N2WS-22914 - Unable to encrypt root volume of running Worker instance

N2WS-22914 - Unable to encrypt root volume of running Worker instance

Issue:

Cannot encrypt the root volume of a running worker instance.  The attached patch and instructions will add support to enable encryption on a running worker instance.

Solution:

With either of the below solutions, you must also edit the cpmserver.cfg file as noted below. if you already have a section in the .cfg file for the worker then you can edit it. Once it is edited and saved, you can apply the patch attached below.

1. Connect to the N2WS server, user is cpmuser and your selected KayPair.
2. Edit or create the file /cpmdata/conf/cpmserver.cfg
3. Add below section

[worker]
encrypt_root_volume_with_key=”<key>”

<key> may be a Key ID, Key ARN, alias (in the format ‘alias/<name>’) or alias ARN.

If you plan to have workers in several regions, use one of the alias options.

Once you have edited the .cfg file, save it and restart apache. You can use the following cmd to restart apache
sudo systemctl restart apache2.service

  1.  v4.2.0 -  upgrade to 4.2.2 and install patch
  2.  4.2.1 & v4.2.2 - install attached patch
For instructions on how to install a patch on the N2WS Instance please see the following KB

    • Related Articles

    • How to fully encrypt CPM server root and data volumes in EBS

      The steps below will help you properly encrypt the CPM server root and data EBS volumes for an existing CPM server instance. If encrypting only the data volume, it is still necessary to launch a new CPM server instance. Then during initial CPM ...

    • How to retrieve logs from a CPM AWS Worker instance

      Linux & AWS knowledge is required Please read the entire KB before starting. N2WS uses temporary EC2 worker instances for several operations (copy to S3, FLR, etc), In cases where a worker is failing before it could communicate with the main server, ...

    • How to change instance type of S3 worker instances CPM

      Some clients may need worker instances with more ram and CPU power. You can use this process to modify the ec2 instance type used for worker instances. We highly recommend not to change size unless it was suggested by the N2WS support team. Otherwise ...

    • Error on Instance recovery - Instance recovery failed: Failed checking snapshot availability

      Issue: Error - Instance recovery failed: Failed checking snapshot availability When running a recovery, first CPM downloads the data from the bucket, then it creates a temporary snapshot and then creates the instance. This error occurs when a timeout ...

    • Instance recovery may fail if volume over 1024GB is restored.

      Issue: Instance recovery appears successful in cpm, but when viewing in ec2, the restored instance is terminated with : State transition reason message Client.InvalidParameterCombination: Could not create volume with size 1025GiB from snapshot ...