Navigator Key Trustee ServerPDF version

Back up Key Trustee Server manually

If you do not wish to back up KTS using Cloudera Manager or the backup script, you can use this procedure for both parcel-based and package-based installations.

The following procedure references the default database port and location; if you modified these settings during installation, replace the database and port with your values.
  1. Back up the Key Trustee Server database:
    • For Key Trustee Server 3.8:
      su - postgres
      pg_dump -c -p 5432 keytrustee | zip --encrypt keytrustee-db.zip -
      
    • For Key Trustee Server 5.4 and higher:
      su - keytrustee
      pg_dump -c -p 11381 keytrustee | zip --encrypt keytrustee-db.zip -
      

    The --encrypt option prompts you to create a password used to encrypt the zip file. This password is required to decrypt the file.

    For parcel-based installations, you must set environment variables after switching to the keytrustee user:
    su - keytrustee
    export PATH=$PATH:/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/9.3/bin
    export LD_LIBRARY_PATH=/opt/cloudera/parcels/KEYTRUSTEE_SERVER/PG_DB/opt/postgres/9.3/lib
    pg_dump -c -p 11381 keytrustee | zip --encrypt keytrustee-db.zip -
    
  2. Back up the Key Trustee Server configuration directory (/var/lib/keytrustee/.keytrustee): zip -r --encrypt keytrustee-conf.zip /var/lib/keytrustee/.keytrustee

    The --encrypt option prompts you to create a password used to encrypt the zip file. This password is required to decrypt the file.

  3. Move the backup files (keytrustee-db.zip and keytrustee-conf.zip) to a secure location.