C.2 Common Oracle Key Vault Tasks

Review these tasks for resolving common issues encountered when working with Oracle Key Vault.

• How to Re-Enroll an Endpoint on an Endpoint Database
  You can re-enroll an endpoint again on an endpoint database using these steps.
• How To Download Diagnostics From Oracle Key Vault Server
  Downloading the Oracle Key Vault diagnostics log for 21.5 or previous versions provides troubleshooting information for Oracle Key Vault issues.
• How to Recover the root User Password
  You can reset the Oracle Key Vault's root user password when the current root password is forgotten using Oracle Key Vault server's terminal console.
• How to Reset the support User Password
  You can reset the Oracle Key Vault support user password when the current password is forgotten using Oracle Key Vault server's console terminal.

C.2.1 How to Re-Enroll an Endpoint on an Endpoint Database

You can re-enroll an endpoint again on an endpoint database using these steps.

1. Log in to the Oracle Key Vault management console as a user who has either the system administrator role or privilege to manage the endpoint.
2. Navigate to the Endpoints tab.
3. Select the endpoint and re-enroll the endpoint.
4. Download the okvclient.jar file using the endpoint enrollment token.
5. Securely transfer okvclient.jar using SCP to the endpoint database server.
6. Set the ORACLE_BASE, ORACLE_HOME, ORACLE_SID, JAVA_HOME, and OKV_HOME environment variables as required.
7. Back up the $OKV_HOME directory and delete the files under $OKV_HOME:

   $cp -R $OKV_HOME $OKV_HOME_bkp_date +%Y%m%d

8. Go to the $OKV_HOME directory and remove all the files.
9. Verify if the okvclient.ora file exists in $ORACLE_BASE/okv/$ORACLE_SID. If the file exists, rename it.

   cd $ORACLE_BASE/okv/$ORACLE_SID
   ls -ltr 
   mv okvclient.jar okvclient.jar_bkp_date +%Y%m%d
   rm okvclient.lck
   rm okv.pc.lck

10. Install the new okvclient.jar file:

    $JAVA_HOME/bin/java -jar okvclient.jar -d $OKV_HOME -v -o

C.2.2 How To Download Diagnostics From Oracle Key Vault Server

Downloading the Oracle Key Vault diagnostics log for 21.5 or previous versions provides troubleshooting information for Oracle Key Vault issues.

To download the Oracle Key Vault diagnostics log requested by Oracle Support:

1. Log in to the Oracle Key Vault server as root
2. Install the diagnostics package:

   /usr/local/dbfw/bin/priv/dbfw-diagnostics-package.rb --install

3. Modify the diagnostics configuration to allow the utility to collect information about the appliance. Enable collection of all elements and files:

   /usr/local/dbfw/bin/priv/dbfw-diagnostics-package.rb --enable ALL

4. Copy the diagnostics file outside Oracle Key Vault before deleting them.

   scp/usr/local/dbfw/tmp/diagnostics_okv*.zip user@hostname:/tmp

5. Collect the diagnostic logs:

   /usr/local/dbfw/bin/priv/dbfw-diagnostics-package.rb

   For example, a diagnostics file looks like:

   /usr/local/dbfw/tmp/diagnostics_okv0039f6043e9a_2017_06_08_17_48_07_75F4728E5644D781A215200EAAEADF3B.zip

6. After you copied the diagnostics file to a destination outside of Oracle Key Vault, remove the package:

   /usr/local/dbfw/bin/priv/dbfw-diagnostics-package.rb --remove

C.2.3 How to Recover the root User Password

You can reset the Oracle Key Vault's root user password when the current root password is forgotten using Oracle Key Vault server's terminal console.

To reset the root user password of Oracle Key Vault Server:

1. Reboot the Oracle Key Vault server.

   On the terminal console, when the GRUB2 menu appears with the menu item for the Oracle Key Vault server entry, enter the edit mode by pressing e key.

   
   

   
   Description of the illustration 216_root_user_password.png

   
   

   The GRUB edit mode interrupts the boot process to display the kernel boot parameters as shown below:

   
   
   Description of the illustration 216_kernel_boot_params.png
   

2. Go to the end of the line that starts at linux16. Press Ctrl-e to jump to the end of a line.
3. Enter rd.break to the end of the line that starts with linux16.
4. Press Ctrl-x to continue the boot process with changed kernel parameters. The switch_root:/# prompt displays.
5. Remount the file system with read write access to change the root password. By default, the file system is mounted as read-only at /sysroot.
6. Run the given command on the switch_root:/# prompt to make /sysroot writable:

   mount -o remount,rw /sysroot

7. To enter chroot environment, run the below given command.

   chroot /sysroot

8. Use the passwd command to set the new root password. Follow the prompts to complete the password change.

   passwd

9. Force SELinux file system relabeling process on the next system reboot:

   touch /.autorelabel

   Make sure the dot appears after the forward-slash.

10. Exit the chroot environment.

    exit

11. Exit the switch_root prompt.

    exit

    The boot process continues. Wait for few minutes to complete the SELinux relabeling process. The system reboots automatically when the relabelling process is completed.

12. Once the system reboots, the root password resetting is completed.
13. Login with your new root password.

C.2.4 How to Reset the support User Password

You can reset the Oracle Key Vault support user password when the current password is forgotten using Oracle Key Vault server's console terminal.

To change the OS user support password on the Oracle Key Vault console terminal:

1. Login as root user.

   Note:

   You can login as root using console terminal.
2. Execute the passwd support command to reset the support user password.

   [root@okvserver ~]# passwd support
   Changing password for user support.
   New password:
   Retype new password: 
   passwd: all authentication tokens updated successfully.
   [root@okvserver ~]#

   There are no consequence in changing the support password.

   After the password is set successfully, the following message is displayed on the console:

   All authentication tokens updated successfully.

3. Login as support.