Migrating Database
If you are an existing CCC user planning to upgrade to the latest version and want to migrate your existing database, consider choosing one of the following scenarios:
Migrate your PostgreSQL database
-
Migrate from external PostgreSQL database to internal PostgreSQL database
-
Migrate from internal PostgreSQL database to external PostgreSQL database
Migrate your existing PostgreSQL database as it is
To migrate your PostgreSQL database as it is from the previous CCC version to the latest version, you have two choices:
Migrating your old database without creating backup
If you've installed CCC using Kubernetes, Helm, or Podman with external database, then update the database IP and SSL status in the ccc_config.env
file, and also update the database password in the secretfile
file, as per the instructions provided in the Installing Crypto Command Center page.
Creating backup of old database and then migrating
To create a backup of the old database and then migrating, follow the guidelines explained under the Backup and Restore section.
Please exercise caution while performing these actions, as handling databases requires care to prevent data loss or application disruption. It is advisable to take necessary backups before proceeding with any changes. Refer to the relevant documentation and seek support resources for detailed guidance based on your specific setup.
Migrate from extrernal PostgreSQL database to internal PostgreSQL database
The steps involved in migrating your external PostgreSQL database to internal PostgreSQL database are:
Install CCC using Podman, as explained here.
Login to the virtual machine that contains your existing PostgreSQL database.
Create a dump of your existing database using the following command:
pg_dump -h IP of source PostgreSQL database -p 5432 -U lunadirector lunadirectordb > postgres.sql
Copy the dump that you’ve created to the podman directory inside the CCC package.
Go the the podman directory inside the CCC package and run the following command to copy the postgres.sql file inside the CCC container:
podman cp postgres.sql ccc:/usr/safenet/ccc/
Run the following command to start data migration to internal PostgreSQL database.
podman exec ccc bash -c 'db-migration --truststore CCC_truststore_password --keystorepass CCC_keystore_password --cccpass CCC_admin_password --dbpass database_password --file filename --copass crypto_officer_password'
If you are using special characters such as # and $ in the password, you need to put a backward slash \ before those characters to avoid errors.
Upon successful completion of the data migration process, you’ll see a confirmation message on your screen. Thereafter, you can login to CCC and check whether the data has been successfully migrated.
Migrate from internal to external PostgreSQL database
Before proceeding, ensure that the external database intended for use is freshly installed and devoid of any existing data. Additionally, configure the database according to the specific requirements outlined for CCC. This ensures optimal performance and a smooth integration with the CCC system.
The steps involved in migrating your internal PostgreSQL database to external PostgreSQL database are:
Utilize the link provided via email to download and extract the CCC package.
Log in to the virtual machine containing CCC with the internal database.
Generate a dump of the existing database by running the following command:
podman exec ccc bash -c "/usr/pgsql-14/bin/pg_dump 'host=localhost port=5432 dbname=lunadirectordb user=lunadirector password=dbpassword' > postgres.sql"
Transfer the postgres.sql
file from the container to the host machine for future reference.
podman cp ccc:/usr/safenet/ccc/postgres.sql .
Initiate the target PostgreSQL database where you intend to migrate the existing database.
Copy the postgres.sql
file from the previous step to the target database virtual machine and execute the following command:
psql -h IP of target postgres db -p 5432 -U lunadirector -f postgres.sql lunadirectordb
Install CCC using either Podman or Kubernetes, as explained here.
During CCC installation, while modifying the configuration settings in the Master node, you need to provide various database related details, such as IP of the target database and database password.
Upon successful completion of the CCC installation process, you’ll see a confirmation message on your screen. Thereafter, you can login to CCC and check whether the data has been successfully migrated.
Migrate your Oracle database
To ensure a smooth transition from CCC 3.9 (with Oracle database) to CCC 4.3, please adhere to the recommended approach outlined below:
a. Upgrade to CCC 4.0 or CCC 4.1: Start by upgrading from CCC 3.9 to either CCC 4.0 or CCC 4.1. This initial upgrade step is crucial for compatibility checks and system adjustments.
b. Upgrade to CCC 4.2: Once the upgrade to CCC 4.0 or CCC 4.1 is complete, upgrade to CCC 4.2. This intermediate step further ensures system compatibility and prepares for the final upgrade.
c. Upgrade to CCC 4.3: After successfully upgrading to CCC 4.2, finalize the migration by upgrading to CCC 4.3, completing the transition process.
