etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-5483 : Failed to start management server when db encryption is enabled When db encryption is enabled, the server expects all secure,hidden fields in encrypted form. moved the insert statements which has dafault values to java and populated encrypted values if encryption is enabled.

This commit is contained in:
Rajani Karuturi 2013-12-13 17:11:41 +05:30 committed by Kishan Kavala
parent f69100e2e8
commit ef9fc95e87
2 changed files with 51 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
engine/schema/src/com/cloud/upgrade/dao/Upgrade421to430.java
View File

@ -18,10 +18,16 @@
package com.cloud.upgrade.dao;
import java.io.File;
import java.io.UnsupportedEncodingException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.Properties;
import com.cloud.utils.db.DbProperties;
import org.apache.log4j.Logger;
import com.cloud.utils.crypt.DBEncryptionUtil;
import com.cloud.utils.exception.CloudRuntimeException;
import com.cloud.utils.script.Script;
@ -50,11 +56,54 @@ public class Upgrade421to430 implements DbUpgrade {
throw new CloudRuntimeException("Unable to find db/schema-421to430.sql");
}
return new File[] { new File(script) };
return new File[] {new File(script)};
}
@Override
public void performDataMigration(Connection conn) {
encryptLdapConfigParams(conn);
}
private void encryptLdapConfigParams(Connection conn) {
PreparedStatement pstmt = null;
String[][] ldapParams = { {"ldap.user.object", "inetOrgPerson", "Sets the object type of users within LDAP"},
{"ldap.username.attribute", "uid", "Sets the username attribute used within LDAP"}, {"ldap.email.attribute", "mail", "Sets the email attribute used within LDAP"},
{"ldap.firstname.attribute", "givenname", "Sets the firstname attribute used within LDAP"},
{"ldap.lastname.attribute", "sn", "Sets the lastname attribute used within LDAP"},
{"ldap.group.object", "groupOfUniqueNames", "Sets the object type of groups within LDAP"},
{"ldap.group.user.uniquemember", "uniquemember", "Sets the attribute for uniquemembers within a group"}};
String insertSql = "INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description) VALUES ('Secure', 'DEFAULT', 'management-server', ?, ?, "
+ "?) ON DUPLICATE KEY UPDATE category='Secure';";
try {
for (String[] ldapParam : ldapParams) {
String name = ldapParam[0];
String value = ldapParam[1];
String desc = ldapParam[2];
String encryptedValue = DBEncryptionUtil.encrypt(value);
pstmt = conn.prepareStatement(insertSql);
pstmt.setString(1, name);
pstmt.setBytes(2, encryptedValue.getBytes("UTF-8"));
pstmt.setString(3, desc);
pstmt.executeUpdate();
}
} catch (SQLException e) {
throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
} catch (UnsupportedEncodingException e) {
throw new CloudRuntimeException("Unable to insert ldap configuration values ", e);
} finally {
try {
if (pstmt != null) {
pstmt.close();
}
} catch (SQLException e) {
}
}
s_logger.debug("Done encrypting ldap Config values");
}
@Override
@ -64,7 +113,7 @@ public class Upgrade421to430 implements DbUpgrade {
throw new CloudRuntimeException("Unable to find db/schema-421to430-cleanup.sql");
}
return new File[] { new File(script) };
return new File[] {new File(script)};
}
}

7
setup/db/db/schema-421to430.sql
View File

@ -603,17 +603,10 @@ UPDATE `cloud`.`configuration` SET name='ldap.truststore.password' WHERE name='l
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.bind.principal', NULL, 'Specifies the bind principal to use for bind to LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.bind.password', NULL, 'Specifies the password to use for binding to LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.username.attribute', 'uid', 'Sets the username attribute used within LDAP', 'uid') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.email.attribute', 'mail', 'Sets the email attribute used within LDAP', 'mail') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.firstname.attribute', 'givenname', 'Sets the firstname attribute used within LDAP', 'givenname') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.lastname.attribute', 'sn', 'Sets the lastname attribute used within LDAP', 'sn') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.user.object', 'inetOrgPerson', 'Sets the object type of users within LDAP', 'inetOrgPerson') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.basedn', NULL, 'Sets the basedn for LDAP', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.search.group.principle', NULL, 'Sets the principle of the group that users must be a member of', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.truststore', NULL, 'Sets the path to the truststore to use for LDAP SSL', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.truststore.password', NULL, 'Sets the password for the truststore', NULL) ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.group.object', 'groupOfUniqueNames', 'Sets the object type of groups within LDAP', 'groupOfUniqueNames') ON DUPLICATE KEY UPDATE category='Secure';
INSERT INTO `cloud`.`configuration`(category, instance, component, name, value, description, default_value) VALUES ('Secure', 'DEFAULT', 'management-server', 'ldap.group.user.uniquemember', 'uniquemember', 'Sets the attribute for uniquemembers within a group','uniquemember') ON DUPLICATE KEY UPDATE category='Secure';
CREATE TABLE `cloud`.`ldap_configuration` (
`id` bigint unsigned NOT NULL auto_increment COMMENT 'id',