How to delete or remove an Authentication Manager 8.x replica with SQL commands
Originally Published: 2015-03-25
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.0, 8.1.0, 8.1.0 SP1, 8.2
Issue
Error: update or delete on table "ims_instance" violates foreign key constraint "fk_am_host_ims_instance_id" on table "am_host" Detail Key (id)= (xxxxxxx) is still referenced from table "am_host" When trying to delete the replica instance <instance_id>:
ERROR: update or delete on table "ims_instance" violates foreign key constraint "fk_ims_instance_node" on table "ims_instance_node" DETAIL: Key (id)=(1bc805dec902a8c008022a2a0600a793) is still referenced from table "ims_instance_node"
ERROR: update or delete on table "ims_instance" violates foreign key constraint "fk_ims_instance_node" on table "ims_instance_node" DETAIL: Key (id)=(1bc805dec902a8c008022a2a0600a793) is still referenced from table "ims_instance_node"
Resolution
- Access the PostgreSQL database.
- Delete the replica to find foreign key constraints.
- Delete the foreign key constraints.
Access the PostgreSQL database
- Connect to the RSA Authentication Manager 8.x primary, either by local console or SSH session.
- Login using the rsaadmin account (note that during Quick Setup another user name may have been selected. Use that user name to login).
- Navigate to /opt/rsa/am/utils.
- Run the command below to obtain the database password. In the example below, the password returned is rSKD5bGguLGNL9uGvFWnJoxIcHJah2, but this value is different for every deployment of Authentication Manager.
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system user password> Last login: Thu Nov 17 16:08:00 2016 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am81p:~> cd /opt/rsa/am/utils rsaadmin@am81p:/opt/rsa/am/utils> ./rsautil manage-secrets -a get com.rsa.db.dba.password Please enter OC Administrator username: <enter Operations Console administrator's user name> Please enter OC Administrator password: <enter Operations Console administrator's password> com.rsa.db.dba.password: rSKD5bGguLGNL9uGvFWnJoxIcHJah2 rsaadmin@am81p:/opt/rsa/am/utils>
- Copy this password for use in the commands below.
- Navigate to ../pgsql/bin and connect to the database using the password collected above.
rsaadmin@am81p:/opt/rsa/am/utils> cd ../pgsql/bin rsaadmin@am81p:/opt/rsa/am/pgsql/bin> ./psql -h localhost -p 7050 -d db -U rsa_dba Password for user rsa_dba:rSKD5bGguLGNL9uGvFWnJoxIcHJah2 psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=#
- From the db =# prompt, run the following SQL commands to find all of the foreign key constraints or dependencies of the replica, delete them all then delete the replica. You may not have all of the following values. For example, you may not see web tiers if you do not have them.
Some notes before starting,
- <ID strings> should be encapsulated in single quotes (for example, 'ID_string').
- Statements should end with semi-colon (;)
- UpperCase DELETE # is a successful return message.
- Run the following command to list the primary and replicas in the deployment. Note that replicas have a description of inserted by attachment process as well as an id.
SELECT * FROM ims_instance;
id | cpu_count | description | is_primary | deployed_state
14d1745cc802a8c008022cb9c356ff42 | 1 | Initial primary instance. | t |
1bc805dec902a8c008022a2a0600a793 | 1 | inserted by attachment process | f | active
- Use the \x command to turn on expanded display. See that now all field and columns are listed on the left with their values on the right.
db=# \x SELECT * FROM ims_instance; -[RECORD 1]------------------------------------- id | 14d1745cc802a8c008022cb9c356ff42 cpu_count | 1 description | Initial primary instance. is_primary | t deployed_state | -[RECORD 2]------------------------------------- id | 1bc805dec902a8c008022a2a0600a793 cpu_count | 1 description | inserted by attachment process is_primary | f deployed_state | active
- If you have more than one replica, you will need to match the instance ID with a fully-qualified domain name or IP address of the replica, as in the example below. To get this information, run the following command.
SELECT* FROM ims_instance_node; -[RECORD 1]------------------------------------- id | 8d540404c902a8c01a91a326d24ec878 instance_id | 1bc805dec902a8c008022a2a0600a793 name | am811r1 name | am811r1.vcloud.local ip | 192.168.2.201 product_patch | activation time | 2015-01-27 13:36:40.758 last_updated_on | 2015-03-04 14:43:17.975 -[RECORD 2]------------------------------------- id | c93d072ec802a8c01aea2fdebd4e7b8b instance_id | 14d1745cc802a8c008022cb9c356ff42 name | am811p name | am811p.vcloud.local ip | 192.168.2.200 product_patch | activation time | 2015-04-22 21:58:39.506 last_updated_on | 2015-04-23 14:42:00.845
- Now key in your replica's instance ID into the SELECT statement.
