Restore Key Trustee Server in parcel-based installations

How to restore a parcel-deployed Key Trustee Server database from a backup.

These instructions apply to Key Trustee Servers deployed using parcels. For package-based deployments, see Restore Key Trustee Server in package-based installations for more information.

The following procedures assume the default database port and location; if you modified these settings during installation, replace the database and port with your custom values.

If the Key Trustee Server host has failed completely, remove the host from the cluster and add a new host using Cloudera Manager:

  1. Remove the failed host from the cluster. See Deleting Hosts for instructions.
  2. Add a new host with the same hostname and IP address as the failed host to the cluster. See Adding a Host to a Cluster for instructions.
  3. Install Key Trustee Server on the new host. Be sure to install the same Key Trustee Server version as the failed host.
  4. After you have provisioned a new host and installed Key Trustee Server (or if you are restoring the database or configuration on the original host), restore the database and configuration directory.
    Backups created using...
    ktbackup.sh script See Restore Key Trustee Server from ktbackup.sh backups
    pg_dump command Continue below
  5. If your backups were created manually using the pg_dump command, do the following:
    1. Copy or move the backup files (keytrustee-db.zip and keytrustee-conf.zip) to the Key Trustee Server host.
    2. Start the PostgreSQL server:
      sudo ktadmin db --start --pg-rootdir /var/lib/keytrustee/db --background
    3. Restore the Key Trustee Server database:
      su - keytrustee
      export PATH=$PATH:/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/14.2/bin
      export LD_LIBRARY_PATH=/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/14.2/lib
      unzip -p /path/to/keytrustee-db.zip | psql -p 11381 -d keytrustee

      If the zip file is encrypted, you are prompted for the password to decrypt the file.

    4. Restore the Key Trustee Server configuration directory:
      su - keytrustee
      cd /var/lib/keytrustee
      unzip /path/to/keytrustee-conf.zip

      If the zip file is encrypted, you are prompted for the password to decrypt the file.

    5. Stop the PostgreSQL server:
      sudo ktadmin db --stop --pg-rootdir /var/lib/keytrustee/db
    6. Start the Key Trustee Server service in Cloudera Manager (Key Trustee Server service > Actions > Start).
    7. Remove the backup files (keytrustee-db.zip and keytrustee-conf.zip) from the Key Trustee Server host.