N2WS-22914 - Unable to encrypt root volume of running Worker instance

N2WS-22914 - Unable to encrypt root volume of running Worker instance

Issue:
Cannot encrypt the root volume of a running worker instance.  The attached patch and instructions will add support to enable encryption on a running worker instance.

Solution:
With either of the below solutions, you must also edit the cpmserver.cfg file as noted below. if you already have a section in the .cfg file for the worker then you can edit it. Once it is edited and saved, you can apply the patch attached below.

1. Connect to the N2WS server, user is cpmuser and your selected Key Pair.
2. Edit or create the file /cpmdata/conf/cpmserver.cfg
3. Add below section

[worker]
encrypt_root_volume_with_key=”<key>”

<key> may be a Key ID, Key ARN, alias (in the format ‘alias/<name>’) or alias ARN.

If you plan to have workers in several regions, use one of the alias options.

Once you have edited the .cfg file, save it and restart apache. You can use the following cmd to restart apache
sudo systemctl restart apache2.service

  1.  v4.2.0 -  upgrade to 4.2.2 and install patch
  2.  4.2.1 & v4.2.2 - install attached patch
For instructions on how to install a patch on the N2WS Instance please see the following KB

    • Related Articles

    • How to fully encrypt CPM server root and data volumes in EBS

      The steps below will help you properly encrypt the CPM server root and data EBS volumes for an existing CPM server instance. If encrypting only the data volume, it is still necessary to launch a new CPM server instance. Then during initial CPM ...

    • How to retrieve logs from a CPM AWS Worker instance

      Linux & AWS knowledge is required Please read the entire KB before starting. N2WS uses temporary EC2 worker instances for several operations (copy to S3, FLR, etc), In cases where a worker is failing before it could communicate with the main server, ...

    • How to change instance type of S3 worker instances CPM

      Some clients may need worker instances with more ram and CPU power. You can use this process to modify the ec2 instance type used for worker instances. We highly recommend not to change size unless it was suggested by the N2WS support team. Otherwise ...

    • DR of encrypted snapshots may fail with the “No matching KMS alias” error

      DR of encrypted snapshots may fail with the following error in the Backup log: ERROR: start_copy_region(.\cpmserver\cpm\dr_volume.py:<line number>) Volume DR copy snapshot failed (in Backup account). No matching KMS alias on target region (source ...

    • How To Test Connectivity from a CPM Worker to AWS endpoints

      The Following Steps will help you Test the outgoing connection from the CPM Worker to AWS endpoints OR the CPM Server if you need to test to ensure that the Worker can reach the CPM server once it launches. Launch Worker First, ensure the CPM Worker ...