Description of problem:
Initiating VM retirement from the global appliance fails silently. The VM doesn't start retirement, and logs show token-based authentication fails:
[----] E, [2018-05-03T12:15:55.455630 #12127:1363b38] ERROR -- : MIQ(Api::ApiController.rescue in authenticate_with_system_token) Error: can not decrypt v2_key encrypted string
Version-Release number of selected component (if applicable):
Seen on 5.8 and 5.9
Steps to Reproduce:
1.) Configure db replication with one global and one remote appliance.
2.) Add a RHV provider on the remote appliance.
3.) View the RHV provider on the global appliance, and initiate retiremen of one of its VM's.
VM doesn't retire.
VM retires successfully.
Tasos, could you verify that the v2_key is the same on the global and remote region.
No, they're not. I don't see this requirement documented for remote/global appliance configuration. According to the General Configuration guide, there is no further configuration required once database replication is set up. If that's not true, and the appliances need to be pre-configured to have the same key, then we need documented configuration steps for that.
There is only small Note in Documentation about requirement to have the same v2_key on all appliance (in section 4.4.2) and it does not provide any details:
All Red Hat CloudForms databases in a multi-region deployment must use the same
To configure DB to use the same v2_key when setting-up region using appliance_console:
- Create first region using "Create Key" when Configure Database:
5. Configure Database -> 1) Create key
- Create other regions using "Fetch key from remote machine" option:
5. Configure Database -> 2) Fetch key from remote machine -> enter host name to fetch v2_key from
There is another BZ with request to add more docs on the same topic of Centralized Administration: https://bugzilla.redhat.com/show_bug.cgi?id=1513
correction to above BZ number: https://bugzilla.redhat.com/show_bug.cgi?id=1513042