SELECT * FROM ims_instance WHERE id='<from row with inserted by attachment process>';
From the example above the command would be as follows:
SELECT * FROM ims_instance where id='1bc805dec902a8c008022a2a0600a793';
-[RECORD 1]-------------------------------------
id | 1bc805dec902a8c008022a2a0600a793
cpu_count | 1
description | inserted by attachment process
is_primary | f
deployed_state | active
- Run the following DELETE statement where the id value is for the row where the description is listed as inserted by attachment process. In the example, this is 1bc805dec902a8c008022a2a0600a793. Note the foreign key (id) value and the table referenced in the error.
DELETE FROM ims_instance WHERE instance_id='1bc805dec902a8c008022a2a0600a793'; ERROR: update or delete on table "ims_instance" violates foreign key constraint "fk_ims_instance_node" on table "ims_instance_node" DETAIL: Key (id)=(1bc805dec902a8c008022a2a0600a793) is still referenced from table "ims_instance_node".
- Use the key (id) from above to delete the instance_id from the ims_instance_node table:
SELECT * FROM ims_instance_node WHERE instance_id='<same as above>'; DELETE FROM ims_instance_node WHERE instance_id='<same as above>'; DELETE 1
- Use the key (id) from above to delete the instance_id from the ims_webtier_deployment table. Skip this step if there is not a web tier in the deployment.
DELETE FROM ims_instance WHERE id='<same as above>'; Note the key and table, ims_webtier_deployment SELECT * FROM ims_webtier_deployment; SELECT * FROM ims_webtier_deployment WHERE instance_id='<same as above>'; DELETE FROM ims_webtier_deployment WHERE instance_id='<same as above>'; DELETE 1
- Use the key (id) from above to delete the instance_id from the am_host table
DELETE FROM ims_instance WHERE id='<same as above>';
SELECT * FROM am_host;
SELECT * FROM am_host WHERE server_instance_id='<same as above>';
DELETE FROM am_host WHERE server_instance_id='<same as above>';
- Use the key (id) from above to delete the instance_id from the am_radius_servers table:
SELECT * FROM am_radius_servers;
SELECT * FROM am_radius_servers WHERE host_id='<host_id for Replica from table or Key (id)>';
DELETE FROM am_radius_servers WHERE host_id='<host_id for Replica from table or Key (id)>';
DELETE 1
- Delete the server_instance_ID (unique identifier of the server) from the am_host table.
DELETE FROM am_host WHERE server_instance_id='<same as above>'; Note Key (id) and table, am_agent_protocol_server SELECT * FROM am_agent_protocol_server; SELECT * FROM am_agent_protocol_server WHERE host_id='<host_id for Replica from table or Key (id)>'; DELETE FROM am_agent_protocol_server WHERE host_id='<host_id for Replica from table or Key (id)>'; Note Key (id) and table, am_aps_linkwith_aps_list SELECT * WHERE am_aps_linkwith_aps_list; SELECT * WHERE am_aps_linkwith_aps_list WHERE agent_protocol_server_id='<match from Key (id)'; 2 rows display DELETE FROM am_aps_linkwith_aps_list WHERE agent_protocol_server_id='<match from Key (id)'; DELETE 2 DELETE FROM am_agent_protocol_server WHERE host_id='<host_id for Replica from table or Key (id)'>; DELETE 1
DELETE FROM am_host WHERE server_instance_id='1bc805dec902a8c008022a2a0600a793';
ERROR: update or delete on table "am_host" wiolates foreign key contraint "fk_am_host_id_agent" on table "am_agent"
DETAIL Key (id)=(3ff92024c902a8c01aa8f6991ac5279b) is still referenced from table "am_agent".
SELECT * FROM am_agent; SELECT * FROM am_agent WHERE host_id='<host_id for Replica from table or Key (id)>'; -[ RECORD 1]-------------------------------------------------------------------------------- -------------- id | row_version | 0 host_id | is_enabled | t
Run the following commands then \q to exit.
DELETE FROM am_agent WHERE host_id='<host_id for Replica from table or Key (id)>'; Note Key (id) and table, am_agent_credential_types SELECT * FROM am_agent_credential_types; SELECT * FROM am_agent_credential_types WHERE agent_id='<agent_id OR Key (id)>'; DELETE From am_agent_credential_types WHERE agent_id='<agent_id OR Key (id)>'; DELETE 1 DELETE FroM am_agent WHERE host_id='<host_id for Replica FROM table OR Key (id)>; DELETE 1 DELETE FROM am_host WHERE server_instance_id='<same as above>; DELETE 1 DELETE FROM ims_instance WHERE id='<same as above>'; DELETE 1 \q
- When done, login to the Operations Consoles to verify the changes.
Notes
- A strong eye for detail is needed when running these SQL commands.
- The id field in the am_host table is usually called the host_id in other tables
- The id field in the am_agent table is usually called the agent_id in other tables
- Write down your replica instance_id or paste it into a text editor for reference and use.
