Internal server error after restoring Security Analytics

book

Article ID: 170782

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Security_Analytics_Release_Notes_7.3.2.pdf has the following description,

The backup and restore scripts inadvertently overwrote the postgres password, which prevented restoration.

Cause

Below is the scenario on the backup and restore scripts inadvertently overwrote the postgres password,

  1. On firstboot, a postgres password is generated, and saved to the tonic vault. We will call this $passOne.
  2. The user does a backup. The encrypted tonic vault data including $passOne are saved in the backup.
  3. The user installs a new system. A new password is generated and assigned to postgres. We will call this $passTwo.
  4. The user restores the backup. $passOne is placed in the vault. $passTwo is replaced and lost. * At this point, we are in a bad state.  Postgres has $passTwo, the system is using $passOne again.
  5. The restore continues with some errors that they can't log into postgres. Possibly making the state worse?
  6. The SA reboots and the UI can't log into postgres causing the bad state.

Resolution

To fixed this issue, removed this file (postgresql.vault) from the backup. 

You should be able to run this on the appliance before calling restore. I am using the backup filename solera-backup-sameple.tgz as an example.

  1. # Make a copy of the backup file 

cp solera-backup-sameple.tgz solera-backup-sameple-FIXED.tgz 

  1. # Un-gzip the archive  

gunzip solera-backup-sameple-FIXED.tgz 

  1. # Delete the file from the tar

tar --delete var/lib/aegis/postgresql.vault -f ./solera-backup-sameple-FIXED.tar

  1. # Re-gzip the file 

gzip solera-backup-sameple-FIXED.tar


The new backup file will be name as solera-backup-sameple-FIXED.tar.gz.