Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Setting Up

Upgrading to CCC 4.4 While Preserving Your Data

search

Upgrading to CCC 4.4 While Preserving Your Data

To preserve existing data and configurations during the upgrade to CCC 4.4, an intermediate upgrade to CCC 4.3 is required. Direct upgrades from versions earlier than CCC 4.3 do not support data retention. Follow the three-step approach below to ensure a structured upgrade while maintaining the continuity and integrity of your CCC environment:

Step 1: Back Up Your Current Environment

  • Action: Create a full backup of your existing CCC database.

  • How: Follow the instructions in the Back up and Restore Guide.

  • Why: This protects against data loss in case of unexpected issues during the upgrade. Skipping this step may result in irreversible data loss.

Step 2: Upgrade to CCC 4.3

  • Action: Upgrade your current CCC version to CCC 4.3.

  • How: Follow the instructions provided in the CCC 4.3 Upgrade Guide.

  • Why: Upgrading to CCC 4.3 is required before moving to CCC 4.4 to ensure a safe and supported upgrade path.

Step 3: Upgrade from CCC 4.3 to CCC 4.4

  • Action: Upgrade from CCC 4.3 to CCC 4.4.

  • How: Follow the detailed process outlined below.

  • Why: This step completes the upgrade process, enabling you to use the latest features and improvements in CCC 4.4.

After the upgrade, outdated data may show up due to browser caching. Clear your browser cache to immediately access the latest CCC 4.4 features.


Upgrade CCC from Version 4.3 to 4.4


To upgrade CCC from version 4.3 to 4.4, follow the instructions that match your environment:


Ensure all prerequisites for your environment are met before starting the upgrade.


Upgrading from CCC 4.3 to CCC 4.4: Podman Users

To upgrade CCC from version 4.3 to 4.4 for Podman:

Navigate to the Podman directory and stop the CCC container:

podman-compose down

Verify the removal of CCC container:

podman ps -a

If a container named ccc appears, remove it:

podman rm -f ccc

Remove the ccc:4.3.0 image from the local repository:

podman rmi -f ccc:4.3.0

Delete the pgdata directory after verifying any necessary backup is completed:

sudo rm -rf /home/ccc/pgdata

This step is essential to prevent any residual data from previous CCC versions from affecting the upgrade.

Optional: Delete the server-logs directory to clear old log files:

sudo rm -rf /home/ccc/server-logs

Use sudo to ensure the necessary permissions to delete these directories.

Load the Podman image for version 4.4:

podman load -i ccc-4.4.0_signed.tar

Review and update ccc_config for compatibility with version 4.4. Detailed instructions can be found here.

Review and update secretfile as required. Detailed instructions can be found here.

Move secretfile to the certificates directory:

mv secretfile /home/ccc/ccc-certs

Update CCC secret (if secretfile was modified):

podman secret rm ccc_password
podman secret create ccc_password secretfile

Passwords in the secretfile are deleted after installation for security reasons. To retain them, back up the secretfile.

Check secret configuration:

podman secret ls

Configure the scheduler as needed before starting the CCC container.

Build and start the container:

sh start-ccc-server.sh

If you encounter a permission error related to Podman's rootless networking, ensure the necessary systemd permissions or run the command with root privileges. See the Podman Networking Documentation for further guidance.

Choose between using a DNS or IP Address to host CCC. If using an IP address, input the correct IP for the virtual machine hosting CCC.

Monitor logs to confirm the installation process:

podman logs -f ccc

Restore your previous data following the instructions provided in the Back up and Restore section.

Launch CCC on any node using one of the URLs below:


  • https://host_ip:8181

  • https://hostname:8181

For detailed LDAPS configuration instructions, refer to the Installing CCC page.


Upgrading from CCC 4.3 to CCC 4.4: Kubernetes Users

To upgrade CCC from version 4.3 to 4.3 for Kubernetes:

On the master node, stop the existing CCC container and remove related resources:

kubectl delete -f deployment.yaml
kubectl delete -f service.yaml
kubectl delete -f config-map.yaml
kubectl delete -f lunalogs-volume.yaml
kubectl delete -f postgres-data.yaml
kubectl delete -f packages-volume.yaml
kubectl delete -f serverlogs-volume.yaml
kubectl delete secrets ccc-password

Remove the ccc:4.3.0 image from all Worker nodes:

crictl rmi ccc:4.3.0

Delete the pgdata directory on each Worker node:

sudo rm -rf /home/ccc/pgdata

Optional: Delete the server-logs directory to remove old logs:

sudo rm -rf /home/ccc/server-logs

The sudo command may be required for permissions.

Run the following command to determine the container runtime:

crictl config --get image-endpoint

Import the CCC image on each Worker node according to your container runtime:


  • For containerd, run ctr -n=k8s.io images import ccc-4.4.0_signed.tar.

