1. Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager
  2. Pre-Encryption Migration Phase

Pre-Encryption Migration Phase

In the pre-encryption migration phase, SCM scales down the Siebel Enterprise Server (SES) and Siebel Gateway (CGW) workloads in a controlled way. It mounts the shared file system and backs up critical runtime directories and the Gateway registry configuration. As a checkpoint, SCM also creates a Git tag in the environment’s Flux repository (for example, <siebel_version>_pre_encryption). This tag captures the exact desired state before you make the encryption change.

This phase includes the following tasks:

Running the Pre-Encryption Migration Script

You must run the pre_openssl_encryption.sh script to perform the pre-encryption migration tasks.

To run the pre_openssl_encryption.sh script:

  1. Go to the cmapp directory:
    cd /home/opc/siebel-cloud-manager/scripts/cmapp
  2. Run the pre-encryption migration shell script:
    bash pre_openssl_encryption.sh
  3. Enter the ID of the environment that you want to encrypt.

The pre-encryption migration script performs tasks such as the following:

  • Scale down the CGW and SES StatefulSet replicas to 0.
  • Create local backups of gtwysrvr/registry/conf and siebsrvr/sys.
  • Create and push a Git tag named <siebel_source_version>_pre_encryption to the Flux repository.
  • Roll out CGW pods for the target Siebel version.
  • Scale the CGW StatefulSet back to the desired replica count.
Note: The above list shows only a subset of the tasks that the pre-encryption migration script performs. It does not include every task the script performs

Verifying Pre-Encryption Migration Updates

You can verify that the pre-encryption migration script ran successfully as follows:

  1. Verify the log to confirm that the CGW pods are running. Look for a message such as "Pre-steps completed successfully," which confirms that the pre-steps completed successfully.
  2. Verify the StatefulSet replica status as follows:
    1. Load the Kubernetes profile for your environment:
      source ~/siebel/<ENV_ID>/k8sprofile
    2. Check the StatefulSet replica status using kubectl:
      kubectl -n <env_namespace> get sts siebelcgw edge

    Confirm that CGW (siebelcgw) pods show the expected READY count (for example, 3/3) and that the SES component (for example, edge) reflects the pre-migration scale state (for example, 0/0).

  3. Verify that the backup directories are created:
    cd /home/opc/siebel/<ENV_ID>/
ls -tlr <ENV_ID>-encryption_migration_backup/

    Confirm that the backup folder exists and includes component directories such as CGW and edge (for the SES component).

  4. Verify that SCM created the pre-encryption Git tag:
    cd /home/opc/siebel/<ENV_ID>/<env_namespace>-cloud-manager
git tag -l "*pre_encryption"

    Confirm that you see a tag such as <siebel_source_version>_pre_encryption (for example, 25.9_pre_encryption).