After upgrading the Data Loss Prevention(DLP) Connector appliance from 1.1.0 to 1.2.0, the connector does not work.
Problem
The DLP connector service does cannot start after an upgrade from version 1.1.0 to1.2.0.
The following error messages appear in the virtual appliance console.
Aug 08 16:15:22 usalssyndc01.abc.xyz.com systemd[1]: Starting Syncplicity DAS Connector Application... -- Subject: Unit syncp-das.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syncp-das.service has begun starting up. Aug 08 16:15:22 usalssyndc01.abc.xyz.com syncp-das-presetup[7008]: Starting Syncplicity DAS Connector Application (syncp- Aug 08 16:15:30 usalssyndc01.abc.xyz.com systemd[1]: PID 7046 read from file /var/run/syncp-das/syncp-das.pid does not exist. Aug 08 16:15:30 usalssyndc01.abc.xyz.com systemd[1]: Failed to start Syncplicity DAS Connector Application. -- Subject: Unit syncp-das.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit syncp-das.service has failed. -- -- The result is failed. Aug 08 16:15:30 usalssyndc01.abc.xyz.com systemd[1]: Unit syncp-das.service entered failed state. Aug 08 16:15:30 usalssyndc01.abc.xyz.com systemd[1]: syncp-das.service failed. Aug 08 16:15:32 usalssyndc01.abc.xyz.com systemd[1]: syncp-das.service holdoff time over, scheduling restart.
The following error messages appear in the log file in directory /var/log/syncp-das/ of the DLP appliance.
2019-08-08 16:19:34,369 [E] [app] - Configuration validation failed - Uninitialized keystore 2019-08-08 16:19:34,369 [E] [app] - Please check your configuration and restart the syncp-storage service. 2019-08-08 16:19:44,650 [E] [config] - Can't read password from null java.lang.NullPointerException: null
2019-08-08 16:19:44,674 [E] [config] - Can't load keystore /etc/syncp-das/dlpKeyStore java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
Cause
Between version 1.1.0 and version 1.2.0 of the DLP connector, the names of the configuration directories were changed and several properties were moved between the configuration files as follows.
Renamed configuration files
Configuration file\DLP version | DLP 1.1.0 | DLP 1.2.0 |
---|---|---|
Java configuration | /etc/syncp-dlp/dlp.yml | /etc/syncp-das/syncp-das.yml |
Scala configuration | /etc/syncp-dlp/syncp-dlp.conf | /etc/syncp-das/syncp-das.conf |
Renamed and moved properties
Property in DLP 1.1.0 /etc/syncp-dlp/dlp.yml | Property in DLP 1.2.0 /etc/syncp-das/syncp-das.conf |
---|---|
dlp.actionmq.keyStorePath | syncplicity.storage.keyStore.file |
dlp.actionmq.keyStorePassword | syncplicity.storage.keyStore.password |
As a result, the DLP connector service is unable to start because the configuration validation fails and the authorization cannot complete.
Solution
Move the values of the following properties from the
/etc/syncp-dlp/dlp.yml
file on DLP 1.1.0 to the/etc/syncp-das/syncp-das.conf
file in DLP 1.2.0dlp.yml syncp-das.conf dlp.actionmq.keyStorePath
syncplicity.storage.keyStore.file
dlp.actionmq.keyStorePassword
syncplicity.storage.keyStore.password
- Add the following property in file
/etc/syncp-das/syncp-das.conf
.syncplicity.storage.keyStore.type: JKS