Export and Import uDeploy Component or Application

Sometimes it might be useful to export resources like Components or Applications from a uDeploy installation and import to another one.

Let’s see how to do it and what problem we could deal with:

First of all let’s export our Component.

Click “Actions” beside the Component, then  click “Export“.

Save your .json file

In the other uDeploy installation,  go to Components, click  the “Import Components” button and upload the .json file exported before.

At this point you could receive an import error.

Watch the uDeploy Server log. Can you see something like this?

2018-02-22 15:52:43,956 CET ERROR https-jsse-nio-0.0.0.0-8444-exec-9 com.urbancode.commons.util.crypto.algs.Crypt1Alg - Did not find any decoding key for name abc123keyxxx
2018-02-22 15:52:43,956 CET ERROR https-jsse-nio-0.0.0.0-8444-exec-9 com.urbancode.ds.web.util.UCDExceptionMapper - The import data contains encrypted values which could not be decrypted. Please ensure that the encryption key from the server which created this file has been added to this server.
com.urbancode.air.i18n.TranslatableException: The import data contains encrypted values which could not be decrypted. Please ensure that the encryption key from the server which created this file has been added to this server 

When you export the component, .json file contains a secure property the server encrypts before exporting. The server encrypts the secure value with its own encryption key.

So, to share components or applications that have secured properties, you need to exchange keys from each server’s encryption keystore
.

On the first server, open a shell, and go to the server installation conf directory: eg.

/opt/ibm-ucd/server/conf/server

Find the value of the encryption.keystore.alias property in the installed.properties file.

For example:

encryption.keystore=../appdata/conf/encryption.keystore
encryption.keystore.alias=abc123keyxxx

Run the following command to export the server key into a temporary keystore:

keytool -importkeystore -srckeystore encryption.keystore -srcstorepass srcPassword -srcstoretype jceks -alias abc123keyxxx -destkeystore temp.keystore -deststorepass tempPassword -deststoretype jceks

Copy the temporary keystore to the install/conf/ folder on the second server.

On the second server, open a command-line window, go to the server installation appdata/conf directory and run the following command to import the key of temporary keystore into the server keystore.

keytool -importkeystore -srckeystore temp.keystore -srcstorepass tempPassword -srcstoretype jceks  -alias abc123keyxxx -destkeystore encryption.keystore -deststorepass destPassword -deststoretype jceks

The encryption key from the first server keystore is now on the second server keystore. As a result, the second server can now import abd decrypt components and applications from the first server.

Anyway you could face up to a new issue: For example if the first uDeploy was installed with IBM JDK (in this case the source keystore is created using an IBM JDK ), and the second uDeploy is installed using OpenJDK or Oracle JDK import result could be something like:

keytool error (likely untranslated): java.io.IOException: com.sun.crypto.provider.SealedObjectForKeyProtector

One solution? Reinstall the second uDeploy with the same JDK of the first one.

Help us to find more solutions…

Enjoy!

Operations Engineer working with Cloud Infrastructure, Containers, Kubernetes, CI/CD pipelines, CDRA processes, GitOps.