1314675 – engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' domain db config during restore

Bug 1314675 - engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' domain db config during restore

Summary: engine-backup --change-db-credentials is not changing aaa-jdbc 'internal' dom...

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	ovirt-engine
Classification:	oVirt
Component:	Backup-Restore.Engine
Sub Component:
Version:	3.6.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	ovirt-3.6.5
Target Release:	---
Assignee:	Yedidyah Bar David
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-03-04 08:40 UTC by Martin Perina
Modified:	2016-03-07 06:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2016-03-07 06:46:18 UTC
oVirt Team:	Integration
Embargoed:
Dependent Products:
Flags:	mperina: ovirt-3.6.z? rule-engine: planning_ack? rule-engine: devel_ack? rule-engine: testing_ack?

Attachments	(Terms of Use)

Description Martin Perina 2016-03-04 08:40:28 UTC

Description of problem:

engine-backup, when invoked with --change-db-credentials, alters engine database configuration in "/etc/ovirt-engine/engine.conf.d/10-setup-database.conf". Unfortunately this action breaks 'internal' domain aaa-jdbc configuration, which means that user won't be able to log in with any user from 'internal' domain after completing this action.

'internal' domain aaa-jdbc instance uses the same database as engine (with the difference of using 'aaa_jdbc' schema name) and its' database configuration configuration is stored in "/etc/ovirt-engine/aaa/internal.properties". So engine-backup needs to update also aaa-jdbc database configuration file

Version-Release number of selected component (if applicable):

3.6

How reproducible:

100%

Steps to Reproduce:
1. Invoke steps to "change engine database credentials" or "migrate engine database to different server with changing database credentials" using engine-backup as described in documentation
2.
3.

Actual results:

aaa-jdbc db config is invalid -> any user from 'internal' domain cannot login to engine

Expected results:

aaa-jdbc db config is updated correctly

Additional info:

Comment 1 Martin Perina 2016-03-04 08:52:50 UTC

I set target to 3.6.5 as I think it should be fixed asap, but feel free to change as needed.

Here is description of differences between engine and aaa-jdbc db config file:

aaa-jdbc "internal" domain db config file is located at "/etc/ovirt-engine/aaa/internal.properties" and it contains following options:

 config.datasource.jdbcurl
   - corresponds to ENGINE_DB_URL
 
 config.datasource.dbuser
   - corresponds to ENGINE_DB_USER

 config.datasource.dbpassword
   - corresponds to ENGINE_DB_PASSWORD

 config.datasource.jdbcdriver
   - corresponds to ENGINE_DB_DRIVER

 config.datasource.schemaname
   - schema name used for aaa-jdbc database objects
   - by default for internal domain it's "aaa_jdbc" and it should not be altered during engine-backup invocation

Comment 2 Yedidyah Bar David 2016-03-06 08:28:52 UTC

Thanks for the report, Martin, but did you actually try this?

engine-backup does instruct the user to run 'engine-setup' in the end, and 'engine-setup' should recreate also the aaa-jdbc configuration.

Comment 3 Martin Perina 2016-03-07 06:46:18 UTC

Didi, you are right. engine-setup should be executed in the end (as described both in the doc and in engine-backup tool output) and engine-setup refreshes aaa-jdbc 'internal' domain db config using current engine db config, so we don't need to change anything in engine-backup.

Note You need to log in before you can comment on or make changes to this bug.