How to restore a parcel-deployed Key Trustee Server database from a
backup.
These instructions apply to Key Trustee Servers deployed using parcels. For
package-based deployments, see Restore Key Trustee Server in package-based
installations
for more information.
The following procedures assume the default database port and location; if you
modified these settings during installation, replace the database and port with your
custom values.
If the Key Trustee Server host has failed completely, remove the host from the
cluster and add a new host using Cloudera Manager:
-
Remove the failed host from the cluster. See
Deleting Hosts
for
instructions.
-
Add a new host with the same hostname and IP address as the failed host to the
cluster. See
Adding a Host to a Cluster
for instructions.
-
Install Key Trustee Server on the new host. Be sure to install the same Key
Trustee Server version as the failed host.
-
After you have provisioned a new host and installed Key Trustee Server (or if
you are restoring the database or configuration on the original host), restore
the database and configuration directory.
Backups created using... | |
---|
ktbackup.sh script |
See Restore Key Trustee Server from ktbackup.sh
backups |
pg_dump command |
Continue below |
-
If your backups were created manually using the
pg_dump
command, do the following:
-
Copy or move the backup files (keytrustee-db.zip and
keytrustee-conf.zip) to the Key Trustee Server
host.
-
Start the PostgreSQL server:
sudo ktadmin db --start --pg-rootdir /var/lib/keytrustee/db --background
-
Restore the Key Trustee Server database:
su - keytrustee
export PATH=$PATH:/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/14.2/bin
export LD_LIBRARY_PATH=/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/14.2/lib
unzip -p /path/to/keytrustee-db.zip | psql -p 11381 -d keytrustee
If the zip file is encrypted, you are prompted for the password to
decrypt the file.
-
Restore the Key Trustee Server configuration directory:
su - keytrustee
cd /var/lib/keytrustee
unzip /path/to/keytrustee-conf.zip
If the zip file is encrypted, you are prompted for the password to
decrypt the file.
-
Stop the PostgreSQL server:
sudo ktadmin db --stop --pg-rootdir /var/lib/keytrustee/db
-
Start the Key Trustee Server service in Cloudera Manager ().
-
Remove the backup files (keytrustee-db.zip and
keytrustee-conf.zip) from the Key Trustee Server
host.