Bug 1314675 - engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' domain db config during restore
engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' dom...
Product: ovirt-engine
Classification: oVirt
Component: Backup-Restore.Engine (Show other bugs)
Unspecified Unspecified
unspecified Severity high (vote)
: ovirt-3.6.5
: ---
Assigned To: Yedidyah Bar David
Pavel Stehlik
Depends On:
  Show dependency treegraph
Reported: 2016-03-04 03:40 EST by Martin Perina
Modified: 2016-03-07 01:46 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-03-07 01:46:18 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: Integration
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
mperina: ovirt‑3.6.z?
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?

Attachments (Terms of Use)

  None (edit)
Description Martin Perina 2016-03-04 03:40:28 EST
Description of problem:

engine-backup, when invoked with --change-db-credentials, alters engine database configuration in "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". Unfortunately this action breaks 'internal' domain aaa-jdbc configuration, which means that user won't be able to log in with any user from 'internal' domain after completing this action.

'internal' domain aaa-jdbc instance uses the same database as engine (with the difference of using 'aaa_jdbc' schema name) and its' database configuration configuration is stored in "/etc/ovirt-engine/aaa/internal.properties". So engine-backup needs to update also aaa-jdbc database configuration file

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Invoke steps to "change engine database credentials" or "migrate engine database to different server with changing database credentials" using engine-backup as described in documentation

Actual results:

aaa-jdbc db config is invalid -> any user from 'internal' domain cannot login to engine

Expected results:

aaa-jdbc db config is updated correctly

Additional info:
Comment 1 Martin Perina 2016-03-04 03:52:50 EST
I set target to 3.6.5 as I think it should be fixed asap, but feel free to change as needed.

Here is description of differences between engine and aaa-jdbc db config file:

aaa-jdbc "internal" domain db config file is located at "/etc/ovirt-engine/aaa/internal.properties" and it contains following options:

   - corresponds to ENGINE_DB_URL
   - corresponds to ENGINE_DB_USER

   - corresponds to ENGINE_DB_PASSWORD

   - corresponds to ENGINE_DB_DRIVER

   - schema name used for aaa-jdbc database objects
   - by default for internal domain it's "aaa_jdbc" and it should not be altered during engine-backup invocation
Comment 2 Yedidyah Bar David 2016-03-06 03:28:52 EST
Thanks for the report, Martin, but did you actually try this?

engine-backup does instruct the user to run 'engine-setup' in the end, and 'engine-setup' should recreate also the aaa-jdbc configuration.
Comment 3 Martin Perina 2016-03-07 01:46:18 EST
Didi, you are right. engine-setup should be executed in the end (as described both in the doc and in engine-backup tool output) and engine-setup refreshes aaa-jdbc 'internal' domain db config using current engine db config, so we don't need to change anything in engine-backup.

Note You need to log in before you can comment on or make changes to this bug.