authentication mechanisms),
- Update the server configuration to include LDAP external auth information and restart.
Notes
Note - If you have TLS enabled you must add your certs on the client machine and either an ldap.conf file must be created or environment variables must be set.
Note - A TCP connection attempt with an expired token will fail, and the client must log in again to get a fresh token.