1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Encryption Migration Phase

Encryption Migration Phase

In the encryption migration phase, SCM deploys a Kubernetes job that runs the encryption migration in a consistent way with clear logging. The job uses environment-specific connectivity and storage settings, runs with the correct target Siebel CRM container image, and is monitored until it completes with automated failure detection and diagnostic collection. This phase includes the following tasks:

Running the Encryption Migration Script

You must run the openssl_encryption_migration.sh script to perform the encryption migration. When you run this script, it prepares the migration job manifest and applies the encryption migration to the Siebel containers.

To run the openssl_encryption_migration.sh script:

  1. Go to the cmapp directory:
    cd /home/opc/siebel-cloud-manager/scripts/cmapp
  2. Run the encryption migration shell script:
    bash openssl_encryption_migration.sh
  3. Enter the ID of the environment that you want to encrypt.

Verifying Encryption Migration Updates

You can verify that the encryption migration script ran successfully as follows:

  1. Verify the status of the encryption migration job, as follows:
    1. Load the Kubernetes profile for your environment:
      source ~/siebel/<ENV_ID>/k8sprofile
    2. Check the status of the encryption migration job pod using kubectl:
      kubectl -n <env_namespace> get pods
  2. Review the encryption migration job log:
    kubectl -n <env_namespace> logs po/<pod name>

If the log includes:

  • A success message such as "Encryption Upgrade Utility executed successfully" and a reference to the detailed log file (for example, /siebel/mde/siebsrvr/log/encryptupg.log), the migration is successful.
  • An error message such as "ORA-00955: name is already used by an existing object" and "Error during s_app_ver backup", it indicates that the S_APP_VER_BAK table already exists. To resolve this issue, you must do the following:
    1. Drop the S_APP_VER_BAK table from the database schema, as follows:
      1. Connect to the database using the table owner user.
      2. Execute the following SQL commands:
        DROP TABLE S_APP_VER PURGE;
ALTER TABLE S_APP_VER_BAK RENAME TO S_APP_VER;
GRANT SELECT, INSERT, UPDATE, DELETE ON S_APP_VER TO SSE_ROLE;
UPDATE S_APP_VER SET ENCRYPT_PWD_FL_KEY = NULL;
    2. Rerun the encryption migration shell script:
      bash openssl_encryption_migration.sh