Add new worker appliance

Hi all,

I’m trying to add a worker appliance to my actually all in one environment ( ManageIQ Ivanchuk 1 ).

I’ve follow the steps described here : High Availability Guide Red Hat CloudForms 4.7 | Red Hat Customer Portal

Problem is that when I try to join the existing database after copying remote key, I have the following error :

E, [2020-03-23T00:08:58.139431 #17710] ERROR -- : rake aborted!
ManageIQ::Password::PasswordError: can not decrypt v2_key encrypted string
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:64:in `block in decrypt_passwords!'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:42:in `block in walk_passwords'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:22:in `block in walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `each'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings.rb:47:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:27:in `block in walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `each'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings.rb:47:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:41:in `walk_passwords'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:64:in `decrypt_passwords!'
/var/www/miq/vmdb/lib/patches/database_configuration_patch.rb:30:in `database_configuration'
/var/www/miq/vmdb/config/environment.rb:5:in `<top (required)>'

Caused by:
OpenSSL::Cipher::CipherError: bad decrypt
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:64:in `block in decrypt_passwords!'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:42:in `block in walk_passwords'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:22:in `block in walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `each'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings.rb:47:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:27:in `block in walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `each'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:19:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings.rb:47:in `walk'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:41:in `walk_passwords'
/var/www/miq/vmdb/lib/vmdb/settings_walker.rb:64:in `decrypt_passwords!'
/var/www/miq/vmdb/lib/patches/database_configuration_patch.rb:30:in `database_configuration'
/var/www/miq/vmdb/config/environment.rb:5:in `<top (required)>'
Tasks: TOP => evm:validate_encryption_key => environment
(See full trace by running task with --trace)

Do it need some extra steps, especially for MIQ ( like reset database created at first launch ), to get it works ?

For the moment, I’d want to keep my primary appliance running the database, Web UI and Automate Engine.

I’ve also look a old post in the forum some difficulties to join a region : Setup Region / Join Region in Darga - #9 by schmandforke

Can you check your database.yml?

I believe you have an already encrypted password in the password field.

ManageIQ generates an encryption key upon deployment, sets up the database, stores the password encrypted using this key, etc. When you fetch the key from another appliance, you’re using this encryption key, which is unable to decrypt the password in the database.yml.

As a workaround, you should be able overwrite the config/database.yml with what’s in config/database.pg.yml or put a plain text password in the file. Then, you should be able to use the other appliance’s v2_key and join that region.

Thanks a lot for your reply.

After copying the database.yml from the primary appliance and the v2_key, I could join the region.

Regards,