Recovery Scripts

This topic describes the following procedures:

ekm_recover_root_partition

Use this script on the EP server in the following cases:

  • None of the root partition client appliances have a valid root partition certificate.
  • You need to update the list of EP alternative names stored in its certificate.

sudo /opt/ekm/bin/ekm_recover_root_partition.sh
[-n,--names <arg>] // CSV list of the local appliance's alternative names
[-s,--self <arg>] // local appliance identifier (hostname or ip)
[-o <port>] // EP Bootstrap-Port
[-w,--password <arg>] // the client PFX password

The -n option allows updating the comma-separated list of the alternative EP names (Subject Alternative Names) in the EP's certificate (/etc/ekm/ssl/cert.crt) as follows:

  • Valid IP addresses are stored and tagged with the "IP Address =" tag.
  • Valid hostname strings are stored and tagged with the "DNS Name=" tag.
  • Everything else on the list is ignored.

Example:

sudo /opt/ekm/bin/ekm_recover_root_partition.sh \
--name ekmloadbalancer.demo.local,192.168.0.1

Note
To run the ekm_recover_root_partition.sh in sudo-less installation, see Running CORE Scripts in Sudo-less Installation

ekm_recover_root_so_pwd

To reset the root SOClosedSecurity officer - UKC partition administrator role. password, run the following script:

sudo /opt/ekm/bin/ekm_recover_root_so_pwd.sh
[-n,--name <arg>] // the SO name (default: so)
-w,--password <arg> // the new root so password
[-s,--self <arg>] // EP Certified-IP
[-o <port>] // EP Bootstrap-Port.

ekm_recover_quorum

Forcefully adjust the specified partition's quorum size to the number of non-blocked SOs in the specified partition.

sudo /opt/ekm/bin/ekm_recover_quorum.sh
[-n,--name <arg>] name of the partition
[-s,--self <arg>] // EP Certified-IP
[-o <port>] // EP Bootstrap-Port.