KBEC-00105 - Regenerating encrypted agent session information

Article ID:360033194191
2 minute readKnowledge base

Description

CloudBees CD (CloudBees Flow) database has columns encrypted with a passkey. Some operations obsolete these columns, such as when you change the database passkey or clone the database.

To regenerate these encrypted columns, you can reinstall CloudBees CD (CloudBees Flow) and use ectool to import the database from backup, or follow this procedure.

Example causes

  1. ectool import and then changing the passkey.

  2. A raw database import on a system with a different passkey that when database was exported.

  3. When using a CloudBees CD (CloudBees Flow) server VM, cloning the VM and starting the cloned VM. When the cloned VM talks to the CloudBees CD (CloudBees Flow) agents, the agents will begin reporting "session has expired".

  4. In a clustered environment, failing over to the other machine that has a different passkey.

Solution

Use the following steps:

  1. Shut down the CloudBees CD (CloudBees Flow) server, killing all sessions including user login sessions and step sessions.

  2. Start mysql

    1. On Windows

       mysql --user=root --password=commander

    2. On Linux

       mysql --user=root --password=commander --socket=/opt/electriccloud/electriccommander/mysql/mysql.sock

  3. Use SQL to delete the following tables:

     connect commander;
 show tables;
 delete from ec_session_auth;
 Note: When using Sqlserver or Oracle the table to delete is
 ec_session_authentication . So the the sql will be "delete from ec_session_authentication;".
 delete from ec_session;
 delete from ec_authentication_group;
 delete from ec_authentication;

  4. Use the following command to see the CloudBees CD (CloudBees Flow) database upgrade history:

     select * from ec_configuration_history;

  5. Restart the CloudBees CD (CloudBees Flow) server.

  6. Ping all resources so the agents reestablish their server communication: Navigate to the "Resources" tab, select "Ping All Resources". Note: Currently during CloudBees CD (CloudBees Flow) server startup it automatically pings all resources automatically so you don’t have to explicitly do this. But in a future if CloudBees CD (CloudBees Flow) server does not "Ping All Resources" then you have to manually do it.