if you want to replace the old faulty hardware controller when there is no access to old controller to pull out ckey then we need to follow the below steps.


Configuration
  1. First login into the Versa Director cli:
 

 

2. Disconnect the old controller from the Versa Director using cli command:


    Administrator@VD1> request devices device < Controller Name > disconnect




    Please Note: We should still have reachability to new controller from Versa Director using the same IP address.

3. Connect the new controller to the Versa Director using Director cli command:
    
     Administrator@VD1> request devices device <Controller Name> connect

4. Fetch SSH keys from the new controller using the Versa Director cli command:
    
     Administrator@VD1> request devices device <Controller Name> ssh fetch-host-keys

5. Push the Versa Director SSH keys into the controller using the Versa Director shell command:
    
     /opt/versa/vnms/scripts/push_keys_to_device.sh <controller mgmt. IP> <password>

6. On director login into psql database from the shell
 
      psql -U vnms -h localhost
 

7. Get the encrypted private key from the psql database 
 
     select pvt_key from appliance_keys where device_name='controller name';
 
       We will get the encrypted private key copy it to the notepad
 
 
8. Copy flex_privkey_util file from director to the controller
 

*Please copy the flex_privkey_util from here: https://upload.versa-networks.com/index.php/s/IjXTEbFfDHvaKTT owing to a Bug [100810] on any Director builts made on or before 2023-11-06.


     sudo scp /opt/versa/vnms/scripts/flex_privkey_util admin@Controller-ip:/var/tmp/
 
 
9. a) In controller change the private key on the flex_privkey_util file (the private key that which we have copied from step7)
 
    sudo /var/tmp/flex_privkey_util change "pvt key"
 
 
b) Execute below in shell to generate a fresh-pair of ckey.

>>echo "del /crypto/pki/config-keys{config_key}" | confd_cmd -u admin -g admin -o



10. Restart the controller

       vsh restart

 
11. In the director GUI navigate to Administration tab and Click on Appliance -> Select the controller on right pane click on Sync to  Appliance.
 


With this step Versa Director adds old controller’s configuration to the new controller. Login to
 
 
12. Once the controller is up (all the tunnels & bgp) then do clear encryption-metadata on the director
 
Cli:-
 
unhide debug
 
password:- secret
 
request system security clear-encryption-metadata