Overview
This document provides a step-by-step guide to migrating Irancell IAM databases from a local environment to a remote database server. It covers the entire process, including:
- Backing up existing databases (openiam and activiti) from the local IAM machine.
- Setting up MariaDB on a new remote server and configuring it for remote access.
- Creating necessary databases and users on the new server.
- Importing the database dumps into the new server.
- Updating Irancell IAM configuration to point to the new database server and restarting services.
By following this guide, administrators can safely migrate Irancell IAM’s data and ensuring that all users, tables, and application data are preserved.
Purpose
The purpose of this document is to describe the process of migrating the database from the local environment to a remote environment.
- Current setup: A machine with IAM and its database installed locally.
- Target setup: A machine that will act as the main (remote) database server.
During the Irancell IAM installation process, the installer prompts whether to install the database locally.
Refer to the Irancell IAM Installation Guide. for more details.
Note: Installing the database locally is considered a best practice.
The database currently installed on the machine with IAM will be migrated to a new machine.
To achieve this, we need to dump all tables from the existing database on the IAM machine.
This process will create a database dump file that contains all the data and user accounts required for the migration.
Table of Contents
- Step 1: Create a Backup Directory on the IAM Machine
- Step 2: Create the Database Dump File in the Backups Directory
- Step 3: Create Database Dumps
- Step 4: Prepare the New Remote Database Server
- Step 5: Create Databases and Users
- Step 6: Import Database Dumps
- Step 7: Update Irancell IAM Configuration
Step 1: Create a Backup Directory on the IAM Machine
First, create a directory named backups in /var on the machine with IAM to store the database dump file.
sudo mkdir /var/backups
Step 2: Create the Database Dump File in the Backups Directory
Navigate to the backups directory and create a dump of the openiam-db database.
sudo mkdir /var/backups/openiam-db
Step 3: Create Database Dumps
Note:
We have two databases, activiti and openiam, each containing many tables, and both are hosted in MariaDB.
To create dump files for migration, we will need to run two separate commands, one for each database.
Creating a Dump of the openiam Database and the activiti Database
- Log in with root user
Linux root password
su -
Set the date variable (so the dump file includes the current date):
DATE=$(date +%F)
Use the ${DATE} variable in the dump command to generate a timestamped backup
To create a backup of the openiam database using mysqldump and the root user, run the following commands:
mysqldump -u root -p --single-transaction --routines --triggers --events --hex-blob openiam > /var/backups/openiam-db/openiam_${DATE}.sql
mysqldump -u root -p --single-transaction --routines --triggers --events --hex-blob activiti > /var/backups/openiam-db/activiti_${DATE}.sql
Notes on Passwords
When you run the command, you will be asked for a password (Database root password)
note:
After completing the dump process, you should see two database dump files containing all the database data on the machine with IAM.
You can now proceed to the next steps.
Step 4: Prepare the New Remote Database Server
Now, we should open the new machine, which currently has no data, and prepare it to host the database that we want to migrate.
Installing MariaDB on the New Machine
To install MariaDB, follow the steps below in order:
sudo apt update
sudo apt -y install mariadb-server
- Check if MariaDB is running:
systemctl status mariadb --no-pager
- You can check the installed MariaDB version with the following command:
mysql --version
- run the following command and enter the root password when prompted:
sudo mysql_secure_installation
During the process, answer the questions in the following order:
N/Y/Y/Y/Y
To allow remote access to MariaDB, open port 3306 with the following command:
sudo ufw allow 3306/tcp || true
It changes the MariaDB server’s bind address so that it listens on all network interfaces (0.0.0.0) instead of just 127.0.0.1.
That means:
The database can now accept connections from other machines on the network, not only from localhost.
sudo sed -i 's/^\s*bind-address\s*=.*/bind-address = 0.0.0.0/' /etc/mysql/mariadb.conf.d/50-server.cnf
If the MariaDB config file doesn’t already define a character-set-server, then append UTF-8 (utf8mb4) settings to it.”
