Exporting and importing LTPA keys

You need to import your LTPA keys to all additional deployments that need to be configured with request forwarding in your container environment.

About this task

As a part of the first deployment against the Content Cortex domain, the Content operator generates LTPA keys that are shared by all components in the deployment that are based on the WebSphere® Liberty application server. Once the first deployment is complete, you need to export the generated LTPA keys from the first deployment. The LTPA keys from the first deployment are then imported into all other deployments (virtual servers) participating in your geographically distributed Content Cortex domain.

Note the shared_configuration CR parameter sc_ecm_ltpa_secret_name must be used for the target deployment where the ltpa secret is imported. Because the exported name of the secret obtained from the source environment, "{{ meta.name }}-ecm-ltpa", by default is based on the deployment name from the environment where the ecm-ltpa secret was exported from, it does not match the default value for secret name in the target deployment.

Procedure

  1. Export the Content operator generated LTPA keys from a previous deployment containing the <meta.name>-ecm-ltpa secret to a YAML file.
    The namespace created to host this previous deployment against the same Content Cortex domain contains the <meta.name>-ecm-ltpa secret.
    Run the following command to generate the exported secret YAML file:
    oc get secrets <meta.name>-ecm-ltpa -n <namespace> -o yaml >> ecm-ltpa-export.yaml
  2. Clean the exported secret YAML file to remove fields and values for ownerReferences, resourceVersion, uid and, creationTimestamp.
    These fields are specific to the environment the secret was exported from and must be removed to clean the YAML contents before the YAML is used to create the secret for the next deployment.
  3. In any additional deployments that participate in your Content Cortex domain, apply the exported and cleaned ecm-ltpa-export.yaml file by running the command:
    oc apply -f ecm-ltpa-export.yaml -n <namespace>