Hi,
We’re using the import/export functionality with Git to push changes between a dev and production appliance of MIQ. When importing from Git the passwords stored in the Schema’s can’t be decrypted, so we tried to update the key used to decrypt the passwords with no success.
Having looked around we found two similar questions:
a) Should i copy /var/www/miq/vmdb/certs/v2_key on a new independant appliance?
and;
b) PROBLEM: With Generate Custom Encryption Key
Following all steps from question a results in the same issue - The password can’t be decrypted.
Steps taken:
- Stopped evm server
- Swapped the v2_key file with the Production file
- Run bundle exec ruby tools/fix_auth.rb --legacy-key=v2_key : Resulted in the same error @gquentin faced.
So I reverted and followed the “Solution”
- stopping evm server
- replacing the key with the prod one
- bundle exec ruby tools/fix_auth.rb -v -y <------ ERROR HERE (same error as at step 3 above). Cannot decrypt the password
- bundle exec ruby tools/fix_auth.rb -v -p prod_password -P prod_password -i prod_password
- bundle exec ruby tools/fix_auth.rb -v -y
- starting evm
Following the steps from @codebeaver22’s answer in question b results in the same error. Cannot decrypt the password (at STEP 3: bundle exec ruby tools/fix_auth.rb -v -y)
I can’t see how others haven’t faced the same issue in the given solutions and we really don’t want to have to update the passwords in the schema each time we push changes, the benefit of the architecture becomes redundant if we have to do that.
What is missng/could we be doing wrong? Any ideas?
Regards