Restore Key Trustee Server in parcel-based installations

How to restore a parcel-deployed Key Trustee Server database from a backup.

These instructions apply to Key Trustee Servers deployed using parcels. For package-based deployments, see Restore Key Trustee Server in package-based installations for more information.

The following procedures assume the default database port and location; if you modified these settings during installation, replace the database and port with your custom values.

If the Key Trustee Server host has failed completely, remove the host from the cluster and add a new host using Cloudera Manager:

Remove the failed host from the cluster. See Deleting Hosts for instructions.
Add a new host with the same hostname and IP address as the failed host to the cluster. See Adding a Host to a Cluster for instructions.

important
Make sure that the replacement host uses the same operating system version as the failed host.
Install Key Trustee Server on the new host. Be sure to install the same Key Trustee Server version as the failed host.

After you have provisioned a new host and installed Key Trustee Server (or if you are restoring the database or configuration on the original host), restore the database and configuration directory.

Backups created using...
`ktbackup.sh` script	See Restore Key Trustee Server from ktbackup.sh backups
`pg_dump` command	Continue below

If your backups were created manually using the pg_dump command, do the following:
1. Copy or move the backup files (keytrustee-db.zip and keytrustee-conf.zip) to the Key Trustee Server host.
2. Start the PostgreSQL server:
```
sudo ktadmin db --start --pg-rootdir /var/lib/keytrustee/db --background
```
3. Restore the Key Trustee Server database:
```
su - keytrustee
export PATH=$PATH:/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/12.1/bin
export LD_LIBRARY_PATH=/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/12.1/lib
unzip -p /path/to/keytrustee-db.zip | psql -p 11381 -d keytrustee
```
  If the zip file is encrypted, you are prompted for the password to decrypt the file.
4. Restore the Key Trustee Server configuration directory:
```
su - keytrustee
cd /var/lib/keytrustee
unzip /path/to/keytrustee-conf.zip
```
  If the zip file is encrypted, you are prompted for the password to decrypt the file.
5. Stop the PostgreSQL server:
```
sudo ktadmin db --stop --pg-rootdir /var/lib/keytrustee/db
```
6. Start the Key Trustee Server service in Cloudera Manager (Key Trustee Server service > Actions > Start).
7. Remove the backup files (keytrustee-db.zip and keytrustee-conf.zip) from the Key Trustee Server host.