Documentum Docker 23.4 - Docbase fails to start - [DM_CRYPTO_F_KEYSTORE_INIT]

JCHall · 2024-01-15T12:02:46+00:00

There was an error rendering this rich post.

I'm trying to get a Documentum Docker 23.4 environment working but keep running into the same issue. The docbase will boot and work the first time after installation, but every subsequent attempt, I get the following error:

[DM_STARTUP_W_DOCBASE_OWNER_NOT_FOUND] *** warning *** : The database user, dctm as specified by your server.ini is not a valid user as determined using the system password check api. This will likely severly impair the operation of your docbase.

[DM_CRYPTO_F_KEYSTORE_INIT]fatal: "Failed to initialize keystore at /opt/dctm/dba/secure/aek. Internal error - 1057226525"

I have performed the following steps:

Windows 11 host
Docker 24.0.7
Documentum Content Server 23.4 docker image
Postgres 15.5 docker image

Setup the Postgres 15.5 DB using docker image
Set the required parameters for the Documentum Content Server yaml file and run the docker-compose command to install the docbase
Check the docbase installs correctly by checking the install logs in /opt/dctm_docker/logs/
After install, restart the docbroker + docbase. Check the docbase logs within /opt/<docbase>/dba/logs/<docbase>.log
Run IDQL and check that it logs in and queries can be performed. All works correctly.
Now, shutting down the docbase, stopping the docker images, and restarting them, the docbase will no longer boot and I receive the [DM_STARTUP_W_DOCBASE_OWNER_NOT_FOUND] and [DM_CRYPTO_F_KEYSTORE_INIT] messages.

Has anyone seen this problem? Or got around it? Many thanks

Find more posts tagged with

Documentum

Note:

If there are Accepted Answers, those will be shown by default. You can switch to 'All Replies' by selecting the tab below.

Accepted answers

JCHall

OK problem solved.

After starting the Documentum Server container, the docbase/content server won't successfully boot unless the following command is entered:

dm_crypto_boot -all -passphrase <password>

All comments

Hicham Bahi

DM_STARTUP_W_DOCBASE_OWNER_NOT_FOUND is just a warning. I wouldn't worry about it since this user is generally not used.

You should have several persistent volumes to store things like content files (data) or the $DOCUMENTUM/dba directory where the AEK should be stored. Are you sure that they are mounted properly and that they contain the expected data?

JCHall

Thanks for getting back. I've setup the yaml file as such:

services:
volumes:
- dctm_data:/opt/dctm/data
- dctm_dba:/opt/dctm/dba
- dctm_share:/opt/dctm/share
…

And then the volumes section is blank:
volumes:
dctm_data:
dctm_share:
dctm_dba:
…

This then creates docker volumes for each of these. Is this incorrect? Should I manually create the volumes for data and share?

Hicham Bahi

Yes that's the correct and no, you don't need to create them manually. Can you see the volumes when you do docker volume ls? And when you connect to the Documentum container, can you see content under the volumes, e.g. under $DOCUMENTUM/dba/secure or $Documentum/data ?

JCHall

Yes, I can see both volumes created within Docker. Data is filled with the usual expected content. dba/secure has the CSaek file in it (see attached screenshots).

data.png

dba_secure.png

Everything works fine after installation, until the container is stopped/shutdown and then restarted again. At which point I get the [DM_CRYPTO_F_KEYSTORE_INIT] error message within the docbase log.

I could try a previous version of Content Server image, but I'm unsure if it's the image or something I'm doing wrong. Thanks

Hicham Bahi

The message mentions /opt/dctm/dba/secure/aek which is not what you have : your file is at /opt/dctm/dba/secure/CSaek. I suppose you used the default CS-Docker-Compose_Stateless.yml which sets AEK_NAME=CSaek. I don't suppose that you changed the yml in between restarts? It might also be that the error message is misleading.

JCHall

Good point. I did try and change the name of CSaek to aek within the yaml file, but unfortunately it didn't make a difference.

I'll raise a support request and also try a previous version. Thanks for your help.

JCHall

I tried with Documentum Server Docker 23.2 and get the same error.

I've renamed the AEK_NAME within the yaml file from CSaek to aek.key. Still the same error.

Running dm_crypto_boot sets the aek.key file up again, but the docbase still fails with the same error. I'm very confused…

JCHall

OK problem solved.

After starting the Documentum Server container, the docbase/content server won't successfully boot unless the following command is entered:

dm_crypto_boot -all -passphrase <password>