Restore Key Trustee Server in package-based installations

How to restore a package-deployed Key Trustee Server database from a backup.

These instructions apply to Key Trustee Servers deployed using a package. For parcel-based deployments, see “Restore Key Trustee Server in parcel-based installations” for more information.

The following procedures assume the default database port and location; if you modified these settings during installation, replace the database and port with your custom values.

If the Key Trustee Server host has failed completely, remove the host from the cluster and add a new host using Cloudera Manager:

  1. After you have provisioned a new host and installed Key Trustee Server (or if you are restoring the database or configuration on the original host), restore the database and configuration directory.
    Backups created using...
    ktbackup.sh script See “Restore Key Trustee Server from ktbackup.sh backups”
    pg_dump command Continue below
  2. If your backups were created manually using the pg_dump command, do the following:
    1. Copy or move the backup files (keytrustee-db.zip and keytrustee-conf.zip) to the Key Trustee Server host.
    2. Change the file ownership on the backup files to keytrustee:keytrustee:
      sudo chown keytrustee:keytrustee /path/to/keytrustee*.zip
    3. Restore the Key Trustee Server database:
      su - keytrustee
      unzip -p /path/to/keytrustee-db.zip | psql -p 11381 -d keytrustee

      If the zip file is encrypted, you are prompted for the password to decrypt the file.

    4. Restore the Key Trustee Server configuration directory:
      cd /var/lib/keytrustee
      unzip /path/to/keytrustee-conf.zip

      If the zip file is encrypted, you are prompted for the password to decrypt the file.

    5. Start the Key Trustee Server service:
      • RHEL 6-compatible: $ sudo service keytrusteed start
      • RHEL 7-compatible: $ sudo systemctl start keytrusteed
    6. Remove the backup files (keytrustee-db.zip and keytrustee-conf.zip) from the Key Trustee Server host.