After processing to a wipe of an appliance connected to an existing CMDB, it is ESSENTIAL to restore the root node keys first BEFORE scanning endpoint.

In Discovery the root node keys are used to uniquely relate the Discovery data to the CMDB data. For any appliance which performs CMDB sync, the "keys" are very important, and they should be preserved.

If endpoints are rediscovered after wipe and BEFORE the keys import will have been executed the endpoints already synchronized in the CMDB will be duplicated in the CMDB at the next CMDB because they'd then have a new and different key in Discovery.

Prerequisites to this KA:

• A snaphost of the Discovery Virtual Machine appliance, should have been taken recently, if not just before running this procedure. The appliance should be completely shutdown when the VM snapshot is being taken. In case of a cluster, make sure that all members are shutdown and that the snapshots are being taken while the other members haven't yet reboot.

For CMDB backups, please check with your CMDB admin, or the BMC CMDB support.

• Please consider reading the KA 000229401, before going through this one: Discovery: Best practices for steps to take before and after running tw_model_wipe or tw_model_init to reset the Discovery datastore, as it contains very important information and steps related to this procedure.

Notes:

• the keys on the scanner are NOT relevant to a CMDB sync and do NOT need to be preserved. Only the keys from the consolidator that is connected to the CMDB should be preserved.
• in the text below, the appliance which performs the CMDB sync will be called a "consolidator", for simplicity.

1- Preserve the keys: The procedure to preserve the keys is to run tw_root_node_key_export on the consolidator.  It is recommended to run the command at regular intervals, such as weekly. cron may be used to set this.

To run a successful tw_root_node_key_export from the Discovery command line:

1- ssh to the terminal of the appliance. In case of a cluster execute the following steps below on a single member (any of them, coordinator or not)

2- Start a screen session to be able to reconnect to the session in case of a disconnection with the ssh server during the procedure. Run  the following command line:

screen

3- Run the following command line to export the root node keys keys and enter the password for the Discovery "system" user:

tw_root_node_key_export  root_node_keys.xml

To verify that the procedure was successful, run the following commands:

a) Confirm that the tw_root_node_key_export process is no longer running, this command should not output any result (but the one for this grep command only):

ps -ef | grep root_node

b) The number of keys from the file root_node_keys.xml that was just created should be similar to the number of OSIs in the appliance:

grep " <root-node-key-info "  root_node_keys.xml  | wc -l

             
c) Verify that the file ends correctly:

tail root_node_keys.xml

The last two lines in the XML file should look like this:
  </root-node-key-info>
</root-node-key-infos>

Restore the keys: To restore the keys to a new consolidator, run tw_root_node_key_import.

To run a successful tw_root_node_key_import from the Discovery command line:

1- ssh to the terminal of the appliance. In case of a cluster execute the following steps below on a single member (any of them, coordinator or not)

2- Start a screen session to be able to reconnect to the session in case of a disconnection with the ssh server during the procedure. The screen command is extremely important for large imports of root node keys, as imports will take much longer than the export.  Run  the following command line:

screen

3- Run the following command line and note the number of root node key nodes already existing in the datastore:

tw_query --no-headings "search RootNodeKeyInfo" | wc -l

4- Go to the folder where the root_node_keys.xml from a previous export resides. Note the results from the following command line, it count the number of keys in the file:

grep " <root-node-key-info "  root_node_keys.xml | wc -l

5- Run the import:

tw_root_node_key_import   root_node_keys.xml

To confirm that the tw_root_node_key_export process is no longer running, this command should not output any result (but the one for this grep command only):

ps -ef | grep root_node

6- Run the following command line and confirm that the result corresponds to the output of the command at step 4

tw_query --no-headings "search RootNodeKeyInfo" | wc -l