Red Hat Bugzilla – Bug 1314675
engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' domain db config during restore
Last modified: 2016-03-07 01:46:18 EST
Description of problem:
engine-backup, when invoked with --change-db-credentials, alters engine database configuration in "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". Unfortunately this action breaks 'internal' domain aaa-jdbc configuration, which means that user won't be able to log in with any user from 'internal' domain after completing this action.
'internal' domain aaa-jdbc instance uses the same database as engine (with the difference of using 'aaa_jdbc' schema name) and its' database configuration configuration is stored in "/etc/ovirt-engine/aaa/internal.properties". So engine-backup needs to update also aaa-jdbc database configuration file
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Invoke steps to "change engine database credentials" or "migrate engine database to different server with changing database credentials" using engine-backup as described in documentation
aaa-jdbc db config is invalid -> any user from 'internal' domain cannot login to engine
aaa-jdbc db config is updated correctly
I set target to 3.6.5 as I think it should be fixed asap, but feel free to change as needed.
Here is description of differences between engine and aaa-jdbc db config file:
aaa-jdbc "internal" domain db config file is located at "/etc/ovirt-engine/aaa/internal.properties" and it contains following options:
- corresponds to ENGINE_DB_URL
- corresponds to ENGINE_DB_USER
- corresponds to ENGINE_DB_PASSWORD
- corresponds to ENGINE_DB_DRIVER
- schema name used for aaa-jdbc database objects
- by default for internal domain it's "aaa_jdbc" and it should not be altered during engine-backup invocation
Thanks for the report, Martin, but did you actually try this?
engine-backup does instruct the user to run 'engine-setup' in the end, and 'engine-setup' should recreate also the aaa-jdbc configuration.
Didi, you are right. engine-setup should be executed in the end (as described both in the doc and in engine-backup tool output) and engine-setup refreshes aaa-jdbc 'internal' domain db config using current engine db config, so we don't need to change anything in engine-backup.