Bug 602329 - auto-installer doesn't support encrypted password
auto-installer doesn't support encrypted password
Status: CLOSED CURRENTRELEASE
Product: RHQ Project
Classification: Other
Component: Installer (Show other bugs)
3.0.0
All All
low Severity low (vote)
: ---
: ---
Assigned To: John Mazzitelli
John Sanda
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-09 11:45 EDT by John Mazzitelli
Modified: 2010-08-12 12:57 EDT (History)
1 user (show)

See Also:
Fixed In Version: 2.4
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-08-12 12:57:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
server log from failed aut-install when trying to overwrite existing database (128.97 KB, application/octet-stream)
2010-07-16 11:06 EDT, John Sanda
no flags Details

  None (edit)
Description John Mazzitelli 2010-06-09 11:45:38 EDT
we introduced the "encrypted" password in the rhq-server.properties file. When you go to the installer, you type in the password in the UI but the installer will obfuscate that password when it stores it into rhq-server.properties.

However, the auto-installer doesn't have a UI - it gets all its data from the already pre-configured rhq-server.properties. If a user preconfigured that file with the encrypted password (which you would expect them to do, we would not expect them to put a in-the-clear password in that file which would defeat the purpose) then the auto-installation will fail because it thinks that encrypted password is the plaintext password.

We need the auto-installer to know that it needs to decrypt the password found in the rhq-server.properties before attempting to use it. It must remember to keep the encrypted password in the properties file though.

Workaround today: if you want to use auto-installer, put the plaintext password in the properties file. It will be used as-is and later encrypted into the properties file just as it would have normally been done via the GUI installer.
Comment 1 John Mazzitelli 2010-06-28 16:49:48 EDT
commit sha: 8b2395040220079a45f67900568aa3616f7941cc

we can have qa test this
Comment 2 Corey Welton 2010-06-29 11:51:34 EDT
Auto-installer has never been through the QE wringer.  Please provide relevant steps and/or links to docs for this to be tested.
Comment 3 John Mazzitelli 2010-06-29 12:00:19 EDT
(In reply to comment #2)
> Auto-installer has never been through the QE wringer.  Please provide relevant
> steps and/or links to docs for this to be tested.    

http://rhq-project.org/display/JOPR2/Running+The+Installer#RunningTheInstaller-AutoInstallation

Steps:

1) unzip the server distribution
2) edit bin/rhq-server.properties with all the settings you want (these are essentially the same values you entered into the installer GUI - with the exception of the database password, which now requires it to be encrypted using the generate-db-password.sh script found in the bin/ directory).  The wiki link mentioned above talks about a few special settings you need to make sure you set.
3) start the server (e.g. rhq-server.sh console)
4) verify the server started and you can access the GUI normally. you'll see log messages indicating the installation will happen automatically and you'll see the normal installer log messages appear in the log file also; afterward, you'll see normal RHQ server startup messages after at the end after the installer code runs.
Comment 4 John Sanda 2010-07-16 11:04:19 EDT
Testing with build 170 of the ci-rhq-release hudson job. In the first scenario I tried auto-installing over an existing installation where I had

rhq.autoinstall.database=auto

in my rhq-server.properties. My password from my prior installation was 'rhqadmin'. I generated a new ecrypted password for 'redhat' and added the resulting value to rhq-server.properties.

rhq.server.database.password=-627bd760a4751ca4

The auto-installer completed without error; however, my password was not changed. 


In my next scenario, I tried auto-installing over an existing installation in which I tried to overwrite the database. In my rhq-server.properties I have,

rhq.autoinstall.database=overwrite

The auto-installer failed with the following errors,

FATAL [org.rhq.core.db.setup.DBSetup] {DBSetup.fata-sql-exception}Failed to create table [RHQ_CONFIG] [ErrorCode=[0]; SQLState=[42P07]; Message=[ERROR: relation "rhq_config" already exists]; Type=[org.postgresql.util.PSQLException]]
org.postgresql.util.PSQLException: ERROR: relation "rhq_config" already exists
        at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2062)
        at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1795)
        at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:257)
        at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:479)
        at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:353)
        at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:299)
        at org.rhq.core.db.setup.DBSetup.doSQL(DBSetup.java:1003)
        at org.rhq.core.db.setup.DBSetup.doSQL(DBSetup.java:966)
        at org.rhq.core.db.setup.Table.create(Table.java:121)
        at org.rhq.core.db.setup.DBSetup.setup(DBSetup.java:518)
        at org.rhq.core.db.setup.DBSetup.setup(DBSetup.java:459)
        at org.rhq.enterprise.installer.ServerInformation.createNewDatabaseSchema(ServerInformation.java:233)
        at org.rhq.enterprise.installer.ConfigurationBean.save(ConfigurationBean.java:733)
        at org.rhq.enterprise.installer.AutoInstallServlet.init(AutoInstallServlet.java:49)
....


I will attach the full server log for review.
Comment 5 John Sanda 2010-07-16 11:06:08 EDT
Created attachment 432404 [details]
server log from failed aut-install when trying to overwrite existing database
Comment 6 John Sanda 2010-07-16 12:51:21 EDT
It is possible that the database I upgraded in that second scenario was a bad
installation. I will retest this scenario again.

And in my previous test runs where I was using 'redhat' for the password, I
failed to change the password in postgresql so that somewhat invalidates the
tests.

I went ahead and tested a new installation this time having updated my password
in postgresql to 'redhat'. Installation succeeded without error.
Comment 7 John Sanda 2010-07-16 15:17:06 EDT
Running the auto-installer over an existing database with

rhq.autoinstall.database=overwrite

in rhq-server.properties completed without error. No changes were made to the database during installation.


Running auto-installer over an existing database with 

rhq.autoinstall.database=skip

in rhq-server.properties completed without error. My existing database was overwritten and replaced.

Upgraded a 2.3.1 installation using the auto-installer. The installation completed without error.
Comment 8 Corey Welton 2010-08-12 12:57:23 EDT
Mass-closure of verified bugs against JON.

Note You need to log in before you can comment on or make changes to this bug.