diff --git a/setup/bindir/cloud-setup-databases.in b/setup/bindir/cloud-setup-databases.in index 28d4742f373..5b862fa25bc 100755 --- a/setup/bindir/cloud-setup-databases.in +++ b/setup/bindir/cloud-setup-databases.in @@ -406,6 +406,10 @@ for example: cmd = ['java','-classpath',self.encryptionJarPath,'org.jasypt.intf.cli.JasyptPBEStringEncryptionCLI', 'encrypt.sh', 'input=%s'%input, 'password=%s'%self.mgmtsecretkey,'verbose=false'] return runCmd(cmd).strip('\n') + def saveMgmtServerSecretKey(): + if self.encryptiontype == 'file': + file(self.encryptionKeyFile, 'w').write(self.mgmtsecretkey) + def formatEncryptResult(value): return 'ENC(%s)'%value @@ -422,8 +426,8 @@ for example: self.putDbProperty('db.usage.password', formatEncryptResult(encrypt(usagePassword))) self.info("Processing encryption ...", None) - file(self.encryptionKeyFile, 'w').write(self.encryptiontype) self.putDbProperty("db.cloud.encryption.type", self.encryptiontype) + saveMgmtServerSecretKey() encryptDBSecretKey() encryptDBPassword() self.info(None, True) @@ -504,7 +508,7 @@ for example: self.info("Mysql server port:%s"%self.port, True) #---------------------- option parsing and command line checks ------------------------ - usage = """%prog user:[password]@mysqlhost:[port] [--deploy-as=rootuser:[rootpassword]] [--auto=/path/to/server-setup.xml] + usage = """%prog user:[password]@mysqlhost:[port] [--deploy-as=rootuser:[rootpassword]] [--auto=/path/to/server-setup.xml] [-e ENCRYPTIONTYPE] [-m MGMTSECRETKEY] [-k DBSECRETKEY] [--debug] This command sets up the CloudStack Management Server and CloudStack Usage Server database configuration (connection credentials and host information) based on the first argument. @@ -528,6 +532,11 @@ for example: sets alex up as the MySQL user, then connects as the root user with password 'nonsense', and recreates the databases, creating the user alex with password 'founder' as necessary + + %prog alex:founder@1.2.3.4 --deploy-as=root:nonsense -e file -m password -k dbpassword + In addition actions performing in above example, using 'password' as management server encryption key + and 'dbpassword' as database encryption key, saving management server encryption key to a file as the + encryption type specified by -e is file. %prog alena:tests@5.6.7.8 --deploy-as=root:nonsense --auto=/root/server-setup.xml sets alena up as the MySQL user, then connects as the root user @@ -543,13 +552,11 @@ for example: self.parser.add_option("-a", "--auto", action="store", type="string", dest="serversetup", default="", help="Path to an XML file describing an automated unattended cloud setup") self.parser.add_option("-e", "--encrypt-type", action="store", type="string", dest="encryptiontype", default="file", - help="Encryption method used for db password encryption, could be file. Default is file") + help="Encryption method used for db password encryption. Valid values are file, web. Default is file.") self.parser.add_option("-m", "--managementserver-secretkey", action="store", type="string", dest="mgmtsecretkey", default="password", - help="Secret key used for encrypt. A string, default is password") + help="Secret key used to encrypt confidential parameters in db.properties. A string, default is password") self.parser.add_option("-k", "--database-secretkey", action="store", type="string", dest="dbsecretkey", default="password", - help="Secret key used for encrypt. A string, default is password") - self.parser.add_option("-t", "--test-encryption", action="store_true", dest="testencryption", default=False, - help="If enabled, will process encryption") + help="Secret key used to encrypt sensitive database values. A string, default is password") (self.options, self.args) = self.parser.parse_args() parseCasualCredit() @@ -563,8 +570,7 @@ for example: self.grabSystemInfo() self.prepareDBFiles() self.setupDBSchema() - if self.options.testencryption: - self.processEncryptionStuff() + self.processEncryptionStuff() self.finalize() finally: self.postRun()