11. Appendix: LCAP Over SSL Migration

If your LOCKSS network uses LCAP SSL keystores for encrypted communication between nodes (ask your LOCKSS network admin to know if this situation applies to you), you will need to perform a few additional steps related to your LCAP SSL keystore. The instructions in this manual will refer you to this section in several appropriate places.

Take these steps into consideration, depending on your Migration Scenario:

  1. In the Importing Configuration From LOCKSS 1.x section of the Configuring LOCKSS 2.x for Migration chapter, after you make the LOCKSS 1.x configuration file available to LOCKSS 2.x, you will need to perform the following actions.

    1. On the LOCKSS 2.x host, in the LOCKSS Installer Directory, create a new subdirectory for LOCKSS 1.x keys by running this command as the lockss user:

      mkdir -p config/keys/v1keys

    2. Copy the three files from the /etc/lockss/keys directory of your LOCKSS 1.x host into this new config/keys/v1keys directory on your LOCKSS 2.x host.

  2. In the Running LOCKSS 2.0-beta1 section of the Configuring LOCKSS 2.x for Migration chapter, after you edit the Admin Access Control screen with the IP address or subnet of your LOCKSS 1.x host (Running LOCKSS 2.0-beta1 steps (2)(b) and (2)(c)), you will need to perform the following actions.

    1. Follow the instructions in the Interactive Tool section in the LCAP Over SSL section of the LOCKSS System Manual to generate a keystore for your LOCKSS 2.x host and add it to your network's public keystore.

    2. Follow the instructions in the Installing the Keystores section in the LCAP Over SSL section of the LOCKSS System Manual to install the newly generated keystore to your LOCKSS 2.x host.

    3. Additionally, the newly generated network public keystore must replace the one present on your LOCKSS 1.x host. Copy the newly generated network public keystore to the /etc/lockss/keys directory on your LOCKSS 1.x host, such that it replaces the original one.

  3. At the end of the Reconfiguring LOCKSS 2.x for Normal Operation chapter, after you successfully re-run the configure-lockss script, you will need to perform the following action.

    Relative to the LOCKSS Installer Directory on your LOCKSS 2.0 host, copy the three files from the config/keys/v1keys directory into the config/keys directory, replacing the corresponding files there.

    Note

    If renaming your LOCKSS 2.x host name to that previously used by your LOCKSS 1.x host is not possible, do not perform this step; instead, your LOCKSS network admin will need to distribute a new network public keystore to all nodes in the network, for which you will have to coordinate with them.

  1. In the Importing Configuration From LOCKSS 1.x section of the Configuring LOCKSS 2.x for Migration chapter, after you make the LOCKSS 1.x configuration file available to LOCKSS 2.x, you will need to perform the following action.

    Copy the three files from the /etc/lockss/keys directory into the config/keys directory relative to the LOCKSS Installer Directory (usually /home/lockss/lockss-installer/config/keys), following the instructions from Installing the Keystores in the LCAP Over SSL section of the LOCKSS System Manual.