Internal error occurred after restore setting on SA v7.x

book

Article ID: 171300

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

Below is the scenario on the backup and restore scripts inadvertently overwrote the postgres password,

  1. On firstboot, a postgres password is generated, and saved to the tonic vault. We will call this $passOne.
  2. The user does a backup. The encrypted tonic vault data including $passOne are saved in the backup.
  3. The user installs a new system. A new password is generated and assigned to postgres. We will call this $passTwo.
  4. The user restores the backup. $passOne is placed in the vault. $passTwo is replaced and lost.
  •  At this point, we are in a bad state. 
  • Postgres has $passTwo, the system is using $passOne again.
  1. ‚ÄčThe restore continues with some errors that they can't log into postgres. Possibly making the state worse?
  2. The SA reboots and the UI can't log into postgres causing the bad state.

 

Resolution

To fixed this issue, removed this file (postgresql.vault) from the backup. 

Here is how we removed postgresql.vault from the backup tar file. This will have to happen for all 7.3.1 backup/restores. 

You should be able to run this on the appliance before calling restore. 

 

  1. # Make a copy of the backup file
cp solera-backup-Test.tgz solera-backup-Test-FIXED.tgz

 

  1. # Un-gzip the archive
gunzip solera-backup-Test-FIXED.tgz

 

  1. # Delete the file from the tar
tar --delete var/lib/aegis/postgresql.vault -f ./solera-backup-Test-FIXED.tar

 

  1. # Re-gzip the file
gzip solera-backup-Test-FIXED.tar


We can go ahead and restore using the new backup file solera-backup-Test-FIXED.tar.