Upgrading to CCC 4.4 While Preserving Your Data
To preserve existing data and configurations during the upgrade to CCC 4.4, an intermediate upgrade to CCC 4.3 is required. Direct upgrades from versions earlier than CCC 4.3 do not support data retention. Follow the three-step approach below to ensure a structured upgrade while maintaining the continuity and integrity of your CCC environment:
Step 1: Back Up Your Current Environment
-
Action: Create a full backup of your existing CCC database.
-
How: Follow the instructions in the Back up and Restore Guide.
-
Why: This protects against data loss in case of unexpected issues during the upgrade. Skipping this step may result in irreversible data loss.
Step 2: Upgrade to CCC 4.3
-
Action: Upgrade your current CCC version to CCC 4.3.
-
How: Follow the instructions provided in the CCC 4.3 Upgrade Guide.
-
Why: Upgrading to CCC 4.3 is required before moving to CCC 4.4 to ensure a safe and supported upgrade path.
Step 3: Upgrade from CCC 4.3 to CCC 4.4
-
Action: Upgrade from CCC 4.3 to CCC 4.4.
-
How: Follow the detailed process outlined below.
-
Why: This step completes the upgrade process, enabling you to use the latest features and improvements in CCC 4.4.
After the upgrade, outdated data may show up due to browser caching. Clear your browser cache to immediately access the latest CCC 4.4 features.
Upgrade CCC from Version 4.3 to 4.4
To upgrade CCC from version 4.3 to 4.4, follow the instructions that match your environment:
Ensure all prerequisites for your environment are met before starting the upgrade.
Upgrading from CCC 4.3 to CCC 4.4: Podman Users
To upgrade CCC from version 4.3 to 4.4 for Podman:
Navigate to the Podman directory and stop the CCC container:
podman-compose down
Verify the removal of CCC container:
podman ps -a
If a container named ccc
appears, remove it:
podman rm -f ccc
Remove the ccc:4.3.0
image from the local repository:
podman rmi -f ccc:4.3.0
Delete the pgdata
directory after verifying any necessary backup is completed:
sudo rm -rf /home/ccc/pgdata
This step is essential to prevent any residual data from previous CCC versions from affecting the upgrade.
Optional: Delete the server-logs
directory to clear old log files:
sudo rm -rf /home/ccc/server-logs
Use sudo
to ensure the necessary permissions to delete these directories.
Load the Podman image for version 4.4:
podman load -i ccc-4.4.0_signed.tar
Review and update ccc_config
for compatibility with version 4.4. Detailed instructions can be found here.
Review and update secretfile
as required. Detailed instructions can be found here.
Move secretfile
to the certificates directory:
mv secretfile /home/ccc/ccc-certs
Update CCC secret (if secretfile
was modified):
podman secret rm ccc_password podman secret create ccc_password secretfile
Passwords in the secretfile
are deleted after installation for security reasons. To retain them, back up the secretfile
.
Check secret configuration:
podman secret ls
Configure the scheduler as needed before starting the CCC container.
Build and start the container:
sh start-ccc-server.sh
If you encounter a permission error related to Podman's rootless networking, ensure the necessary systemd permissions or run the command with root privileges. See the Podman Networking Documentation for further guidance.
Choose between using a DNS or IP Address to host CCC. If using an IP address, input the correct IP for the virtual machine hosting CCC.
Monitor logs to confirm the installation process:
podman logs -f ccc
Restore your previous data following the instructions provided in the Back up and Restore section.
Launch CCC on any node using one of the URLs below:
-
https://host_ip:8181
-
https://hostname:8181
For detailed LDAPS configuration instructions, refer to the Installing CCC page.
Upgrading from CCC 4.3 to CCC 4.4: Kubernetes Users
To upgrade CCC from version 4.3 to 4.3 for Kubernetes:
On the master node, stop the existing CCC container and remove related resources:
kubectl delete -f deployment.yaml kubectl delete -f service.yaml kubectl delete -f config-map.yaml kubectl delete -f lunalogs-volume.yaml kubectl delete -f postgres-data.yaml kubectl delete -f packages-volume.yaml kubectl delete -f serverlogs-volume.yaml kubectl delete secrets ccc-password
Remove the ccc:4.3.0
image from all Worker nodes:
crictl rmi ccc:4.3.0
Delete the pgdata
directory on each Worker node:
sudo rm -rf /home/ccc/pgdata
Optional: Delete the server-logs
directory to remove old logs:
sudo rm -rf /home/ccc/server-logs
The sudo
command may be required for permissions.
Run the following command to determine the container runtime:
crictl config --get image-endpoint
Import the CCC image on each Worker node according to your container runtime:
-
For
containerd
, runctr -n=k8s.io images import ccc-4.4.0_signed.tar
. -
For
CRI-O
, ensure Podman is installed, then runpodman load -i ccc-4.4.0_signed.tar
. Next, editdeployment.yaml
to set the image value tolocalhost/ccc:4.4.0
.
