If you do not wish to back up KTS using Cloudera Manager or the backup script, you
can use this procedure for both parcel-based and package-based installations.
The following procedure references the default database
port and location; if you modified these settings during installation, replace the
database and port with your values.
-
Back up the Key Trustee Server database:
The --encrypt
option prompts you to create a password used
to encrypt the zip file. This password is required to decrypt the file.
For parcel-based installations, you must set environment variables after
switching to the
keytrustee
user:
su - keytrustee
export PATH=$PATH:/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/<postgres-version>/bin
export LD_LIBRARY_PATH=/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/<postgres-version>/lib
pg_dump -c -p 11381 keytrustee | zip --encrypt keytrustee-db.zip -
-
Back up the Key Trustee Server configuration directory
(
/var/lib/keytrustee/.keytrustee
): zip -r --encrypt
keytrustee-conf.zip
/var/lib/keytrustee/.keytrustee
The --encrypt
option prompts you to create a password used
to encrypt the zip file. This password is required to decrypt the file.
-
Move the backup files (keytrustee-db.zip and
keytrustee-conf.zip) to a secure location.