Change OpenIAM product database
The following sections describe options to switch the OpenIAM product database.
Switch existing installation using another database
Sometimes, during installation customers start with the default MySQL database. This is often due to the simplicity it provides in getting started. However, going forward they might want to use another database, such as MSSQL, Oracle or PostgreSQL.
You must be aware that switching of DB is not the same as a migration. You will in fact be starting with a clean installation with default passwords. All the configuration done via OpenIAM web interface will be lost, as well an users, roles, groups, etc. that have been created.
Part of this activity will be vault clean up, make sure you know all password written there. Please follow provided steps to switch OpenIAM DB.
RPM type of installation
- Stop OpenIAM application by running 'openiam-cli stop' command, after please make sure all processes are down.
- Modify datasource.properties file in /usr/local/openiam/conf/properties accordingly to new db type.
- Modify /usr/local/openiam/env.conf by setting new DB connection details in FLYWAY_% variables
- Prepare vault secrets to re-bootstrap them on next steps. You can retrieve current secrets from vault by running script utils/vault/vault.fetch.property.sh
./vault.fetch.property.sh vault.secret.rabbitmq.password./vault.fetch.property.sh vault.secret.redis.password./vault.fetch.property.sh vault.secret.elasticsearch.password./vault.fetch.property.sh vault.secret.elasticsearch.username
- Stop vault server by running command
pkill -9 vault
. Now we need to clean up vault database, for it stop ETCD by runningsystemctl stop etcd
and runrm -rf /var/lib/etcd/default.etcd/member/
. Then start etcd by runningsystemctl start etcd
and start vault by running start.sh from utils/vault. - Run /usr/local/openiam/utils/vault/bootstrap.sh and re-populate new secrets for connection. Secrets for redis, rabbitmq and elasticsearch use ones you fetched on step 4.
- Run /usr/local/openiam/utils/flyway/init.sh to install schemas in the new database
- Start OpenIAM by running
openiam-cli start
command - Restart httpd service by running
systemctl restart httpd
command