Upgrading CCC
You have the option to upgrade to CCC 4.1 from the following CCC versions:
-
CCC 4.0
-
CCC 3.9
-
CCC 3.8.1
-
CCC 3.8
-
CCC 3.7.2
-
CCC 3.7.1
-
CCC 3.7
If you are planning to upgrade to the latest version of CCC, you must back up and restore your current database using the instructions provided in the Migrating Database section. Failure to do so will result in the irreversible loss of your existing database after the upgrade.
Upgrading from CCC 4.0 to CCC 4.1
To upgrade CCC from version 4.0 to 4.1, follow these steps based on your environment:
For Podman Users:
Navigate to the podman directory and execute the following command:
podman-compose down
Check if the CCC container is removed using the following command:
podman ps -a
If a container named "ccc" appears, execute the command below to remove it:
podman rm -f ccc
Remove the "ccc:4.0" image from the local repository:
podman rmi -f ccc:4.0.0
Follow the installation instructions for CCC 4.1.
For Kubernetes Users:
On the master node, stop the previous CCC container and related resources using the following commands:
kubectl delete -f deployment.yaml
kubectl delete -f service.yaml
kubectl delete -f config-map.yaml
kubectl delete -f lunalogs-volume.yaml
kubectl delete -f postgres-data.yaml
kubectl delete -f packages-volume.yaml
kubectl delete -f serverlogs-volume.yaml
kubectl delete secrets ccc-password
Remove the "ccc-4.0.0" image from worker nodes using the following command:
crictl rmi ccc:4.0.0
Follow the installation instructions for CCC 4.1.
Upgrading from CCC 3.9 to CCC 4.1:
To upgrade CCC from version 3.9 to 4.1, follow these steps:
Uninstall CCC 3.9 by executing the "uninstall.sh" bash file located in the folder "/usr/safenet/ccc":
sh /usr/safenet/ccc/uninstall.sh
Follow the installation instructions for CCC 4.1.
Upgrading CCC from CCC version 3.8 or below to CCC 4.1:
To upgrade CCC from version 3.8 or below to 4.1, follow these steps:
Obtain the distribution package of CCC version 3.9.
Upgrade the current version of CCC to CCC 3.9 by executing the "install.sh" bash file from the CCC 3.9 distribution package.
Verify successful installation of CCC 3.9 through the CCC GUI.
Uninstall CCC 3.9 using the "uninstall.sh" bash file located in the folder "/usr/safenet/ccc":
sh /usr/safenet/ccc/uninstall.sh
Follow the installation instructions for CCC 4.1.
Managing Device Upgrade from 5.x to 6.x
You may wish to upgrade your managed devices from version 5.x to 6.x or higher to obtain the benefits of 6.x features such as PPSO. If you choose to upgrade your managed devices to 6.x, there is some additional configuration necessary to integrate with CCC 4.1.
Upgrading to 6.x may result in the loss of configured service templates, users, HA groups, and partitions on the HSM.
To upgrade managed devices from 5.x to 6.x:
Inform any application users connecting to the devices that their services will be unavailable during the upgrade. You might like to perform the upgrade during a scheduled maintenance window.
Upgrade the Thales Luna Network HSM software as detailed in Thales Luna Network HSM documentation.
Set up REST API.
-
As an appliance user with the Admin or Operator role, obtain and transfer the REST API secure package to the device via SCP/PSCP. Login to the HSM using Security Officer credentials, and install the package. See Thales Luna Network HSM REST API documentation for details.
-
Set the REST API web service to use a network interface in the HSM. Valid values are all, eth0, eth1, or bond0: lunash:>webserver bind -netdevice
-
Enable the web service: lunash:>webserver enable
-
Generate a REST API service certificate and restart the service. We recommend an RSA certificate type: lunash:>webserver certificate generate -keytype rsa -restart
In CCC, navigate to the Devices list and select the recently upgraded device.
Click the Configuration tab and click Edit.
In the Appliance Version section, select 6.x. The LunaSH Admin Credentials section changes to REST API Credentials, and Host Key changes to Certificate.
Adjust the Host Address and Port Number as required. Save your changes.
Under the Certificate section, click Verify to view the device certificate.
Review the certificate, check the box indicating that you have reviewed and trust the certificate, and then click
Accept.
Update the version of the Thales Luna HSM Client on any crypto application servers that access the device services. The device is now ready to process incoming cryptographic requests from application users.