Eli Mesika has uploaded a new change for review. Change subject: core:encrypt vds_static pm_password field on ... ......................................................................
core:encrypt vds_static pm_password field on ... core:encrypt vds_static pm_password field on upgrade to 3.1 This patch sets the correct configuration values in vdc_options for the 03_00_0420...sql upgrade script. Since those values are set only in the installer post upgrade step, we must update them in the DB pre-upgrade step in order to encrypt passwords successfully. This patch also removes one of those entries from engine-config tool because the entry should be read-only. Change-Id: I5d2cb10f205a90ae0752498a9a3d3f0eda0ec9fb Signed-off-by: Eli Mesika <[email protected]> --- M backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql M backend/manager/tools/engine-config/src/main/resources/engine-config.properties 2 files changed, 10 insertions(+), 9 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/48/9648/1 diff --git a/backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql b/backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql index ce271d7..6d84a82 100644 --- a/backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql +++ b/backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql @@ -59,14 +59,14 @@ select fn_db_add_config_value('AutoSuspendTimeInMinutes','30','general'); select fn_db_add_config_value('BlockMigrationOnSwapUsagePercentage','0','general'); --Handling CA Base Directory -select fn_db_add_config_value('CABaseDirectory','ca','general'); +select fn_db_add_config_value('CABaseDirectory','/etc/pki/ovirt-engine','general'); --Handling CA certificate path select fn_db_add_config_value('CACertificatePath','ca/certs.pem','general'); --Handling PEM File Name select fn_db_add_config_value('CAEngineKey','engine.pem','general'); select fn_db_add_config_value('CbcCheckOnVdsChange','false','general'); --Handling Certificate alias -select fn_db_add_config_value('CertAlias','1','general'); +select fn_db_add_config_value('CertAlias','engine','general'); --Handling Certificate File Name select fn_db_add_config_value('CertificateFileName','vdc.pfx','general'); select fn_db_add_config_value('CertificateFingerPrint','73 18 22 44 5d 98 b0 5d c0 f7 36 7d f8 1d 85 da e1 3c f1 c6','general'); @@ -113,7 +113,7 @@ select fn_db_add_config_value('EnableUSBAsDefault','true','general'); --Handling Enables Host Load Balancing system. select fn_db_add_config_value('EnableVdsLoadBalancing','true','general'); -select fn_db_add_config_value('ENGINEEARLib','%JBOSS_HOME%/server/engine-slimmed/deploy/engine.ear','general'); +select fn_db_add_config_value('ENGINEEARLib','/usr/share/ovirt-engine/engine.ear','general'); --Handling Engine working mode select fn_db_add_config_value('EngineMode','Active','general'); --Handling Mail User Domain @@ -232,9 +232,9 @@ select fn_db_add_config_value('IsNeedSupportForOldVgAPI','false','3.0'); select fn_db_add_config_value('JobCleanupRateInMinutes','10','general'); select fn_db_add_config_value('JobPageSize','100','general'); -select fn_db_add_config_value('keystorePass','NoSoup4U','general'); +select fn_db_add_config_value('keystorePass','mypass','general'); --Handling Keystore URL -select fn_db_add_config_value('keystoreUrl','keys/engine.p12','general'); +select fn_db_add_config_value('keystoreUrl','/etc/pki/ovirt-engine/.keystore','general'); select fn_db_add_config_value('LdapQueryPageSize','1000','general'); select fn_db_add_config_value('LDAPQueryTimeout','30','general'); select fn_db_add_config_value('LDAPConnectTimeout','30','general'); @@ -566,11 +566,12 @@ select fn_db_update_config_value('AutoRecoveryAllowedTypes','{\"storage domains\":\"false\",\"hosts\":\"true\"}','general'); select fn_db_update_config_value('BootstrapMinimalVdsmVersion','4.9','general'); -select fn_db_update_config_value('CertAlias','1','general'); +select fn_db_update_config_value('CABaseDirectory','/etc/pki/ovirt-engine','general'); +select fn_db_update_config_value('CertAlias','engine','general'); select fn_db_update_config_value('DBEngine','Postgres','general'); select fn_db_update_config_value('DebugSearchLogging','false','general'); select fn_db_update_config_value('DefaultTimeZone','(GMT) GMT Standard Time','general'); -select fn_db_update_config_value('ENGINEEARLib','%JBOSS_HOME%/standalone/deployments/engine.ear','general'); +select fn_db_update_config_value('ENGINEEARLib','/usr/share/ovirt-engine/engine.ear','general'); select fn_db_update_config_value('FenceAgentDefaultParams','ilo3:lanplus,power_wait=4','general'); select fn_db_update_config_value('IPTablesConfig',' # oVirt default firewall configuration. Automatically generated by vdsm bootstrap script. @@ -596,7 +597,8 @@ COMMIT ','general'); select fn_db_update_config_value('IsMultilevelAdministrationOn','true','general'); -select fn_db_update_config_value('keystoreUrl','keys/engine.p12','general'); +select fn_db_update_config_value('keystorePass','mypass','general'); +select fn_db_update_config_value('keystoreUrl','/etc/pki/ovirt-engine/.keystore','general'); select fn_db_update_config_value('MinimalETLVersion','3.1.0','general'); select fn_db_update_config_value('OvirtInitialSupportedIsoVersion','2.5.5','general'); select fn_db_update_config_value('OvirtIsoPrefix','ovirt-node','general'); diff --git a/backend/manager/tools/engine-config/src/main/resources/engine-config.properties b/backend/manager/tools/engine-config/src/main/resources/engine-config.properties index 9afb312..8dc8085 100644 --- a/backend/manager/tools/engine-config/src/main/resources/engine-config.properties +++ b/backend/manager/tools/engine-config/src/main/resources/engine-config.properties @@ -16,7 +16,6 @@ BlockMigrationOnSwapUsagePercentage.type=Integer BootstrapMinimalVdsmVersion.description="Minimum VDSM version" BootstrapMinimalVdsmVersion.type=String -CABaseDirectory.description="CA Base Directory" CertificateFileName.description="Certificate File Name" CertificatePassword.description="Certificate Password" CertificatePassword.type=Password -- To view, visit http://gerrit.ovirt.org/9648 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I5d2cb10f205a90ae0752498a9a3d3f0eda0ec9fb Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Eli Mesika <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
