Closed jacekadamus88 closed 4 years ago
Hi, the goal of engine config new is to create a new empty config file for cds while engine config regen will add new keys (database keys, api auth key and services keys) for you existing config.
Since 0.44.0 CDS api requires a rsaPrivateKey and also some database keys used for signature and encryption ( [api.database.encryptionRollingKeys] and [api.database.signatureRollingKeys]).
You should use engine config regen only one time, before running the API (the api will trigger a migration on user at startup, new data will be created and signed, be careful to not reset your keys after this step).
This error seems to be happen because CDS can't check the signature of some service entities stored in database.
Did you regen your config more than one time and change the keys used for database ?
Hi @richardlt First of all, thank you for the rapid response, appreciate.
Let me describe all steps I have taken while upgrading the CDS
Steps
systemctl stop cds.service (stop all services)
engine update --from-github
worker update --from-github # this comamnd fails so binary have to be downloaded manually
wget https://github.com/ovh/cds/releases/download/0.44.0/cds-worker-all.tar.gz
tar xvzf cds-worker-all.tar.gz
cp /tmp/cds/cds-worker-linux-amd64 /opt/cds/download
wget https://github.com/ovh/cds/releases/download/0.44.0/ui.tar.gz
wget https://github.com/ovh/cds/releases/download/0.44.0/sql.tar.gz
tar xvzf sql.tar.gz
cp * /opt/cds/sql
engine database upgrade --db-host=localhost --db-port=5432 --db-user=cds --db-password=PASS --db-sslmode=disable --db-name=cds --migrate-dir=/opt/cds/sql
tar xvzf ui.tar.gz
mv dist /var/www/cds
#config backup
cp conf.toml conf.toml.bck7
# I have updated config here
wget https://github.com/ovh/cds/releases/download/0.44.0/cdsctl-linux-amd64-nokeychain
wget https://github.com/ovh/cds/releases/download/0.44.0/cdsctl-linux-amd64
chmod +x cdsctl-linux-amd64*
systemctl start cds.service (start all services)
I have generated new config via engine config new and compared it with the old one, then I moved all new things manually into old. I left old keys, tokens etc. Then I started to see mentioned in previous post errors. I have started an investigation and have done config regen twice if I am not mistaken. I am not sure what next.
So maybe if you run engine config regen the keys that are in your configuration file are not the ones that you used at the first boot, right ? I want to be sure that you didn't loose the keys used to sign migrated data at first api boot.
If you didn't loose the keys, this is probably just a problem with declared sample-service that is still in DB so you can access your database and remove this service from service table.
If the keys was overriden you will not be able to read data from some CDS database tables. So only rollback will solve the problem, I will try to give you a list of all the steps to migrate and to rollback if you need to retry the migration from the beginning.
Here are the steps to migrate your CDS from 0.43.1 to 0.44.0:
To rollback to 0.43.1 from 0.44.0:
Also If you are on Gitter, this may be a better place to talk about it :)
@richardlt , Seems like I must have lost my API keys while upgrading CDS instance, thus, in fact, I have corrupted the database. I managed to fix my issue by following your very detailed guide. Exactly as mentioned, I have rolled back the database, generated new config keys, upgraded database and started API.
Thank you for your time and help. Hopefully, anyone else facing a similar issue will benefit from this thread.
I believe we can close that issue.
Hi Guys,
I have upgraded my CDS binaries on CentOS 7 to 0.44.0 recently. Despite the fact that upgrade itself went fine, the database has been updated too I am no longer able to launch CDS api.
Here my conf.toml
Every time I launch api, I receive
When I get rid of sample-service from the conf.toml file, my cds throws
I have tried already tried engine config new and engine config regen. Surprising is yet another fact, that config check /opt/cds/etc/conf.toml returns
for the config generated through engine config new