Migrate existing CM installation to Podman (Podman compose)
This article is new for Certificate Manager 8.10.4.
This article describes how to migrate an existing Smart ID Certificate Manager (CM) installation to Podman using Podman compose.
Prerequisites
Certificate Manager (CM) is installed with version CM 8.10.X.
Earlier CM versions are not supported for migration and must be updated the regular way before a migration can be performed.
Podman version 4.9.4 or later is installed.
A valid CM license file
Step-by-step instructions
Deployment directory setup
Create a deployment directory to store all container configurations. See the “Deployment Directory” section in Deployment using Podman compose.
Load Podman images
The Podman images for CM are located in the images directory within the distributable package.
Load the images using the following commands:
podman image load -i images/cf-server.tar
podman image load -i images/pgw.tar
Stop existing CF server and PGW
Stop the current CF server and Protocol Gateway (PGW). See Uninstall Certificate Manager server components and clients for more information.
Modify docker compose file
Update the docker-compose file with the existing database connection details. For more information, see the “Connecting to services running on the Podman host” section in Deployment using Podman compose
Place existing license file
Place the existing license file in the license directory within the CM deployment directory.
Initialize the CM deployment
Create the containers and volumes by using the following command:
podman-compose up --no-start
Now the containers and volumes required by the CF server and PGW are ready to be configured.
Migrate CF server configuration
The content of the following three directories needs to be copied from your current CF server installation (this assumes that your current installation is running CF with internal cis):
<server-home>/bin
<server-home>/certs
<server-home>/config
The following volumes exists for the above listed directories:
bin:
$HOME/.local/share/containers/storage/volumes/cm_cf-server-bin/_data/Only HSM library .dll/.so files needs to be copied
certs:
$HOME/.local/share/containers/storage/volumes/cm_cf-server-certs/_data/config:
$HOME/.local/share/containers/storage/volumes/cm_cf-server-config/_data/
Migrate PGW configuration
The content of the following two directories needs to be copied from your current PGW installation:
<cm-gateway>/conf
<tomcat-installation>/config
The following volumes exists for the above listed directories:
<cm-gateway>/conf:
$HOME/.local/share/containers/storage/volumes/cm_pgw-config-gw/_data/<tomcat-installation>/config:
$HOME/.local/share/containers/storage/volumes/cm_pgw-config-tomcat/_data/
Start CF server container
Start the CF server container using the following command:
podman-compose start cf-server
Start pgw container
Start the pgw container using the following command:
podman-compose start pgw
Enable pgw container health check
Follow the instructions in the "Enabling the PGW Container Health Check" section in Deployment using Podman compose.
Enable HSM configuration
Follow the instructions in the "HSM Configuration" section in Deployment using Podman compose.
Recommendations
Configuration files and libraries/addons (such as HSM) can be added as volumes to the containers.