  • For CRI-O, ensure Podman is installed, then run podman load -i ccc-4.4.0_signed.tar. Next, edit deployment.yaml to set the image value to localhost/ccc:4.4.0.

List all images on the Worker node to confirm successful import:

crictl images

On the master node, create necessary secrets:

kubectl create secret generic ccc-password \
--from-literal=CCC_TRUSTSTORE_PASSWORD='password' \
--from-literal=CCC_KEYSTORE_PASSWORD='password' \
--from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \
--from-literal=HSM_PASSWORD1='password' \
--from-literal=CRYPTO_OFFICER_PASSWORD='password' \
--from-literal=HSM_PASSWORD2='password' \
--from-literal=CCC_ADMIN_PASSWORD='password' \
--from-literal=CA_CERTIFICATE_PASSWORD='password' \
--from-literal=CCC_DB_PASSWORD='password'

Ensure all passwords comply with the required policies.

Update config-map.yaml as needed:

vi config-map.yaml

  • Separate each key and value with a colon and a space (e.g., key: value).

  • For an external database, provide relevant details.

  • If using HA ROT, configure settings according to the cloning protocol.

  • Specify CCC_LICENSE_FILE_NAME for the CCC license.

  • If using hostnames/DNS for HSM_IP1 or HSM_IP2, update hostAliases in deployment.yaml.

If using LDAPS, configure the settings in the deployment.yaml file:

vi deployment.yaml

For detailed LDAPS configuration instructions, refer to the Installing CCC page.

Optional: Configure the scheduler

Start the CCC service on the master node:

sh start-ccc-server.sh

Check the status of all resources:

sudo kubectl get all -o wide

Monitor the CCC container logs for any issues:

kubectl logs -f [ccc-podname]

Restore your previous data following the instructions provided in the Back up and Restore section.

Once installation is complete, access CCC using one of the following URLs:


  • https://master_node_ip:30036
  • https://master_node_hostname:30036

Upgrading from CCC 4.3 to CCC 4.4: Helm Users

To upgrade CCC from version 4.3 to 4.4 for Helm:

On the master node, stop the existing CCC container and remove related resources:

helm uninstall ccc
kubectl delete secrets ccc-password

Remove the ccc:4.3.0 image from all Worker nodes:

crictl rmi ccc:4.3.0

Delete the pgdata directory on each Worker node:

sudo rm -rf /home/ccc/pgdata

Optional: Delete the server-logs directory to remove old logs:

sudo rm -rf /home/ccc/server-logs

The sudo command may be required for permissions.

Run the following command to determine the container runtime:

crictl config --get image-endpoint

Based on the container runtime, import the CCC image on each Worker node:


  • For containerd, run the command ctr -n=k8s.io images import ccc-4.4.0_signed.tar.

  • For CRI-O, ensure Podman is installed, then run podman load -i ccc-4.4.0_signed.tar. Next, edit deployment.yaml to set the image value to localhost/ccc:4.4.0.

List all images on the Worker node to confirm successful import:

crictl images

On the master node, create necessary secrets:

kubectl create secret generic ccc-password \
--from-literal=CCC_TRUSTSTORE_PASSWORD='password' \
--from-literal=CCC_KEYSTORE_PASSWORD='password' \
--from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \
--from-literal=HSM_PASSWORD1='password' \
--from-literal=CRYPTO_OFFICER_PASSWORD='password' \
--from-literal=HSM_PASSWORD2='password' \
--from-literal=CCC_ADMIN_PASSWORD='password' \
--from-literal=CA_CERTIFICATE_PASSWORD='password' \
--from-literal=CCC_DB_PASSWORD='password'

Ensure all passwords comply with the required policies.

Update values.yaml as needed:

vi values.yaml

  • Separate each key and value with a colon and a space (e.g., key: value).

  • For an external database, provide relevant details.

  • If using HA ROT, configure settings according to the cloning protocol.

  • Specify CCC_LICENSE_FILE_NAME for the CCC license.

  • If using hostnames/DNS for HSM_IP1 or HSM_IP2, update hostAliases in deployment.yaml.

If using LDAPS, configure the settings in templates/deployment.yaml:

vi deployment.yaml

For detailed LDAPS configuration instructions, refer to the Installing CCC page.

Optional: Configure the scheduler

Start the CCC service on the master node:

sh start-ccc-server.sh

Check the status of all resources:

sudo kubectl get all -o wide

Monitor the CCC container logs for any issues:

kubectl logs -f [ccc-podname]

Restore your previous data following the instructions provided in the Back up and Restore section.

Once installation is complete, access CCC using one of the following URLs:


  • https://master_node_ip:30036
  • https://master_node_hostname:30036

On this page