How to decrypt the installation YAML file in an installation.zip file obtained from using the Export Installation settings feature of Operations Manager
search cancel

How to decrypt the installation YAML file in an installation.zip file obtained from using the Export Installation settings feature of Operations Manager

book

Article ID: 293887

calendar_today

Updated On:

Products

Operations Manager

Issue/Introduction

Note: This article does not provide instructions on how to decrypt the installation.yml present on Operations Manager VM at this location: /var/tempest/workspaces/default/installation.yml. If you are looking to decrypt the file present in that location, follow this article instead: How to manually edit the installation YAML file on the Operations Manager VM


Pre-checks

  • You have downloaded installation.zip from Ops Manager (User > Settings > Export Installation Settings).
  • After unzipping the installation.zip file, you have renamed and copied the encrypted installation.yml file to the Operation Manager VM in the /tmp/encrypted-installation.yml location. 
  • You are trying to decrypt the installation.yml file using your Ops Manager decryption passphrase and the following command:
sudo -u tempest-web SECRET_KEY_BASE="s" RAILS_ENV=production /home/tempest-web/tempest/web/scripts/decrypt /tmp/encrypted-installation.yml /tmp/decrypted-installation.yml
  • After supplying the decryption passphrase, you see the following error:
Failed to decrypt /tmp/encrypted-installation.yml: #<TempestEncryptor::DecryptError: bad decrypt>
...


Cause

The encryption done on the installation.yml file from the installation.zip (Export Installation Settings) is subtly different compared to the encryption done on the file present in /var/tempest/workspaces/default/installation.yml.

The next section of this article highlights the steps you can take to decrypt installation.yml obtained from the installation.zip file.

Environment

Product Version: 2.8
OS: Ubuntu

Resolution

Note: This change makes it impossible for the decrypt script to decrypt the installation.yml that's on the disk (/var/tempest/workspaces/default/installation.yml), we advise that you revert it back when you're done decrypting the installation.yml that's in the installation.zip.


1. SSH to the Operation Manager VM and become root.

2. Edit the file at this location: /home/tempest-web/tempest/web/lib/scripts/file_decryptor.rb
  • Change this:
 @encryptor = TempestEncryptor.new(EncryptionKey.instance.encryption_key)
To this:
 @encryptor = TempestEncryptor.new(EncryptionKey.instance.full_encryption_key)

3. Save the changes.

4. The decrypt command will now execute successfully and you will have a copy of the decrypted installation.yml file at the location /tmp/decrypted-installation.yml. 
sudo -u tempest-web SECRET_KEY_BASE="s" RAILS_ENV=production /home/tempest-web/tempest/web/scripts/decrypt /tmp/encrypted-installation.yml /tmp/decrypted-installation.yml

Important: Make sure to revert the changes done to the file at /home/tempest-web/tempest/web/lib/scripts/file_decryptor.rb.

Note: When running decrypt from Ops Manager directory /home/ubuntu you may encounter the error: Permission denied @ dir_chdir - /home/ubuntu. To remedy this, navigate out of /home/ubuntu.

Powered by Wolken Software