Cloudera Docs

Manually backing up Knox tables

Learn about the methods how you can manually back up Knox tables.

You have the following options to back up the Knox tables:

  • Running a backup script that creates a backup and pushes the dump to the object store
  • Running the pg_dump command that creates a local backup

Running the backup script

You can create a backup from the Knox tables using the backup script.

To run the backup script, you will need the values of the listed parameters included in the following files:

  • From the /srv/pillar/postgresql/disaster_recovery.sls file:
    • close_connections
    • object_storage_url
    • ranger_admin_group
  • From the /srv/pillar/postgresql/postgre.sls file:
    • remote_admin
    • remote_db_port
    • remote_db_url
  • Ensure that a Data Lake backup has been executed before running the script.

    Running the Data Lake backup creates the files that include the required values for the script. For more information, see the Configuring and running Data Lake backups documentation.

  1. Access the Data Lake node that has the backup scripts, for example gateway-0 node for Enterprise Data Lake, and change the user to be able to run the backup script: 
    ssh -i [***PATH TO CLOUDBREAK PRIVATE KEY FILE***] cloudbreak@[***NODE IP ADDRESS***]
sudo su

    For more information, see Accessing a Data Lake cluster via SSH.

  2. Run the following command to create the backup: 
    PGPASSFILE=/opt/salt/postgresql/.pgpass /bin/bash /opt/salt/scripts/backup_db.sh -s [***OBJECT_STORE_URL***] -h [***REMOTE_DB_URL***] -p [***REMOTE_DB_PORT***] -u [***REMOTE_ADMIN***] -r [***RANGER_ADMIN_GROUP***] -c [***CLOSE_CONNECTION***] -d "knox_gateway"
After the Knox table backup is successfully created using the script, you need to export the Knox keys as described in Exporting Knox keys.

Running the pg_dump command

You can create a backup from the Knox tables using the pg_dump command.

To run the pg_dump command, you will need the values of the listed parameters included in the following files:

  • From the /srv/pillar/postgresql/postgre.sls file:
    • remote_admin_pw
    • remote_admin
    • remote_db_port
    • remote_db_url
  • Ensure that a Data Lake backup has been executed before running the script.

    Running the Data Lake backup creates the files that include the required values for the script. For more information, see the Configuring and running Data Lake backups documentation.

  1. Run the following command: 
    export PGPASSWORD=[***REMOTE_ADMIN_PW***]
  2. Run the following command to create the backup: 
    pg_dump --host=[***REMOTE_DB_URL***] --port=[***REMOTE_DB_PORT***] --username=[***REMOTE_ADMIN***] --dbname="knox_gateway" --format=custom --file=/var/tmp/knox_gateway.dump
After the Knox table backup is successfully created using the pg_dump command, you need to export the Knox keys as described in Exporting Knox keys.

Exporting Knox keys

Knox keys need to be exported in order to authenticate with the services after the backup is restored.

Use the following command to export the Knox token hash key from the Cloudera Manager database: 
export PGPASSWORD=[***SECRET_CM_DB_PW***]


psql -h [***CM_DB_HOST***] -U [***CM_USER***] -d [***CM_DB***] -t -A -c "SELECT value FROM configs WHERE attr = 'knox_token_mac_key';" > knox_token_mac_key.txt
The knox_token_mac_key.txt contains the secret that will be used for authentication. The secret is not going to be displayed.