Migration recovery script for IBM Security Guardium Key Lifecycle Manager

If migration fails and you choose to complete the remaining installation process, you can use the migration-recovery script, only if no updates or changes are made to the IBM Security Guardium Key Lifecycle Manager configuration. For example, do not significantly change the available disk space on the system.

Note: The migration recovery script will be deprecated in a future release.

The migration script is in the SKLM_INSTALL_HOME\migration directory.

To run the migration script, ensure that the following requirements are met:
  • JAVA_HOME is set correctly. The following example shows the path for JAVA_HOME:
    Windows systems
    C:\Program Files\IBM\WebSphere\Liberty\java\8.0\jre
    Linux® and AIX® systems
    /opt/IBM/WebSphere/Liberty/java/8.0/jre
  • Specify the values for the migration parameters in the migration.properties file. The migration.properties file exists under the SKLM_INSTALL_HOME\migration directory. For definitions of the migration parameters, see Parameters in the migration.properties file.

The migration utility creates a migration.log file in the IM_DATA_DIR\logs\sklmLogs directory.

Commands to run the migration scripts

Windows systems
cd SKLM_INSTALL_HOME\migration
.\migrateToSKLM.bat
For example,
cd "C:\Program Files\IBM\SKLMV27\migration"
.\migrateToSKLM.bat
Linux and AIX systems
Note: On Linux or AIX systems, ensure that you are logged in as the root user before you run migrateToSKLM.sh.
cd SKLM_INSTALL_HOME/migration
./migrateToSKLM.sh
For example,
cd /opt/IBM/GKLMV421/migration
./migrateToSKLM.sh
You must specify value for the migration parameters in the migration.properties file, which exists under the SKLM_INSTALL_HOME/migration directory.

After you run the migration recovery script, stop the server of the earlier version of IBM Security Guardium Key Lifecycle Manager. Then, restart the IBM Security Guardium Key Lifecycle Manager 4.2.1 server. For more information, see Restarting the Guardium Key Lifecycle Manager server.

For the definition of IM_DATA_DIR and SKLM_INSTALL_HOME, see Definitions for HOME and other directory variables.

Parameters in the migration.properties file

WAS_HOME
The directory where WebSphere Application Server Liberty for IBM Security Guardium Key Lifecycle Manager, version 4.2.1 is installed.
TKLM_TIP_HOME
Use this parameter to set WAS_HOME for the earlier version of IBM Security Guardium Key Lifecycle Manager, such as 2.5, 26, and 2.7.
WAS_ADMIN_ID
The WebSphere Application Server administrator username for the earlier version of IBM Security Guardium Key Lifecycle Manager.
WAS_ADMIN_PASSWORD
The WebSphere Application Server administrator password for the earlier version of IBM Security Guardium Key Lifecycle Manager.
SKLM_INSTALL_PATH
The directory where IBM Security Guardium Key Lifecycle Manager 4.2.1 is installed.
SKLM_ADMIN_USER
The administrator username for the earlier version of IBM Security Guardium Key Lifecycle Manager. The username must be SKLMAdmin.
SKLM_ADMIN_USER_PASSWORD
The administrator password for the earlier version of IBM Security Guardium Key Lifecycle Manager.
MIG_LOG_PATH
The file path where the migration.log is stored.
TKLM_VERSION
The version number of the earlier version of IBM Security Guardium Key Lifecycle Manager that is installed on the system.
TKLM_DB_PWD
The Db2 administrator password for the earlier version of IBM Security Guardium Key Lifecycle Manager.
KEYSTORE_PWD
Specify None.
IM_INSTALL_DIR
The directory where IBM® Installation Manager is installed.
TKLM_HTTPS_PORT
Specify the HTTPS port of the earlier version of IBM Security Guardium Key Lifecycle Manager.
SKLM_HTTPS_PORT
Specify the HTTPS port of IBM Security Guardium Key Lifecycle Manager version 4.2.1.
TKLM_DB_INSTANCE_HOME
Specify the directory of the Db2 instance for the earlier version of IBM Security Guardium Key Lifecycle Manager.
SKLM_DB_INSTANCE_HOME
Specify the directory of the Db2 instance for IBM Security Guardium Key Lifecycle Manager version 4.2.1.
Note: All the values except passwords are filled in the properties file. Do not modify any values except for the fields that are blank.

Sample migration.properties file

WAS_HOME=/opt/IBM/WebSphere/Liberty
TKLM_TIP_HOME=/opt/IBM/WebSphere/AppServer
WAS_ADMIN_ID=wasadmin
WAS_ADMIN_PASSWORD=WAS@admin123
SKLM_INSTALL_PATH=/opt/IBM/GKLMV421
SKLM_ADMIN_USER=SKLMAdmin
SKLM_ADMIN_USER_PASSWORD=SKLM@admin123
MIG_LOG_PATH=/opt/IBM/GKLMV421/migration/migration.log
TKLM_VERSION=3.0.0.0
TKLM_DB_PWD=SKLM@db2
KEYSTORE_PWD=none
IM_INSTALL_DIR=/opt/IBM/InstallationManager/eclipse
TKLM_HTTPS_PORT=9443
SKLM_HTTPS_PORT=443
SKLM_DB_INSTANCE_HOME=/home/klmdb421
TKLM_DB_INSTANCE_HOME=/home/sklmdb30