dosubot[bot]
commented
5 months ago To address the libs.rsa.PrivkeyNotFoundError and the issue with the tenant_id regenerating after upgrading Dify in your Kubernetes deployment, follow these steps:
-
Verify PVC Configuration: Ensure the
api/storage/privatekeysdirectory is correctly mounted to a Persistent Volume through a Persistent Volume Claim. This is crucial for data persistence across pod restarts and upgrades. -
Regenerate Encryption Keys: If the "privatekeys" folder appears corrupted, you might need to regenerate the encryption keys. This can be done by executing a command within your Docker container to reset the encryption key pair. However, ensure you have backups of the original keys if needed for decrypting existing data.
-
Handle
tenant_idRegeneration: The regeneration oftenant_idduring upgrades is likely due to a specific Alembic migration script. Modifying or removing the part of the script that causestenant_idto change could prevent this issue, but be cautious as it might affect other functionalities. -
Backup and Upgrade: Always backup your data before performing an upgrade. After pulling the latest Dify docker image and applying Kubernetes deployment changes, ensure that the PVCs are correctly referenced to maintain data persistence.
-
Post-Upgrade Checks: After upgrading, verify the application's functionality and check that the
tenant_idremains unchanged. Monitor the logs for any errors related to encryption keys and ensure they are functioning as expected.
For detailed guidance, refer to the Dify documentation. This approach should help mitigate the issues you're facing with upgrades and data persistence.
#### Details
**Sources** - [en/getting-started/install-self-hosted/install-faq.md](https://github.com/langgenius/dify-docs/blob/main/en/getting-started/install-self-hosted/install-faq.md) - [api/migrations/versions/2e9819ca5b28_add_tenant_id_in_api_token.py](https://github.com/langgenius/dify/blob/main/api/migrations/versions/2e9819ca5b28_add_tenant_id_in_api_token.py) - [en/getting-started/install-self-hosted/environments.md](https://github.com/langgenius/dify-docs/blob/main/en/getting-started/install-self-hosted/environments.md) - [docker/docker-compose.middleware.yaml](https://github.com/langgenius/dify/blob/main/docker/docker-compose.middleware.yaml) - [api/.env.example](https://github.com/langgenius/dify/blob/main/api/.env.example) - [api/libs/rsa.py](https://github.com/langgenius/dify/blob/main/api/libs/rsa.py)**About Dosu** This response is meant to be useful and save you time. It is **not meant to be a precise solution**, but rather a starting point for your own research. Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.
To continue the conversation, mention @dosu.
crazywoola
thiner
Self Checks
Dify version
0.6.7
Cloud or Self Hosted
Self Hosted (Docker)
Steps to reproduce
I deployed Dify in K8s. Mount the 'api/storage/privatekeys' by PVC. I upgrade the Dify docker image to
0.6.7.✔️ Expected Behavior
Dify should work, all existing work flow, knowledge base, model providers remain as-is.
❌ Actual Behavior
Couldn't load knowledge base, model providers, the error log shows
libs.rsa.PrivkeyNotFoundError: Private key not found, tenant_id:.... By attaching into the image console, an IO error pops up whilels /app/api/storage/privatekeys. Seems the folder "privatekeys" is corrupted. This error actually happens every time when I upgrade the docker image version. One observation might relevant to this issue is that thetennant_idwas regenerated in every upgrades.