Skip to main content
Skip table of contents

Migrate to Podman (Podman compose)

This article is new for Nexus OCSP Responder 6.2.7-1.

This article describes how to migrate an existing Nexus OCSP Responder installation to Podman using Podman compose.

Prerequisites

  • Nexus OCSP Responder (OCSP) is installed with version OCSP 6.2.7.

  • Podman version 4.9.4 or later is installed.

  • A valid OCSP license file.

Earlier OCSP versions are not supported for migration and must be updated the regular way before a migration can be performed.

Step-by-step instructions

Deployment directory setup

When deploying using podman-compose, the name of the directory in which the distributable deployment files are located will dictate the prefix of the names of each container deployed using the docker-compose.yml file. In general, most parameters in the docker-compose.yml files can be changed to suit special needs, such as for example ports that are exposed by the containers can be changed to different ports if so required.

In this guide it is assumed that the name of this directory is ocsp, and each container name will hence be prefixed with:

CODE
ocsp_

This will also be the directory from which the deployment will be done from and all configuration for the containers is placed inside it.

Load Podman image

The Podman image for OCSP are located in the image directory within the distributable package.

Load the image using the following command:

CODE
podman image load -i image-6.2.7-1/ocsp_6.2.7-1.tar

Stop existing Nexus OCSP responder service

Stop the currently running Nexus OCSP Responder service.

Modify docker compose file

Update the docker-compose file with any none default ports you might require for your .configuration to work.

Place existing license file

Place the existing license file in the license directory within the OCSP deployment directory.

Initialize the OCSP deployment

Create the container and volumes by using the following command:

CODE
podman-compose up --no-start

Now the containers and volumes required by the OCSP responder are ready to be configured.

Migrate OCSP configuration

The content of the following five directories needs to be copied from your current OCSP server installation:

CODE
<ocsp-home>/bin
<ocsp-home>/certs
<ocsp-home>/config
<ocsp-home>/cils
<ocsp-home>/crls

The following volumes exists for the above listed directories:

  • bin:
    /var/lib/containers/storage/volumes/ocsp_ocsp-bin/_data/
    Only HSM library .dll/.so files need to be copied.

  • certs:
    /var/lib/containers/storage/volumes/ocsp_ocsp-certs/_data/

  • config:
    /var/lib/containers/storage/volumes/ocsp_ocsp-config/_data/

  • cils:
    /var/lib/containers/storage/volumes/ocsp_ocsp-cils/_data/

  • crls:
    /var/lib/containers/storage/volumes/ocsp_ocsp-crls/_data/

Start OCSP container

Start the OCSP container using the following command:

CODE
podman-compose start ocsp

Enable HSM configuration

For more information, see OSCP deployment using Podman compose.

Recommendations

Configuration files and libraries/addons (such as HSM) can be added as volumes to the containers.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.