No Old APP_KEY documented - DB restored and partially working

Good day.
I am re-building a system from backup. I have re-installed the OS, LibreNMS and restored the database.

There appears to be an issue with the APP_KEY. I inherited this system with no documentation on where to find the key, in fact this is the first that I even learn that there is encryption keys involved.

I have questions:

  1. What is the purpose of the encryption keys? What does it protect exactly? I am asking since in the front end I can see some things but not others. Some users can login, some can not.
  2. The list of Devices are there but The Health graphs are not working (broken images)
  3. The Alert channels appear to be missing from the interface.

Is there a way I can recover the old LibreNMS data as I need the history, especially alert logs and the Health graphs for the past 2 years.

I have tried advice in other posts regarding how to re-key. After the generate-key step it shows an “OLD KEY” which I use but which is then subsequently rejected in the next step.

P.S For what is is worth, this system was running an unsupported PHP version prior to the crash.

P.P.S If I can get SOME of the data but not all that would still be better than nothing.

-bash-4.2$ ./validate.php 
Component | Version
--------- | -------
LibreNMS  | 23.6.0-17-ge486ef4 (2023-07-03T12:08:58+02:00)
DB Schema | 2023_05_12_071412_devices_expand_timetaken_doubles (252)
PHP       | 8.1.20
Python    | 3.6.8
Database  | MySQL 5.7.42
RRDTool   | 1.4.8
SNMP      | 5.7.2

[OK]    Composer Version: 2.5.8
[OK]    Dependencies up-to-date.
[FAIL]  APP_KEY does not match key used to encrypt data. APP_KEY must be the same on all nodes.
        If you rotated APP_KEY, run lnms key:rotate to resolve.
[OK]    Database connection successful
[OK]    Database Schema is current
[OK]    SQL Server meets minimum requirements
[OK]    lower_case_table_names is enabled
[OK]    MySQL engine is optimal
[OK]    Database and column collations are correct
[OK]    Database schema correct
[OK]    MySQl and PHP time match
[OK]    Active pollers found
[OK]    Dispatcher Service not detected
[OK]    Locks are functional
[OK]    Python poller wrapper is polling
[OK]    Redis is unavailable
[OK]    rrd_dir is writable
[OK]    rrdtool version ok
You have new mail in /var/spool/mail/librenms

On further investigation I see that the notification transports are in actual fact there.

I also found that the cronfile is broken (A non root user cron cannot specify a user to run as, not even the same user) so I removed the user and now the cron jobs are running and creating the graphs for new data.

The only thing missing is the history.

Which leads me back to “what exactly is protected by the encryption key” given that all the configuration is there, it is just the historic health data that appears to be missing.

Can I use it with no encryption key?

Thank you,

There are steps in the FAQ which should help:

Look at the info on migrating from one server to another. Specifically it sounds like you are missing the .env files (key error) and rrd/ directory (graphs).

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.