https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/30334#M6429 <P>I am happy to see that you figured out the problem. Thank you for sharing the solution as it may help others as well.&nbsp;</P> Fri, 31 Jul 2015 12:20:27 GMT cjervis 2015-07-31T12:20:27Z https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/29088#M6427 <P>I have managed to initialize and setup Navigator Encrypt plus KeyTrustee solution, with several data drives encrypted and mounted. The data nodes can be rebooted, the keys fetched on boot, and mounted. This is great. But - when the KeyTrustee server was rebooted, postgresql-9.3 failed to start. I cannot start this database service and I don't understand why. Because of this, now all data volumes are now not able to be mounted.</P><P>&nbsp;</P><P>This is a TEST/CONCEPT setup and so far as no actual data on it. If we need to start over and re-initialize the database, and re-encrypt data volumes, then fine. But, we need to know if this is recoverable and/or how to prevent this from occuring in production cluster.</P><P>&nbsp;</P><P>I'm also new to postgresql. I can only imagine I need to try to "su -" as "cloudera-scm" account, but I don't remember the password used. I also imagine we can fix it by adding user privileges within postgresql database, but not sure how to go about properly doing this.</P><P>&nbsp;</P><P>Any insight here would be really helpful. Thanks!</P><P>&nbsp;</P><P>&nbsp;sudo /sbin/service postgresql-9.3 status</P><P>postgresql-9.3 is stopped</P><P>&nbsp;</P><P>sudo /sbin/service postgresql-9.3 start<BR />Starting postgresql-9.3 service:&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [FAILED]</P><P>&nbsp;</P><P>&nbsp;/usr/pgsql-9.3/bin/pg_ctl -D /var/lib/pgsql/9.3/keytrustee start<BR />pg_ctl: could not open PID file "/var/lib/pgsql/9.3/keytrustee/postmaster.pid": Permission denied</P><P>&nbsp;</P><P>&nbsp;sudo /usr/pgsql-9.3/bin/pg_ctl -D /var/lib/pgsql/9.3/keytrustee start<BR />pg_ctl: cannot be run as root<BR />Please log in (using, e.g., "su") as the (unprivileged) user that will<BR />own the server process.</P><P>&nbsp;</P><P>sudo ls -l /var/lib/pgsql/9.3/<BR />total 24<BR />drwx------&nbsp; 2 postgres postgres 4096 May 20 03:50 backups<BR />drwx------ 16 postgres postgres 4096 Jun 15 09:39 data<BR />drwx------ 16 postgres postgres 4096 Jun 15 09:43 keytrustee<BR />-rw-------&nbsp; 1 postgres postgres 9424 Jun 15 09:43 pgstartup.log</P><P>&nbsp;</P><P>sudo ls -l /var/lib/pgsql/9.3/keytrustee<BR />total 120<BR />drwx------ 6 postgres postgres&nbsp; 4096 May 18 13:39 base<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 28 15:42 global<BR />-rw-r--r-- 1 root&nbsp;&nbsp;&nbsp;&nbsp; root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 0 May 18 13:30 MASTER<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 18 13:30 pg_clog<BR />-rw------- 1 postgres postgres&nbsp; 4564 Jun 15 08:38 pg_hba.conf<BR />-rw------- 1 postgres postgres&nbsp; 1636 May 18 13:30 pg_ident.conf<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 24 00:00 pg_log<BR />drwx------ 4 postgres postgres&nbsp; 4096 May 18 13:30 pg_multixact<BR />drwx------ 2 postgres postgres&nbsp; 4096 Jun 15 09:43 pg_notify<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 18 13:30 pg_serial<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 18 13:30 pg_snapshots<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 28 15:41 pg_stat<BR />drwx------ 2 postgres postgres&nbsp; 4096 Jun&nbsp; 6 08:25 pg_stat_tmp<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 18 13:30 pg_subtrans<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 18 13:30 pg_tblspc<BR />drwx------ 2 postgres postgres&nbsp; 4096 May 18 13:30 pg_twophase<BR />-rw------- 1 postgres postgres&nbsp;&nbsp;&nbsp;&nbsp; 4 May 18 13:30 PG_VERSION<BR />drwx------ 3 postgres postgres&nbsp; 4096 May 18 13:30 pg_xlog<BR />-rw-r--r-- 1 postgres postgres&nbsp;&nbsp; 874 May 18 15:22 postgres.conf.include<BR />-rw------- 1 postgres postgres 20855 May 18 15:22 postgresql.conf<BR />-rw------- 1 postgres postgres&nbsp;&nbsp;&nbsp; 77 Jun 15 09:43 postmaster.opts<BR />-rw------- 1 postgres postgres&nbsp; 1245 May 18 13:30 root.crt<BR />-rw------- 1 postgres root&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; 1704 May 18 13:30 root.key<BR />-rw------- 1 postgres postgres&nbsp; 1127 May 18 13:30 server.crt<BR />-rw------- 1 postgres postgres&nbsp; 1704 May 18 13:30 server.key</P> Fri, 16 Sep 2022 09:32:50 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/29088#M6427 jadmin 2022-09-16T09:32:50Z https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/30330#M6428 Update: Interestingly, when I had another user try to run the service, it gave a different error in the logs, which ended up being much more helpful error message. Essentially it all was related to permissions to the files for keytrustee. Fri, 31 Jul 2015 10:53:31 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/30330#M6428 jadmin 2015-07-31T10:53:31Z https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/30334#M6429 <P>I am happy to see that you figured out the problem. Thank you for sharing the solution as it may help others as well.&nbsp;</P> Fri, 31 Jul 2015 12:20:27 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/CDH-5-3-KeyTrustee-DB-Service/m-p/30334#M6429 cjervis 2015-07-31T12:20:27Z