Bug 1314675

Summary: engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' domain db config during restore
Product: [oVirt] ovirt-engine Reporter: Martin Perina <mperina>
Component: Backup-Restore.EngineAssignee: Yedidyah Bar David <didi>
Status: CLOSED NOTABUG QA Contact: Pavel Stehlik <pstehlik>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.6.0CC: bugs, juwu, mperina
Target Milestone: ovirt-3.6.5Flags: mperina: ovirt-3.6.z?
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-07 06:46:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Perina 2016-03-04 08:40:28 UTC 
Description of problem:

engine-backup, when invoked with --change-db-credentials, alters engine database configuration in "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". Unfortunately this action breaks 'internal' domain aaa-jdbc configuration, which means that user won't be able to log in with any user from 'internal' domain after completing this action.

'internal' domain aaa-jdbc instance uses the same database as engine (with the difference of using 'aaa_jdbc' schema name) and its' database configuration configuration is stored in "/etc/ovirt-engine/aaa/internal.properties". So engine-backup needs to update also aaa-jdbc database configuration file

Version-Release number of selected component (if applicable):

3.6

How reproducible:

100%

Steps to Reproduce:
1. Invoke steps to "change engine database credentials" or "migrate engine database to different server with changing database credentials" using engine-backup as described in documentation
2.
3.

Actual results:

aaa-jdbc db config is invalid -> any user from 'internal' domain cannot login to engine

Expected results:

aaa-jdbc db config is updated correctly

Additional info:
Comment 1 Martin Perina 2016-03-04 08:52:50 UTC 
I set target to 3.6.5 as I think it should be fixed asap, but feel free to change as needed.

Here is description of differences between engine and aaa-jdbc db config file:

aaa-jdbc "internal" domain db config file is located at "/etc/ovirt-engine/aaa/internal.properties" and it contains following options:

 config.datasource.jdbcurl
   - corresponds to ENGINE_DB_URL
 
 config.datasource.dbuser
   - corresponds to ENGINE_DB_USER

 config.datasource.dbpassword
   - corresponds to ENGINE_DB_PASSWORD

 config.datasource.jdbcdriver
   - corresponds to ENGINE_DB_DRIVER

 config.datasource.schemaname
   - schema name used for aaa-jdbc database objects
   - by default for internal domain it's "aaa_jdbc" and it should not be altered during engine-backup invocation
Comment 2 Yedidyah Bar David 2016-03-06 08:28:52 UTC 
Thanks for the report, Martin, but did you actually try this?

engine-backup does instruct the user to run 'engine-setup' in the end, and 'engine-setup' should recreate also the aaa-jdbc configuration.
Comment 3 Martin Perina 2016-03-07 06:46:18 UTC 
Didi, you are right. engine-setup should be executed in the end (as described both in the doc and in engine-backup tool output) and engine-setup refreshes aaa-jdbc 'internal' domain db config using current engine db config, so we don't need to change anything in engine-backup.