For Director version 21.1 and above:
Device-workflow deploy (or) Template commit error:
“Transaction silently rolled back because it has been marked as rollback-only”
Bug ID: 63185
Description: Encrypted_object record being added twice into the postgres causing this error
Found In: 21.1.1
Fix Release : 21.1.3 GA and above
Steps to be taken to revive this:
- psql -U vnms -h localhost -d vnms [Versa@123]
- vnms=> select * from encryption_object where branch_name ='Branch-Name';
Per controller_name, organization_name, vpn_profile_name, psk_type for a branch_name should be a unique record.
3.If there are 2 encryption_object per branch_name based on the 4 parameters we should decrypt the psk value and verify it again the Controller and the deployed Branch using the below steps,
Sample encryption_object:
uuid | controller_uuid | controller_name | organization_name | vpn_profile_name | psk_type | psk | branch_name
64b44922-5093-4a9c-b41c-9bf0295b691f | 05df6c99-47ad-4710-99fd-80ba9599d20d | controller-2 | Versa | Versa-PostStaging | IKEPKey | SOlzH9b2mem68JxyGUYz8Ht5RkyfPM6X9m961narYtDGCMeyP84mBLxvfV7YBbjTWqv4vk/xXE6q6owdfHtrGaaUBCsKyjb0y+rScAQ4K6BB94HLVY94V0RqBjhABJrC0zz08MjDFB0pZ5yKu9QhFZUyjnKzjQM8jeB1pMZ77uHkvCxD1JKYuD2MyZweboXqJEiiIIchLmCmsI4YIoOy/4zV9herlLdWpwaYbt2RGXsP/A64YZA+0AMrD4jC81QlQ9YFmy9BlrdohSiYKvmcqyNLaKDrqAWgBZPc3ojfBCLul2Ev108MgVgAKh5mwVzwIrKk2oNWi6smuZpA8Mkakg== | Branch-1
665dfcbb-d0fc-4d65-8120-780655425121 | 05df6c99-47ad-4710-99fd-80ba9599d20d | controller-2 | Versa | Versa-PostStaging | IKEPKey | BCpH7r0v3jrV+Ywj6rUcdmOmpcjlJXLss1eszbx0ZsI8COrIXf65KJp08ZLHNxmoNjOQK6A39mx7FlxjX8+oOnkUVZyLBjs1F8MXGGaTAel0N83kTp5B7M6oNcO5B/sMdzLoizqgmX/BKWWVgHRtf2Z87M5Psm88hXvq2CQxyqu4ZD12C7c8V4IOKu7r9Im/m7sZQZ1lYgcyPnaYSAsZSG7cPCf+LkldKQLMOmTKsirpkWohrcTuN8++A/lhOPPBhENXTMbiIbyW+BzBDmrupcEuddORv9XwSTydSvvsu8aK1SWhFyJSfctoCQHbd7VHaNwpDIyxeoheAdjYikGGlw== | Branch-1
- Goto the Director-config:
Branch-1:
Administrator@VersaDirector1% show devices device Branch-1 config orgs org-services Versa ipsec vpn-profile controller-2-Profile local-auth-info
auth-type psk;
id-type email;
key b1vQPZZsxO6zbOjF;
id-string Branch-1@Versa.com;
[ok][2021-06-09 03:58:29]
Controller-2:
Administrator@VersaDirector1% show devices device controller-2 config orgs org-services Versa ipsec vpn-profile Versa-PostStaging psk-auth-clients remote-client Branch-1@Versa.com
id-type email;
key b1vQPZZsxO6zbOjF;
Here, we confirmed that the keys on the Directors are the same as that of the Controller/Branch.
To confirm how many duplicates encryption_object is present in the psql, please use the below command:
select controller_name, organization_name , vpn_profile_name, psk_type from encryption_object where branch_name = '<Branch-Name>' group by controller_name, organization_name , vpn_profile_name, psk_type having count(*) > 1;
PS: Prior to performing a delete, it is always safer to take a snapshot of the Director or rollback should there be an issue/error that occurred during/after the deletion.
Final Step:
Now we can go ahead and delete one of the entries from the psql using the below command:
vnms=> delete from encryption_object where uuid ='64b44922-5093-4a9c-b41c-9bf0295b691f ';
Incase you want to perform a bulk delete of the uuid’s post verifying the list of all the encryption_objects, we can use the below command:
vnms=> delete from encryption_object where uuid in (‘uuid1’, ‘uuid2’, ‘uuid3’);
Now try to re-deploy the device, or commit the template, for the action where it failed due to the error “Transaction silently rolled back because it has been marked as rollback-only”