Upgrading CCC
You have the option to upgrade to CCC 4.3 from the following CCC versions:
If you plan to upgrade to the latest CCC version, back up and restore your current database using the instructions provided in the Back up and Restore section. Failure to do so will result in the irreversible loss of your existing database after the upgrade.
After the upgrade process, it has been observed that there may be instances where outdated data is displayed due to caching. To address this, we recommend clearing your browser cache after the upgrade. This proactive step ensures the retrieval of the most up-to-date version of the application.
Upgrading from CCC 4.2 to CCC 4.3
To upgrade CCC from version 4.2 to 4.3, follow these steps based on your environment:
Upgrading from CCC 4.2 to CCC 4.3: Podman Users
To upgrade CCC from version 4.2 to 4.3 for Podman:
Navigate to the Podman directory and stop the CCC container:
podman-compose down
Verify the removal of CCC container:
podman ps -a
If a container named ccc appears, remove it:
podman rm -f ccc
Remove the ccc:4.2.0 image from the local repository:
podman rmi -f ccc:4.2.0
Delete the pgdata directory after verifying any necessary backup is completed:
sudo rm -rf /home/ccc/pgdata
This step is essential to prevent any residual data from previous CCC versions from affecting the upgrade.
Optional: Delete the server-logs directory to clear old log files:
sudo rm -rf /home/ccc/server-logs
Use sudo to ensure the necessary permissions to delete these directories.
Load the Podman image for version 4.3:
podman load -i ccc-4.3.0_signed.tar
Review and update ccc_config for compatibility with version 4.3. Detailed instructions can be found here.
Review and update secretfile as required. Detailed instructions can be found here.
Move secretfile to the certificates directory:
mv secretfile /home/ccc/ccc-certs
Update CCC secret (if secretfile was modified):
podman secret rm ccc_password podman secret create ccc_password secretfile
Passwords in the secretfile are deleted after installation for security reasons. To retain them, back up the secretfile.
Check secret configuration:
podman secret ls
Configure the scheduler as needed before starting the CCC container.
Build and start the container:
sh start-ccc-server.sh
If you encounter a permission error related to Podman's rootless networking, ensure the necessary systemd permissions or run the command with root privileges. See the Podman Networking Documentation for further guidance.
Choose between using a DNS or IP Address to host CCC. If using an IP address, input the correct IP for the virtual machine hosting CCC.
Monitor logs to confirm the installation process:
podman logs -f ccc
Restore your previous data following the instructions provided in the Back up and Restore section.
Launch CCC on any node using one of the URLs below:
-
https://host_ip:8181 -
https://hostname:8181
For detailed LDAPS configuration instructions, refer to the Installing CCC page.
Upgrading from CCC 4.2 to CCC 4.3: Kubernetes Users
To upgrade CCC from version 4.2 to 4.3 for Kubernetes:
On the master node, stop the existing CCC container and remove related resources:
kubectl delete -f deployment.yaml kubectl delete -f service.yaml kubectl delete -f config-map.yaml kubectl delete -f lunalogs-volume.yaml kubectl delete -f postgres-data.yaml kubectl delete -f packages-volume.yaml kubectl delete -f serverlogs-volume.yaml kubectl delete secrets ccc-password
Remove the ccc:4.2.0 image from all Worker nodes:
crictl rmi ccc:4.2.0
Delete the pgdata directory on each Worker node:
sudo rm -rf /home/ccc/pgdata
Optional: Delete the server-logs directory to remove old logs:
sudo rm -rf /home/ccc/server-logs
The sudo command may be required for permissions.
Run the following command to determine the container runtime:
crictl config --get image-endpoint
Import the CCC image on each Worker node according to your container runtime:
-
For
containerd, runctr -n=k8s.io images import ccc-4.3.0_signed.tar. -
For
CRI-O, ensure Podman is installed, then runpodman load -i ccc-4.3.0_signed.tar. Next, editdeployment.yamlto set the image value tolocalhost/ccc:4.3.0.
List all images on the Worker node to confirm successful import:
crictl images
On the master node, create necessary secrets:
kubectl create secret generic ccc-password \ --from-literal=CCC_TRUSTSTORE_PASSWORD='password' \ --from-literal=CCC_KEYSTORE_PASSWORD='password' \ --from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \ --from-literal=HSM_PASSWORD1='password' \ --from-literal=CRYPTO_OFFICER_PASSWORD='password' \ --from-literal=HSM_PASSWORD2='password' \ --from-literal=CCC_ADMIN_PASSWORD='password' \ --from-literal=CA_CERTIFICATE_PASSWORD='password' \ --from-literal=CCC_DB_PASSWORD='password'
Ensure all passwords comply with the required policies.
