Installing or updating CAST Imaging with certificate-based database authentication
Overview
This section of documentation provides instructions for situations where you need to either install CAST Imaging from scratch or perform an in-place update to a new release and your CAST Storage Service/PostgreSQL instance(s) are already configured with certificate-based authentication.
Scenarios and actions are provided below.
Microsoft Windows
Before starting the installation or running an update to a new release you should ensure that for the CAST Storage Service/PostgreSQL instance that will be/is being used to store the control_panel
schema and the keycloak_v3
database, the following is true:
- you have generated the server and client certificates and keys as described in Step 1 - Generate certificates and keys.
- you have configured the target CAST Storage Service/PostgreSQL as described in Step 2 - Configure CAST Storage Service/PostgreSQL.
- you have created an
.ini
file and an environment variableCASTCONNECTIONEXTRAPARAMETERS
as described in Step 3 - Configure CAST components.
Next ensure that the relevant .conf
files from the CAST Imaging installer are correctly defined, in particular the following options (see Microsoft Windows installation variables):
CSS_SSL_ENABLED
CSS_SSL_MODE
CSS_SSL_ROOT_CERT
CSS_SSL_CERT
CSS_SSL_KEY
CSS_SSL_KEY_PEM
CSS_INI_FILE_PATH
These options ensure that the installer can work with a target CAST Storage Service/PostgreSQL instance configured with certificate-based authentication to create or interact with the control_panel
schema and the keycloak_v3
database.
Note about additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication:
- In a “from scratch” installation, additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication are added post-install for analysis data storage, following the instructions in Configuring certificate-based authentication
- In an “update” scenario, any additional CAST Storage Service/PostgreSQL instances configured with certificate-based authentication that have been added for analysis data storage are not accessed during an in-place update to a new release
Linux via Docker
There is nothing specific to do when installing CAST Imaging from scratch or performing an in-place update to a new release because the bundled PostgreSQL instance (container) cannot be configured to function in encrypted mode and this instance is always used to store the persistence schema control-panel
and the keycloak_v3
database. You should install and update as normal.