MariaDB will start using UTF-8 encoding by default for all databases and tables.
sudo bash -lc 'grep -q "character-set-server" /etc/mysql/mariadb.conf.d/50-server.cnf || \
> printf "\n[mysqld]\ncharacter-set-server = utf8mb4\ncollation-server = utf8mb4_unicode_ci\n" | sudo tee -a /etc/mysql/mariadb.conf.d/50-server.cnf'
- Restart MariaDB to apply the configuration changes:
systemctl restart mariadb --no-pager
- Check the status of the MariaDB service:
systemctl status mariadb --no-pager
note:
After running the status command, you should see active (running) in the output, indicating that MariaDB is running correctly.
- You can see the MariaDB version
sudo mysql -u root -p -e "SELECT VERSION();"
You will be prompted to enter the database user password.
Enter the password for the database user to proceed.
The database has now been created successfully.
Next, you should create the tables for both activiti and openiam, and then import the corresponding dump files into them.
To create the necessary databases and tables, follow these steps:
Step 5: Create Databases and Users
CREATE DATABASE openiam CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE DATABASE activiti CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
- Insert the following commands one by one to create the users, assign privileges, and finally apply the changes:
CREATE USER 'idmuser'@'%' IDENTIFIED BY 'idmuser';
CREATE USER 'activiti'@'%' IDENTIFIED BY 'activiti';
GRANT ALL PRIVILEGES ON openiam.* TO 'idmuser'@'%';
GRANT ALL PRIVILEGES ON activiti.* TO 'activiti'@'%';
CREATE USER 'idmuser'@'localhost' IDENTIFIED BY 'idmuser';
CREATE USER 'activiti'@'localhost' IDENTIFIED BY 'activiti';
GRANT ALL PRIVILEGES ON openiam.* TO 'idmuser'@'localhost';
GRANT ALL PRIVILEGES ON activiti.* TO 'activiti'@'localhost';
FLUSH PRIVILEGES;
The databases are now ready.
The next step is to import the dump files into the respective databases (openiam and activiti).
Step 6: Import Database Dumps
Source (Machine with Dumps) → Destination (Database Machine):
Use the scp command to securely copy your database dump files from the source machine (where the dumps are stored) to the destination machine (the remote database server).
Run the following command from the source machine:
Note:
The <username>, <IP_ADDRESS>, and destination directory may vary depending on your setup. Adjust them according to your environment.
sudo scp /var/backups/openiam-db/* <username>@<IP_ADDRESS>:<Destination>
Example:
sudo scp /var/backups/openiam-db/* iamdb@10.2.10.130:/home/iamdb
- Import the
openiamdump file into theopeniamdatabase:
sudo mysql openiam < <Destination>openiam_*.sql
Example:
sudo mysql openiam < /tmp/openiam_2025-09-10.sql
- Import the
activitidump file into theactivitidatabase:
sudo mysql activiti < <Destination>activiti_*.sql
Example:
sudo mysql activiti < /tmp/activiti_2025-09-10.sql
- Check the number of tables in
Openiam:
sudo mysql -e "USE openiam; SHOW TABLES;" | wc -l
- Check the number of users in the
openiamdatabase:
sudo mysql -e "USE openiam; SELECT COUNT(*) AS total_users FROM USERS;"
Step 7: Update Irancell IAM Configuration
Now, go back to the machine with IAM and run the following command:
sudo nano /usr/local/openiam/conf/properties/datasource.properties
This file contains the database connection settings for Irancell IAM.
Update the database host IP by setting the new database machine’s IP address:
jdbc.host=<NEW_DB_IP>
For example:
jdbc.host=10.2.10.130
note:
Only the IP address is required — no port or extra configuration needed here.
Restart Irancell IAM services to apply the new database configuration:
sudo openiam-cli restart
Check the service statusto ensure everything is running properly:
sudo openiam-cli status
End of Migration
Your Irancell IAM instance is now connected to the remote database server with all data migrated successfully.
Top comments (0)