From e720e8a1a62722c2c032aafe00848079fbd92a03 Mon Sep 17 00:00:00 2001 From: Chip Childers Date: Wed, 22 May 2013 12:14:47 -0400 Subject: [PATCH] CLOUDSTACK-2516: Adding upgrade steps to deal with authenticator changes --- docs/en-US/Release_Notes.xml | 53 +++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/docs/en-US/Release_Notes.xml b/docs/en-US/Release_Notes.xml index dca95d37c16..25e1175b148 100644 --- a/docs/en-US/Release_Notes.xml +++ b/docs/en-US/Release_Notes.xml @@ -4586,7 +4586,7 @@ under the License. versions of Citrix CloudStack (last version prior to Apache is 3.0.2) and from the releases made while CloudStack was in the Apache Incubator. If you run into any issues during upgrades, please feel free to ask questions on - users@apache.cloudstack.org or dev@apache.cloudstack.org. + users@cloudstack.apache.org or dev@cloudstack.apache.org.
Upgrade from 4.0.x to 4.1.0 This section will guide you from &PRODUCT; 4.0.x versions to &PRODUCT; 4.1.0. @@ -4647,6 +4647,23 @@ under the License. automatically. (If you're unsure, we recommend making a backup of the original components.xml to be on the safe side. + + After upgrading to 4.1, API clients are expected to send plain text passwords for login and user creation, instead of MD5 hash. Incase, api client changes are not acceptable, following changes are to be made for backward compatibility: + Modify componentsContext.xml, and make PlainTextUserAuthenticator as the default authenticator (1st entry in the userAuthenticators adapter list is default) + +<!-- Security adapters --> +<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList"> + <property name="Adapters"> + <list> + <ref bean="PlainTextUserAuthenticator"/> + <ref bean="MD5UserAuthenticator"/> + <ref bean="LDAPUserAuthenticator"/> + </list> + </property> +</bean> + + PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to 4.1. + If you are using Ubuntu, follow this procedure to upgrade your packages. If not, skip to step . @@ -5110,6 +5127,23 @@ service cloudstack-agent start node. + + After upgrading to 4.1, API clients are expected to send plain text passwords for login and user creation, instead of MD5 hash. Incase, api client changes are not acceptable, following changes are to be made for backward compatibility: + Modify componentsContext.xml, and make PlainTextUserAuthenticator as the default authenticator (1st entry in the userAuthenticators adapter list is default) + +<!-- Security adapters --> +<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList"> + <property name="Adapters"> + <list> + <ref bean="PlainTextUserAuthenticator"/> + <ref bean="MD5UserAuthenticator"/> + <ref bean="LDAPUserAuthenticator"/> + </list> + </property> +</bean> + + PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to 4.1. + Start the first Management Server. Do not start any other Management Server nodes yet. @@ -5688,6 +5722,23 @@ service cloudstack-agent start + + After upgrading to 4.1, API clients are expected to send plain text passwords for login and user creation, instead of MD5 hash. Incase, api client changes are not acceptable, following changes are to be made for backward compatibility: + Modify componentsContext.xml, and make PlainTextUserAuthenticator as the default authenticator (1st entry in the userAuthenticators adapter list is default) + +<!-- Security adapters --> +<bean id="userAuthenticators" class="com.cloud.utils.component.AdapterList"> + <property name="Adapters"> + <list> + <ref bean="PlainTextUserAuthenticator"/> + <ref bean="MD5UserAuthenticator"/> + <ref bean="LDAPUserAuthenticator"/> + </list> + </property> +</bean> + + PlainTextUserAuthenticator works the same way MD5UserAuthenticator worked prior to 4.1. + If you have made changes to your existing copy of the /etc/cloud/management/db.properties file in your previous-version