Closed ti-jalopez closed 3 years ago
freddydk
commented
3 years ago When you create container number 2 on the same database, you need to use the same dynamicsnav.key as the first container. https://github.com/microsoft/navcontainerhelper/issues/1518
ti-jalopez
commented
3 years ago Hi @freddydk, I know if I add the keyFile in the param -myScripts $myScripts, I solve that.
I suggest an improvement in New-BcContainerHelper to reduce much spended time when you create more than one containers with different key files using the same database.
If you add a error or warning when the container is created and the target database has a different key file, after create the container we'll know that there is a problem, and we can decide to use old key file or overwrite with a new one.
Maybe, adding a new param -CheckDifferentKeyFile to determine to show a warning, error o force create new key.
freddydk
commented
3 years ago I don't know if I can determine that they is different, I will have a look
ti-jalopez
commented
3 years ago Maybe this can help you a bit:
Best regards,
freddydk
commented
3 years ago The issue is really that the key in the database only contains the public part of the key. The key on disk (inside container 1) also contains the private part. In order to create a second container using the same database, you need the private part - you need the key created by the first container (either in the keys folder or DynamicsNAV.key)
I decided to fix this in containerhelper and create a new setting called useSharedEncryptionKeys, which default is true. If you useSharedEncryptionKeys, then the DynamicsNAV.key file created by containers will be stored in a durable folder (not under the container) and reused in subsequent attempts to access the same database server.
You can set useSharedEncryptionKeys to false in the settings file if you do not want this behavior. If you share your own DynamicsNAV.key to the my folder, then that will be used instead of the cached one.
ti-jalopez
commented
3 years ago Great, This solves the problem to create more than a container in the same host and database. And also allow to copy de shared key to other host, if you need to create more containers in other hosts.
Temporary, while the fix will be to release in a new version, I've create my own script to pass the key file to a new container, renaming the file if it is different from Dynamics.key. I attach an example:
$keyFile = (Join-Path $bcContainerHelperConfig.hostHelperFolder "myKeys\myDatabase_myUser_DynamicsNAV.key"
$myScripts = @()
if ($keyFile) {
#Key file will be the name DynamicsNAV.key
$requiredFileName = 'DynamicsNAV.key'
$currKeyFileName = [System.IO.Path]::GetFileName($keyFile)
if ($currKeyFileName -eq $requiredFileName) {
$myScripts += $keyFile
} else {
$tempPath = [System.IO.Path]::GetTempPath()
$newKeyFile = (Join-Path $tempPath $requiredFileName)
Write-Host "KeyFileName debe $requiredFileName. Creado temporal $newKeyFile"
Copy-Item $keyFile $newKeyFile -Force
$myScripts += $newKeyFile
}
}
Finally, in New-BcContainer add param -myScripts $myScripts.Mybe, add a new param EncryptionKeyFile to add directly de file (renaming if required), it would be an additional improvement to consider.
In any case bccontainerhelper is a very good product, managed by a great professional, CONGRATULATIONS 🥇
freddydk
commented
3 years ago Thanks
My solution is similar https://github.com/microsoft/navcontainerhelper/commit/c18a4434032d8526833cde6f07755a2dda4bbe5e Although I am storing the key file under an MDA256 hash of the database password and using that key for all encryptions using the same password. With this solution you should never need to specify encryptionKeyFile yourself - only if you run things on a different host. If you do - you could synchronize the encryptionKey folder to the other host.
freddydk
commented
3 years ago Shipped in 2.0.6-preview355
freddydk
commented
3 years ago Shipped in BcContainerHelper 2.0.6 https://freddysblog.com/2021/02/28/running-business-central-in-docker-using-sql-on-the-host/
PLEASE DO NOT INCLUDE ANY PASSWORDS OR TOKENS IN YOUR ISSUE!!!
Describe the issue I've created two container conecting to the same external database. First, I've created the first container and it run fine. Second, I've created the second container equal than the first and it run fine. I've restarted the first containers and the nav service don't start. Get-EventLog show
I know in this case I would create the second container using de same key file for password encription. The problem is: when I create a second container conecting to any external database that has a encription key, the system don't show a warning or error to warn everyone after that old containers will stop working
Could you include a new param on New-BcContainerHelper for stop or show a warining in this case? And create a new param to include directly de "keyfile" from the first container to make more easy create the container that use -myScrtips and -encryptionPassword as it has been described in https://github.com/microsoft/navcontainerhelper/issues/1461 ?
Scripts used to create container and cause the issue First container: CONTAINER0
Second container: CONTAINER1. Equal than CONTAINER0, only change container name.
Full output of scripts Created CONTAINER0 ok:
Created CONTAINER1 ok: same output.
Restart CONTAINER0, error starting NAV service:
Run inside the CONTAINER0: Get-EventLog -LogName Application -Source 'MicrosoftDynamicsNavServer$BC' -EntryType Error -Newest 2 | Select-Object -Property *
Screenshots If applicable, add screenshots to help explain your problem.
Additional context