Jan this is a bogus warning. 1. remove the certs/v2_key 2. run bundle exec ruby tools/fix_auth.rb --key It will throw a warning about missing a v2_key BUT, you will notice the file was created. Having said that, I did fix the problem. Not sure if it will get into the 5.5.z world. https://github.com/ManageIQ/manageiq/pull/9863
1. I'm seeing this warning in 5.5.5.2 and master 2. Is it generating the key for you? I'm seeing it generate the key for both versions
New commit detected on ManageIQ/manageiq/master: https://github.com/ManageIQ/manageiq/commit/dd103d713c571b5649ba610559a04764a1c8a758 commit dd103d713c571b5649ba610559a04764a1c8a758 Author: Keenan Brock <kbrock> AuthorDate: Fri Jul 15 16:47:18 2016 -0400 Commit: Keenan Brock <kbrock> CommitDate: Fri Jul 15 17:29:59 2016 -0400 Don't load keys when generating keys Don't display a warning that the `v2_key` does not exist if we are in the process of generating the key. https://bugzilla.redhat.com/show_bug.cgi?id=1356697 details: To generate a new appliance encryption key (aka `v2_key`), a user removes and adds a key: ``` mv certs/v2_key certs/v2_key.old bundle exec ruby tools/fix_auth.rb --key ``` This displays a warning, and looks like it fails but the key is generated: ``` On an appliance, it should be generated on boot by evmserverd. If you're a developer, you can copy the certs/v2_key.dev to certs/v2_key. Caution, using the developer key will allow anyone with the public developer key to decrypt the two-way passwords in your database. ``` Now if the user had not deleted the old `certs/v2_key` then it would throw and error and not generate a new `v2_key`. But if you note, it is very hard for the user to know if this is a problem or not: ``` Only generate one encryption_key (v2_key) per installation. Chances are you did not want to overwrite this file. If you do this all encrypted secrets in the database will not be readable. Please backup your key and run again. tools/fix_auth/fix_auth.rb:50:in `rescue in generate_password': File exists - File exists @ rb_sysopen - certs/v2_key (Errno::EEXIST) from tools/fix_auth/fix_auth.rb:42:in `generate_password' from tools/fix_auth/fix_auth.rb:90:in `run' from tools/fix_auth/cli.rb:37:in `run' from tools/fix_auth/cli.rb:41:in `run' from ./tools/fix_auth.rb:24:in `<main>' ``` Solution is to not show the warning if in the process of generating the key tools/fix_auth/fix_auth.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
fixed on 5.6 and 5.7 Let me know if you need anything else --K
Verified in 5.7.0.0