Encrypted tables require specific actions to migrate to later versions of DataStax
Enterprise.
Steps to migrate encrypted tables from earlier versions to DataStax Enterprise.
Procedure
-
Back up the entire keyspace that has a dse_system.encrypted_keys table.
-
Back up all system keys.
-
Upgrade the cluster to DataStax Enterprise 4.7, following instructions in the "DataStax Upgrade Guide."
-
Restart the cluster as described in the Upgrade Guide.
-
Check that the dse_system.encrypted_keys table was created using the cqlsh DESCRIBE KEYSPACES command.
If you need to restore the dse_system.encrypted_keys table, load the table. Do not
truncate or delete anything.
-
If the dse_system.encrypted_keys table was created, go to the next step; otherwise,
create the table manually:
CREATE KEYSPACE dse_system WITH replication = {'class': 'EverywhereStrategy'};
USE dse_system;
CREATE TABLE encrypted_keys (
key_file text,
cipher text,
strength int,
key_id timeuuid,
key text,
PRIMARY KEY (key_file, cipher, strength, key_id)
);
-
Rewrite all SSTables.
$ nodetool upgradesstables --include-all-sstables