Move PINsafe How to Guide
From Swivel Knowledgebase Wiki
Contents |
Overview
This document outlines some of the best practices when moving a PINsafe install or PINsafe data from one PINsafe instance, the source, to another, the destination.
Prerequisites
PINsafe server or appliance
Backup PINsafe before any work is carried out
Ensure PINsafe versions are the same between installations. If PINsafe is to be upgraded as part of the process, verify the upgrade during testing. For upgrades see Upgrade PINsafe
Ensure that the Time zones are the same for all PINsafe installations.
It may be necessary to schedule some downtime
Moving PINsafe configurations from one install to another
Stop Tomcat on both old and new instances, copy the following files from the original installation to the new installation, then start Tomcat. For information on copying PINsafe files on appliances see Copying appliance files How to Guide.
<path to Tomcat>/pinsafe/conf/config.xml
<path to Tomcat>/pinsafe/WEB-INF/conf/ranges.xml
Ensure any customisations are also copied, see Transport Configuration.
Moving PINsafe user data from one PINsafe install to another
Timezone
Determine Timezone of original PINsafe installation. The new PINsafe installation must be the same timezone. If you cannot login and receive errors regarding no PIN or invalid PIN, it is likely that the timezone is not that of the source.
Certificates and Keystore
A new SSL certificate can be requested for the new PINsafe instance.
Another method if the hostnames are the same from the old PINsafe instance and the new PINsafe instance, may be to copy across the keystore. See also Moving PINsafe Keystore
The keystore file location on an appliance should be listed within your /usr/local/tomcat/conf/server.xml file, but the default keystore file location is:
/home/swivel/.keystore
(it's a hidden file with the '.' prefix)
The method would involve:
- Take a backup of the existing /home/swivel/.keystore file on the source and destination
- Make a note of the permissions assigned to the file, by default they are swivel:swivel 600
- Copy in the source .keystore file to the same location on the destination. See Copying appliance files How to Guide
- Run the following commands to ensure the permissions are set to their defaults:
chmod 600 /home/swivel/.keystore
chown swivel:swivel /home/swivel/.keystore
Where the source and/or destination is not a PINsafe appliance then the keystore password may be different and need to be set in the Tomcat server.xml file located under <path to Apache Tomcat>\conf
- Restart Tomcat
Exporting Databases to the Internal PINsafe Database
- If the PINsafe database is external and is not not being moved then the data does not need to be exported, the PINsafe instance can point to the database after being moved.
- If a database external to the PINsafe application is being used then the data can be copied to the internal PINsafe database. As an internal PINsafe database, the data can then be moved and exported to a new database or left using the internal database.
- If the database is the same type, and can be ported such as through a MySQL dump, see MySQL Database Export and Import
On the original PINsafe installation, Migrate Data to internal Db. In the PINsafe Administration console select Migration, and then select Internal as the target destination and enter the word "MIGRATE" to confirm migration. Note that this doesn't actually move the active database to Internal, it just makes a copy of the MySQL database in the Internal database. See also Migrate How to guide.
Moving the Internal PINsafe Database
Copy pinsafe data in the folder <path to Tomcat>/pinsafe/WEB-INF/db to new PINsafe Primary server. to do this stop Tomcat on the PINsafe instance, when using the the appliance use the console, to select Tomcat, then Stop. You now need to copy the database and configuration from the appliance. We recommend using a tool such as WinSCP (http://winscp.net/eng/download.php) to do this. The files you need are under /usr/local/tomcat/webapps/pinsafe/WEB-INF. Take a copy of the db folders.
Moving the PINsafe local XML Repository
If the internal local XML repository is being used then stop Tomcat on both instances of PINsafe then copy the repository <path to Tomcat>/pinsafe/data/repository.xml from the source to the destination, then start Tomcat.
Importing Data on the new PINsafe installation
If the data has been imported directly into a database external to the PINsafe application, such as through a MySQL dump, then configure PINsafe to use that database and do not Migrate the data, see MySQL Database Export and Import
Where data is to be imported from the PINsafe internal database to another database, the import should only be carried out on one server, for the PINsafe appliance, this will be the Primary Master. Ensure that the PINsafe instance is working correctly. Stop Tomcat then copy internal database to <path to Tomcat>/pinsafe/WEB-INF/db. The PINsafe server should be configured with the database should be set to Internal, and the Mode set to Synchronised. Once the database is copied and the permissions and ownerships are verified as being correct, start Tomcat.
1. On the PINsafe Administration console, under Database/General, ensure that the database configuration is set to internal and the new database configuration is correct, but keep the database as internal. For further information see MySQL Database How To Guide. Do not select an external database type such as MySQL until after Migration.
2. Migrate the data on the on new PINsafe installation to the required database. The migration should be carried out on one PINsafe server only. On the PINsafe appliance, this should be the primary Master. On the PINsafe Administration console select Migration, selecting the configured database as the target destination. Check the logs for any error messages. see also Migrate How to guide.
3. Then select the database. On the PINsafe Administration console select Database/General, set the database then apply. Check logs for any error messages.
4. For PINsafe appliances check synchronisation is working. see MySQL Appliance Database Synchronisation
