KBEC-00102 - Fixing ElectricFlow database after changing the passkey

Description

ElectricFlow uses an encryption called "passkey" to encrypt all secret data in the database, such as passwords. When you move a database from one Flow server to another, either by import, database restore, file copy, or by setting the Flow Database Configuration, you must copy the old "passkey" file to the new server to be able to use the encrypted passwords. (See the installation guide for instructions.)

If you start up the server using the database with the "wrong" passkey, and then change the passkey "after the fact," the agents will display as not available and the commander.log will have the following error message:

To restore proper operation, follow these instructions to get the database back to a consistent, functioning state.

Solution 1 - Delete mis-encrypted database columns

Follow this procedure to remove the database entries that are now mis-encrypted so that they will be recreated. The MySQL procedure:

  1. Shut down Flow.
  2. Start MySQL from a command shell
  3. Execute the following MySQL commands:
    show tables;
    delete from ec_session_auth;
    delete from ec_session;
    delete from ec_authentication_groups;
    delete from ec_authentication;
  4. Restart Flow, which recreates the deleted columns

Solution 2 - Drop the database and reimport

IMPORTANT - To use this solution, you MUST have a complete database to restore, either as a database dump or as an ectool export.

Ensure the passkey that matches the Flow data being imported is already in place before starting this procedure.

  1. Stop Flow
  2. In MySQL
    show databases;
    drop database commander;
    create database commander;
  3. Restore your database
    1. If you have a mysqldump
      1. Use MySQL to import the Flow database
      2. Start Flow, which connects to the new database
    2. If you have an ectool export
      1. Start Flow, which connects to the new database
      2. Use ectool to import the Flow database

There are plans to address this issue in a future Flow release, such as providing better error messages and earlier detection of the invalid passkey.

Have more questions? Submit a request

Comments

Powered by Zendesk