Closed micahlee closed 6 years ago
So, a problem is that an EE backup file also contains lots of EE specific info like data encryption keys, configuration files of various services, etc. Conjur OSS is not going to be able to easily create a backup file that's compatible with EE, since there are a lot of EE features that are expected to be configured in the backup file (but OSS knows nothing about these features...).
It might be simpler architecturally to put all the knowledge about how to upgrade from OSS to EE into the EE product itself. For example, a new evoke
command or evoke
option set which configures the server as an upgrade from a running OSS container.
Sure, that makes sense.
I agree the upgrade knowledge would live most appropriately with enterprise. I think I can generalize this to two starting choices:
I will switch gears a bit and write up the experience for standing up EE from an online OSS container.
cc @jvanderhoof in case you have any thoughts or guidance from PM conversations that would influence this.
Maybe this is a dumb question, but could we just do a sql dump from OS and load it into Evoke as part of the EE setup?
A SQL dump will certainly have to be a part of it. My initial thinking was that it was an implementation detail, rather than part of the end-user experience directly.
I haven't gone deep yet, but I know you would at least have two pieces that need to come from Open Source, the SQL dump and the data key, in order to move the data into an EE instance. Having the end-user export those directly feels sloppy to me, compared with the experience of evoke backup
. There, the details about what is in the backup isn't something I have to be concerned with if I don't want to, and I gain some overall confidence because the tool has taken the care to protect the backup information for me.
@micahlee It's not probably possible to add a volume mount after the Conjur container is already running. Maybe it would be better to show how to capture the backup and then copy to the local filesystem using docker cp
.
Workflow
Given a running Conjur server setup using the open source Getting Started guide.
Run the export command inside the Conjur container
Copy the exported data files out of the container