Skip to main content

Load files and manage containers

In this step, you will load the container images and application config files from an USB stick onto the HSM. Then, you can manage the containers.

info

Make sure that you deploy container images that are compatible. Please the this table of compatible image versions.

Command Overview

To list details about the containers, images, and application configs, run hsm_diagnostics containers:

>>> hsm_diagnostics containers
VaultContainers platform: running

Containers
securosys-psql, status=running, image=database_v1.0.1, auto_start=enabled, yaml=-
tsb-rest-api, status=running, image=tsb_v2.7.0, port=8080, auto_start=enabled, yaml=application-tsb-hsm_v2.7.0
vault-code-1, status=running, image=vault-code_v2.1.0, port=8081, auto_start=enabled, yaml=application-vault-code-hsm_v2.1.0

Images
vault-code_v2.1.0, ID=sha256:4e666abf1b8f05fbfee001576076435dc60c13bcca9d577956d043f99777eee8
database_v1.0.1, ID=sha256:221f8131a95f92ac3f617cac5eefd95094ee3cb89e48921974714dcccee448e9
tsb_v2.7.0, ID=sha256:856dd630645d23197f5c10f64f0eae06c2234e43831880473d857ca64219272e

YAMLs
application-tsb-hsm_v2.7.0
application-vault-code-hsm_v2.1.0

To list all VaultContainers-related options, run help8:

>>> help8

Container platform commands (Active SO role needed):

Container commands:
  hsm_sec_container_start           - Start a container
  hsm_sec_container_stop            - Stop a container

Container image commands:
  hsm_sec_container_image_load      - Load a container image
  hsm_sec_container_image_update    - Update a loaded container image
  hsm_sec_container_image_delete    - Delete a loaded container image

Container YAML file commands:
  hsm_sec_container_yml_load       - Load a .yml file
  hsm_sec_container_yml_update     - Update a loaded .yml file
  hsm_sec_container_yml_delete     - Delete a loaded .yml file
tip

Full instructions and commands for how to manage containers are provided in Section 14 "VaultContainers Platform" of the Primus HSM User Guide.

Save the files onto an USB stick

Download the VaultCode release files. These contain the Securosys-provided container images as .container files.

Copy the following files onto an USB stick:

  • All container images (.container). At least the database and VaultCode. Optionally, also the TSB.
  • The application configuration files (application-vault-code-hsm.yml).

Insert the USB stick into the Primus HSM or the Decanus terminal.

Alternatively, if you have configured WebDAV on your HSM, put them onto the WebDAV share. See Section 4.4.7 "Data Transfer with WebDAV Server" in the Primus HSM User Guide for how to set up WebDAV.

Load the Container Images and Config Files

Load all the container images, the container definitions (via the .sconfig file), and the container application config files (YAMLs) from the USB stick or WebDAV onto the HSM.

For instructions, please see Section 14.6 "Load Container Image(s) and Application Configuration File(s)" and Section 14.7 "HSM Configuration – VaultContainer Instances" of the Primus HSM User Guide.

Repeat this for the database, VaultCode, and optionally the TSB.

warning

The container definitions in the .sconfig file that you load reference images names (<image>) and config file names (<config>).

When loading the containers you must use the same names as in the .sconfig!

Start the Database Container

Start the database container, as described in Section 14.8 "Starting and Stopping Container(s)" of the Primus HSM User Guide.

Using the container diagnostics, check that it comes up. For details, see Section 14.9 "VaultContainer Troubleshooting" of the Primus HSM User Guide.

Start VaultCode

Start the VaultCode container. Using the diagnostics, check that it comes up. Check that it stays up after ~30 seconds: VaultCode does some initialization, which may fail.

You can use curl to check if the landing page of VaultCode is reachable. In the command below, replace the IP address with the address of interface on which the VaultContainers subsystem is listening. Replace the port number with port you assigned to the VaultCode container.

curl -v -L http://10.0.0.10:8080

Troubleshooting

See Section 14.9 "VaultContainer Troubleshooting" of the Primus HSM User Guide for how to use the container diagnostics.

If the VaultCode container crashes (status=exited(1)), export the security log from the HSM:

System ➜ Diagnostics Security ➜ Export Logs

This will write a ZIP file to USB/WebDAV. Unzip it and inspect the containers.log file. It contains the log output from all containers.

Next Steps

Proceed to the Tutorials section to learn how to:

Get started withCloudHSM for free.
Other questions?Ask Sales.
Last updated on
Feedback
Need help?