Bug #51118 Upgrade Service Manager installer doesn't preserve SSL certificates
Submitted: 11 Feb 2010 19:34 Modified: 1 Mar 2010 11:58
Reporter: Andy Bang Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Installing Severity:S3 (Non-critical)
Version:2.2 OS:Any
Assigned to: BitRock Merlin CPU Architecture:Any
Tags: windmill

[11 Feb 2010 19:34] Andy Bang
Description:
This is a clone of Bug #44525 - Upgrade Service Manager installer overwrites SSL certificate information.  That bug is to track the issue for 2.1, this bug is to track it for 2.2.

In a nutshell:

Even though we are preserving the settings in server.xml (as originally requested in 44525), we are not preserving the actual certificates (i.e. the .pem files).  According to a customer those files are backed up during an upgrade, but they aren't put back in the original location, so SSL doesn't work until the customer manually adds them back from the backup directory. 

So at a minimum we need to also preserve the certificate files during an upgrade, but it would be nice to preserve all files that the installer itself didn't lay down (i.e. anything manually added by a customer).  Is that possible?  If not, then please at least preserve the certificate files.

How to repeat:
1- Install the service manager
2- Edit the server.xml file and add something like this

SSLCertificateFile="/home/mysql/enterprise/monitor/apache-tomcat/conf/tomcat.cert.pem"
SSLCertificateKeyFile="/home/mysql/enterprise/monitor/apache-tomcat/conf/tomcat.key.pem"

to the <Connector port="18443" tag

3- Add the actual certificate files, too
4- Run an upgrade installer
5- See that the server.xml settings are preserved, but the certificate files are not.

Suggested fix:
Preserve all files that were not layed down by the installer.

If that's not possible, at least copy the certificate files back to their proper location.
[15 Feb 2010 16:53] Enterprise Tools JIRA Robot
Keith Russell writes: 
Patch installed in the 2.2 installer repository.
[18 Feb 2010 1:22] Enterprise Tools JIRA Robot
Keith Russell writes: 
Patch installed in versions => 2.2.0.1628.
[19 Feb 2010 19:05] Enterprise Tools JIRA Robot
Bill Weber writes: 
verified that all .pem files are preserved using the 2.2.0.1628 update installer
[1 Mar 2010 11:58] MC Brown
A note has been added to the 2.2.0 changelog: 

During an upgrade installation of &merlin_server;, custom SSL certificates that had been installed could be replaced by the standard versions. Existing custom certificates are now preserved during an upgrade.