Update config-map.yaml as needed:
vi config-map.yaml
-
Separate each key and value with a colon and a space (e.g.,
key: value). -
For an external database, provide relevant details.
-
If using HA ROT, configure settings according to the cloning protocol.
-
Specify
CCC_LICENSE_FILE_NAMEfor the CCC license. -
If using hostnames/DNS for
HSM_IP1orHSM_IP2, updatehostAliasesindeployment.yaml.
If using LDAPS, configure the settings in the deployment.yaml file:
vi deployment.yaml
For detailed LDAPS configuration instructions, refer to the Installing CCC page.
Optional: Configure the scheduler
Start the CCC service on the master node:
sh start-ccc-server.sh
Check the status of all resources:
sudo kubectl get all -o wide
Monitor the CCC container logs for any issues:
kubectl logs -f [ccc-podname]
Restore your previous data following the instructions provided in the Back up and Restore section.
Once installation is complete, access CCC using one of the following URLs:
https://master_node_ip:30036https://master_node_hostname:30036
Upgrading from CCC 4.2 to CCC 4.3: Helm Users
To upgrade CCC from version 4.2 to 4.3 for Helm:
On the master node, stop the existing CCC container and remove related resources:
helm uninstall ccc kubectl delete secrets ccc-password
Remove the ccc:4.2.0 image from all Worker nodes:
crictl rmi ccc:4.2.0
Delete the pgdata directory on each Worker node:
sudo rm -rf /home/ccc/pgdata
Optional: Delete the server-logs directory to remove old logs:
sudo rm -rf /home/ccc/server-logs
The sudo command may be required for permissions.
Run the following command to determine the container runtime:
crictl config --get image-endpoint
Based on the container runtime, import the CCC image on each Worker node:
-
For containerd, run the command
ctr -n=k8s.io images import ccc-4.3.0_signed.tar. -
For
CRI-O, ensure Podman is installed, then runpodman load -i ccc-4.3.0_signed.tar. Next, editdeployment.yamlto set the image value tolocalhost/ccc:4.3.0.
List all images on the Worker node to confirm successful import:
crictl images
On the master node, create necessary secrets:
kubectl create secret generic ccc-password \ --from-literal=CCC_TRUSTSTORE_PASSWORD='password' \ --from-literal=CCC_KEYSTORE_PASSWORD='password' \ --from-literal=CCC_CREDENTIALSTORE_PASSWORD='password' \ --from-literal=HSM_PASSWORD1='password' \ --from-literal=CRYPTO_OFFICER_PASSWORD='password' \ --from-literal=HSM_PASSWORD2='password' \ --from-literal=CCC_ADMIN_PASSWORD='password' \ --from-literal=CA_CERTIFICATE_PASSWORD='password' \ --from-literal=CCC_DB_PASSWORD='password'
Ensure all passwords comply with the required policies.
Update values.yaml as needed:
vi values.yaml
-
Separate each key and value with a colon and a space (e.g.,
key: value). -
For an external database, provide relevant details.
-
If using HA ROT, configure settings according to the cloning protocol.
-
Specify
CCC_LICENSE_FILE_NAMEfor the CCC license. -
If using hostnames/DNS for
HSM_IP1orHSM_IP2, updatehostAliasesindeployment.yaml.
If using LDAPS, configure the settings in templates/deployment.yaml:
vi deployment.yaml
For detailed LDAPS configuration instructions, refer to the Installing CCC page.
Optional: Configure the scheduler
Start the CCC service on the master node:
sh start-ccc-server.sh
Check the status of all resources:
sudo kubectl get all -o wide
Monitor the CCC container logs for any issues:
kubectl logs -f [ccc-podname]
Restore your previous data following the instructions provided in the Back up and Restore section.