Follow the below-mentioned three-step process to migrate your data from Oracle to PostgreSQL:
Install CCC
Before you begin the process of migrating your database from Oracle to PostgreSQL, install CCC, using the steps explained here.
Migrate database
Follow steps 1 to 9, if you've installed CCC using Podman and are using an internal database. Follow steps 1 to 12 if you've installed CCC using Podman and are using an external database, or if you've installed CCC using Helm and are using an external database. Follow steps 1 to 14 if you've installed CCC using Kubernetes and are using an external database.
Download the db-migration package, depending on whether you are using an external database or an internal database.
Go to the directory where you’ve downloaded the db-migration package.
Run one of the following commands to initiate the process of database migration from Oracle to PostgreSQL, depending on whether are using an external database or an internal database:
sh start-data-migration-external-db.sh
or,
sh start-data-migration-internal-db.sh
Enter Y to initiate the database migration process.
Enter the hostname or IP address, enter oracle as the user name, and enter the password of the Oracle database server.
Enter the Oracle database server password to begin the initial setup.
Enter the Oracle database server password to begin data extraction.
Enter the Oracle database server password to copy the files from Oracle database server to your local machine.
Enter the Oracle database server password to delete the data-dump files. Following this, database insertion will take place, CCC will get reconfigured, and the server will get restarted. This process can take some time to get completed, depending on the size of your database.
If you've installed CCC using Podman and are using an internal database, your database migration process gets completed with this step and you can now activate CCC after database migration. If you've installed CCC using Podman and are using an external database, or have installed CCC using Helm and are using an external database, or have installed CCC using Kubernetes and are using an external database, continue to the next step.
Copy the files from the local machine to PostgreSQL server or virtual machine by entering the PostgreSQL database server hostname or IP address, user name (root user), and password.
Enter the PostgreSQL database server password once again to insert data into the database.
Enter the PostgreSQL database server password once again to run the re-configuration script and start CCC.
If you've installed CCC using Podman and are using an external database, your database migration process gets completed with this step and you can now activate CCC after database migration.
If you've installed CCC using Helm and are using an external database, navigate to the Helm directory inside the CCC package and run the command helm uninstall ccc
to remove the existing installation, followed by the command helm install ccc .
to reinstall CCC. Your database migration process gets completed with this step and you can now activate CCC after database migration.
If you've installed CCC using Kubernetes and are using an external database, go to the next step.
Navigate to the ccc/kubernetes directory and delete the existing CCC container using the following command:
kubectl delete –f deployment.yaml
Restart Kubernetes container using the following command:
kubectl apply –f deployment.yaml
This completes the database migration process if you've installed CCC using Kubernetes and are using an external database. You can now activate CCC after database migration.
Activate CCC after database migration
Log on to CCC.
Click the Administration tab from the main menu and complete the CCC activation process as follows:
-
Check the checkbox to confirm that your HSM device is running firmware 7.7 or above.
-
Enter the partition label and password.
-
Press the Activation button. You will see a message stating that CCC has been successfully activated.
Upload your CCC license and press Continue. This completes the database migration process.
You should check whether all of your data has been successfully migrated from Oracle to PostgreSQL. It is recommended that you retain your Oracle database for some time after completing the migration process.
Reconfiguring devices after changing the CCC root of trust
In case you've changed the CCC root of trust (ROT), you need to reconfigure the devices to perform device monitoring and various other device management tasks. To reconfigure your devices:
Login to CCC and navigate to Devices.
Select the device that is displaying the error under the Device Status column.
Click the Connection tab.
Press the Update Credentials button.
In the Update Rest API Credentials window that appears, enter your username and password and then press the Update button. A pop-up message will appear on your screen, indicating that the credentials have been successfully changed.
Click the Authorization tab and then press the Re-authorize Device button.
In the Authorize SO Login window that appears, enter the HSM SO password to grant CCC the right to login to the device, and then press the Authorize button.
In a short while, the Device Status icon will turn to green and you'll be able to perform the device monitoring tasks. In case you have another device that's reflecting the same error perform the above-mentioned procedure again for that device.