Replicate the Encryption Key Across All the Installations¶
Important
This post-installation task is extremely important.
Do not start any of the components of the Denodo Platform before doing this.
If you do not do this, this installation may be left in an inoperable state.
If you already have an installation of Denodo Platform version 9 and/or Solution Manager version 9, copy these two files from one of the existing installations to this new installation:
<OTHER_DENODO_HOME>/conf/denodo-key.keystore
<OTHER_DENODO_HOME>/conf/denodo-keystore.json
If this is the first installation , go to the next post-installation task.
During the installation of the Denodo Platform and the Solution Manager, the installer creates a unique encryption key to encrypt all the sensitive information like configuration properties that contain passwords, passwords to access databases, OAuth tokens to connect to REST APIs, etc.
To ensure the metadata compatibility across different Denodo Platform or Solution Manager installations, you must use the same encryption key in all of them. Generally, you must use the same encryption key for all your organization deployments.
Take into account that if you are using the Solution Manager automated mode to deploy clusters of Denodo Platform in the cloud with a provided or custom image that does not contain any encryption key, it will transparently and automatically generate the Denodo Platform clusters with the same encryption key that the Solution Manager has, which will ensure the compatibility.
For more details about how the encryption key works, read the page Installation Encryption Key.
If You Already Started One of the Components of the Denodo Platform / Solution Manager¶
If you already started one of the server components of the Denodo Platform / Solution Manager of this installation but you did not copy the files with the encryption key from another installation to this one, you have two options:
Delete this installation and install it again.
Follow these steps:
Stop all the components of this new installation.
If you have made significant changes to this installation (e.g. create a lot of elements in Virtual DataPort), consider making a backup. That is, make a copy of the entire folder
<DENODO_HOME>
.In this installation, create a folder called
new_encryption_key
in<DENODO_HOME>
.Copy these two files from an existing installation to this one, to
<DENODO_HOME>/new_encryption_key
.<OTHER_DENODO_HOME>/conf/denodo-key.keystore
<OTHER_DENODO_HOME>/conf/denodo-keystore.json
Open the file
<DENODO_HOME>/new_encryption_key/denodo-keystore.json
and verify that the file contains this:"keyStore":{"loader":{"type":"FILE","location":"denodo-key.keystore"}
If the file does not have this, do not continue. It means that the configuration of the encryption key of the other installation was customized and you have to customize the configuration of the encryption key of this installation in the same way.
From the command line, execute this script
cd <DENODO_HOME> ./bin/change_encryption_key_for_metadata_and_settings --no-backup --new-config ./new_encryption_key/denodo-keystore.json
Copy and replace the two files of
<DENODO_HOME>/new_encryption_key
to<DENODO_HOME>/conf/
You can now, start the components of this installation you use.
If in Virtual DataPort, if you created a data source or any other element that has a “secret”, edit it and enter the password or token again.