Once installation is complete, access CCC using one of the following URLs:
https://master_node_ip:30036https://master_node_hostname:30036
Upgrading from CCC 4.1 to CCC 4.3
To upgrade CCC from version 4.1 to 4.3, follow these steps based on your environment:
Upgrading from CCC 4.1 to CCC 4.3: Podman Users
To upgrade from CCC version 4.1 to 4.3 for Podman users, follow these steps:
Navigate to the podman directory and stop the CCC services by running:
podman-compose down
Check if the CCC container has been removed by using:
podman ps -a
If a container named ccc still appears, remove it with:
podman rm -f ccc
Delete the ccc:4.1.0 image from your local repository:
podman rmi -f ccc:4.1.0
Delete the pgdata directory to ensure no residual data from the CCC container remains.Ensure you have backed up any necessary files before performing this step. Run:
sudo rm -rf /home/ccc/pgdata
The sudo command may be required for permission.
(Optional) To remove logs from previous versions, delete the server-logs directory:
sudo rm -rf /home/ccc/server-logs
Follow the upgrade steps for CCC 4.1 to 4.2.
After the upgrade to 4.2, restore the database using the steps in the Backup and Restore Guide section.
Finally, complete the upgrade to version 4.3 by following the instructions specific to the CCC 4.2 to 4.3 transition.
Upgrading from CCC 4.1 to CCC 4.3: Kubernetes Users
To upgrade from CCC version 4.1 to 4.3 for Kubernetes users, follow these steps:
On the master node, stop the previous CCC container and related resources:
kubectl delete -f deployment.yaml kubectl delete -f service.yaml kubectl delete -f config-map.yaml kubectl delete -f lunalogs-volume.yaml kubectl delete -f postgres-data.yaml kubectl delete -f packages-volume.yaml kubectl delete -f serverlogs-volume.yaml kubectl delete secrets ccc-password
On each worker node, remove the CCC 4.1.0 image:
crictl rmi ccc:4.1.0
Delete the pgdata directory to remove any residual data from CCC. Ensure a backup is taken if needed, as this step will permanently delete data:
sudo rm -rf /home/ccc/pgdata
sudo may be required for permissions.
Optionally, delete the server-logs directory to clear logs from previous versions:
sudo rm -rf /home/ccc/server-logs
sudo may be required for permissions.
Follow the steps on the upgrade page to transition from CCC 4.1 to 4.2.
Restore your previous data following the instructions provided in the Back up and Restore section.
Finally, complete the upgrade by following the steps for transitioning from CCC 4.2 to 4.3.
Upgrading from CCC 4.1 to CCC 4.3: Helm Users
To upgrade from CCC version 4.1 to 4.3 for Helm users, follow these steps:
On the master node, stop the previous CCC container and related resources:
helm uninstall ccc kubectl delete secrets ccc-password
On each worker node, remove the CCC 4.1.0 image:
crictl rmi ccc:4.1.0
Delete the pgdata directory to remove any residual data from CCC. Ensure a backup is taken if needed, as this step will permanently delete data:
sudo rm -rf /home/ccc/pgdata
sudo may be required for permissions.
Optionally, delete the server-logs directory to clear logs from previous versions:
sudo rm -rf /home/ccc/server-logs
sudo may be required for permissions.
Follow the steps on the upgrade page to transition from CCC 4.1 to 4.2.
Restore your previous data following the instructions provided in the Back up and Restore section.
Finally, complete the upgrade by following the steps for transitioning from CCC 4.2 to 4.3.
Upgrading from CCC 4.0 to CCC 4.3
To upgrade CCC from version 4.0 to 4.3, complete the steps outlined for upgrading from CCC 4.1 to 4.3, depending on your environment.
Upgrading from CCC 3.9 to CCC 4.3
To upgrade CCC from version 3.9 to 4.3:
Create a database backup to preserve your current data.
Uninstall CCC 3.9 by running the following command to execute the uninstall.sh script:
sh /usr/safenet/ccc/uninstall.sh
Install CCC 4.2.
Restore your database after the CCC 4.2 installation is complete.
Complete the upgrade to CCC 4.3 by following the steps for upgrading from CCC 4.2 to CCC 4.3.
Upgrading from CCC 3.8.1 or below to CCC 4.3
To upgrade CCC from version 3.8.1 and below to 4.3:
Obtain the CCC version 3.9 distribution package.
Upgrade to CCC 3.9 by executing the install.sh script from the CCC 3.9 distribution package.
Verify the successful installation of CCC 3.9 by checking the CCC GUI for confirmation.
Complete the upgrade to CCC 4.3 by following the steps for upgrading from CCC 3.9 to CCC 4.3.