List all images on the Worker node to confirm successful import:
crictl images
On the master node, create necessary secrets:
kubectl create secret generic ccc-password \ --from-literal=CCC_TRUSTSTORE_PASSWORD='password' \ --from-literal=CCC_KEYSTORE_PASSWORD='password' \ --from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \ --from-literal=HSM_PASSWORD1='password' \ --from-literal=CRYPTO_OFFICER_PASSWORD='password' \ --from-literal=HSM_PASSWORD2='password' \ --from-literal=CCC_ADMIN_PASSWORD='password' \ --from-literal=CA_CERTIFICATE_PASSWORD='password' \ --from-literal=CCC_DB_PASSWORD='password'
Ensure all passwords comply with the required policies.
Update config-map.yaml
as needed:
vi config-map.yaml
-
Separate each key and value with a colon and a space (e.g.,
key: value
). -
For an external database, provide relevant details.
-
If using HA ROT, configure settings according to the cloning protocol.
-
Specify
CCC_LICENSE_FILE_NAME
for the CCC license. -
If using hostnames/DNS for
HSM_IP1
orHSM_IP2
, updatehostAliases
indeployment.yaml
.
If using LDAPS, configure the settings in the deployment.yaml
file:
vi deployment.yaml
For detailed LDAPS configuration instructions, refer to the Installing CCC page.
Optional: Configure the scheduler
Start the CCC service on the master node:
sh start-ccc-server.sh
Check the status of all resources:
sudo kubectl get all -o wide
Monitor the CCC container logs for any issues:
kubectl logs -f [ccc-podname]
Restore your previous data following the instructions provided in the Back up and Restore section.
Once installation is complete, access CCC using one of the following URLs:
https://master_node_ip:30036
https://master_node_hostname:30036
Upgrading from CCC 4.3 to CCC 4.4: Helm Users
To upgrade CCC from version 4.3 to 4.4 for Helm:
On the master node, stop the existing CCC container and remove related resources:
helm uninstall ccc kubectl delete secrets ccc-password
Remove the ccc:4.3.0
image from all Worker nodes:
crictl rmi ccc:4.3.0
Delete the pgdata
directory on each Worker node:
sudo rm -rf /home/ccc/pgdata
Optional: Delete the server-logs
directory to remove old logs:
sudo rm -rf /home/ccc/server-logs
The sudo
command may be required for permissions.
Run the following command to determine the container runtime:
crictl config --get image-endpoint
Based on the container runtime, import the CCC image on each Worker node:
-
For containerd, run the command
ctr -n=k8s.io images import ccc-4.4.0_signed.tar
. -
For
CRI-O
, ensure Podman is installed, then runpodman load -i ccc-4.4.0_signed.tar
. Next, editdeployment.yaml
to set the image value tolocalhost/ccc:4.4.0
.
List all images on the Worker node to confirm successful import:
crictl images
On the master node, create necessary secrets:
kubectl create secret generic ccc-password \ --from-literal=CCC_TRUSTSTORE_PASSWORD='password' \ --from-literal=CCC_KEYSTORE_PASSWORD='password' \ --from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \ --from-literal=HSM_PASSWORD1='password' \ --from-literal=CRYPTO_OFFICER_PASSWORD='password' \ --from-literal=HSM_PASSWORD2='password' \ --from-literal=CCC_ADMIN_PASSWORD='password' \ --from-literal=CA_CERTIFICATE_PASSWORD='password' \ --from-literal=CCC_DB_PASSWORD='password'
Ensure all passwords comply with the required policies.
Update values.yaml
as needed:
vi values.yaml
-
Separate each key and value with a colon and a space (e.g.,
key: value
). -
For an external database, provide relevant details.
-
If using HA ROT, configure settings according to the cloning protocol.
-
Specify
CCC_LICENSE_FILE_NAME
for the CCC license. -
If using hostnames/DNS for
HSM_IP1
orHSM_IP2
, updatehostAliases
indeployment.yaml
.
If using LDAPS, configure the settings in templates/deployment.yaml
:
vi deployment.yaml
For detailed LDAPS configuration instructions, refer to the Installing CCC page.
Optional: Configure the scheduler
Start the CCC service on the master node:
sh start-ccc-server.sh
Check the status of all resources:
sudo kubectl get all -o wide
Monitor the CCC container logs for any issues:
kubectl logs -f [ccc-podname]
Restore your previous data following the instructions provided in the Back up and Restore section.
Once installation is complete, access CCC using one of the following URLs:
https://master_node_ip:30036
https://master_node_hostname:30036