KBEC-00105 - Regenerating encrypted agent session information

Description

ElectricFlow database has columns encrypted with a passkey. Some operations obsolete these columns, such as when you change the database passkey or clone the database.

To regenerate these encrypted columns, you can reinstall Flow and use ectool to import the database from backup, or follow this procedure.

Example causes

  1. ectool import and then changing the passkey.
  2. A raw database import on a system with a different passkey that when database was exported.
  3. When using a Flow server VM, cloning the VM and starting the cloned VM. When the cloned VM talks to the Flow agents, the agents will begin reporting "session has expired".
  4. In a clustered environment, failing over to the other machine that has a different passkey.

Solution

Use the following steps:

  1. Shut down the Flow server, killing all sessions including user login sessions and step sessions.
  2. Start mysql
    1. On Windows
      mysql --user=root --password=commander
      
    2. On Linux
      mysql --user=root --password=commander --socket=/opt/electriccloud/electriccommander/mysql/mysql.sock
      
  3. Use SQL to delete the following tables:
    connect commander;
    show tables;
    delete from ec_session_auth;
    delete from ec_session;
    delete from ec_authentication_group;
    delete from ec_authentication;
    
  4. Use the following command to see the Flow database upgrade history:
    select * from ec_configuration_history;
    
  5. Restart the Flow server.
  6. Ping all resources so the agents reestablish their server communication: Navigate to the "Resources" tab, select "Ping All Resources".
Have more questions? Submit a request

Comments

Powered by Zendesk