Bug 1273261 - [Docs] [RFE] AAA Local User Authentication - changing internal domain to work with the jdbc extension
[Docs] [RFE] AAA Local User Authentication - changing internal domain to work...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: Documentation (Show other bugs)
3.6.0
Unspecified Unspecified
unspecified Severity medium
: ovirt-3.6.2
: 3.6.0
Assigned To: Julie
Tahlia Richardson
docs
: FutureFeature
: 1302273 (view as bug list)
Depends On: 917035 1249639 1260573
Blocks:
  Show dependency treegraph
 
Reported: 2015-10-20 01:30 EDT by Andrew Burden
Modified: 2016-02-02 07:16 EST (History)
15 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: 1249639
Environment:
Last Closed: 2016-01-28 03:06:16 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Docs
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andrew Burden 2015-10-20 01:30:27 EDT
Doc text for BZ#1249639:
"
Feature: 
Legacy provider for 'internal' domain was replaced by aaa-jdbc provider, so following things needs to be documented for RHEVM 3.6.0:

1. During the upgrade 'internal' domain is converted from legacy provider to aaa-jdbc provider, password for 'admin@internal' is preserved. For new installation aaa-jdbc provider is installed by default and 'admin@internal' password is set during engine-setup execution.

2. There's completely new infrastructure how to manage users/groups/passwords provided by aaa-jdbc provider, for details please take a look at feature page http://www.ovirt.org/Features/AAA_JDBC
3. Document that describes how to change password of admin@internal is no longer valid for RHEV 3.6:
https://access.redhat.com/solutions/63677

Please update it with information contained in feature page.

4. aaa-jdbc provider is contained in ovirt-engine-extension-aaa-jdbc package which is not upgraded automatically by engine-setup (only specific upgrades are forced to be applied during engine-setup execution). So if user wants aaa-jdbc to be upgraded he needs to execute following commands:

  yum update ovirt-engine-extension-aaa-jdbc
  service restart ovirt-engine

"


+++ This bug was initially created as a clone of Bug #1249639 +++

Changing internal domain to work with the jdbc extension

--- Additional comment from Pavel Stehlik on 2015-08-18 03:41:46 EDT ---

CodeChange? Or how should be tested?

--- Additional comment from Martin Perina on 2015-08-18 09:23:43 EDT ---

Legacy provider for 'internal', which supports only only one user (admin) and no groups, was replaced with aaa-jdbc provider which supports unlimited number of users and groups same as aaa-ldap provider. So I think that verification should be similar to 1076971:

1. Upgrade for previous version is OK, internal legacy provider is replaced with aaa-jdbc, admin@internal can be logged in with the same password as before

2. New installation is OK, aaa-jdbc is configured properly, admin@internal can be logged in using password specified during engine-setup

3. For both upgrade and new installation verify that user/groups management using ovirt-aaa-jdbc-tool command works correctly
Comment 1 Ondra Machacek 2015-10-20 07:16:43 EDT
(In reply to Andrew Burden from comment #0)
>So if user wants aaa-jdbc to be upgraded he needs to execute following commands:
> 
>   yum update ovirt-engine-extension-aaa-jdbc
>   service restart ovirt-engine

AFAIK it's not enough. ie. DB upgrade is run within engine-setup command.
That means to properly upgrade you need to run:

  yum update ovirt-engine-extension-aaa-jdbc
  engine-setup
  service restart ovirt-engine
Comment 2 Sandro Bonazzola 2015-10-26 08:49:44 EDT
this is an automated message. oVirt 3.6.0 RC3 has been released and GA is targeted to next week, Nov 4th 2015.
Please review this bug and if not a blocker, please postpone to a later release.
All bugs not postponed on GA release will be automatically re-targeted to

- 3.6.1 if severity >= high
- 4.0 if severity < high
Comment 3 Martin Perina 2015-11-02 06:26:49 EST
(In reply to Ondra Machacek from comment #1)
> (In reply to Andrew Burden from comment #0)
> >So if user wants aaa-jdbc to be upgraded he needs to execute following commands:
> > 
> >   yum update ovirt-engine-extension-aaa-jdbc
> >   service restart ovirt-engine
> 
> AFAIK it's not enough. ie. DB upgrade is run within engine-setup command.
> That means to properly upgrade you need to run:
> 
>   yum update ovirt-engine-extension-aaa-jdbc
>   engine-setup
>   service restart ovirt-engine

I've updated README.admin in ovirt-engine-extension-aaa-jdbc package with concrete steps to install/upgrade aaa-jdbc profiles:

https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-jdbc.git;a=blob_plain;f=README.admin;hb=38dcec6efd9141b8dc6c6395b501bc231bb8ffc4
Comment 5 Martin Perina 2016-01-20 05:33:47 EST
Upgrade of aaa-jdbc extension has been changed by BZ1293338. There's no need for manual upgrade of 'internal' profile, everything is done automatically by engine-setup.

Only custom aaa-jdbc profiles have to be upgraded manually.

Updated installation info can be found at 
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-jdbc.git;a=blob_plain;f=README.admin
Comment 11 Yaniv Lavi (Dary) 2016-02-02 07:16:47 EST
*** Bug 1302273 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.