Bug #58148 | Upgrade installer support SSL connections between Service Manager and Repository | ||
---|---|---|---|
Submitted: | 11 Nov 2010 20:04 | Modified: | 23 Aug 2011 10:39 |
Reporter: | Bill Weber | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Enterprise Monitor: Installing | Severity: | S3 (Non-critical) |
Version: | 2.3.0.2036 | OS: | Any |
Assigned to: | BitRock Merlin | CPU Architecture: | Any |
[11 Nov 2010 20:04]
Bill Weber
[19 Nov 2010 21:44]
Enterprise Tools JIRA Robot
Andy Bang writes: In the *full* installer we have the following sequence of screens: o Intro stuff o Tomcat Server Options o Database Installation Use bundled or existing?; use SSL? o Repository Configuration Username, password, port, hostname? o Etc. But in the *upgrade* installer we currently have only the following: o Intro stuff o Tomcat Server Options o Ready to Install o Etc. To address the issue described in this bug report we need to (1) move the "Use SSL" checkbox from the "Database Installation" screen to the "Repository Configuration" screen in the full installer (it logically belongs with those other options anyway), and then (2) add the "Repository Configuration" screen into the *upgrade* installer (but not the "Database Installation" screen) so the sequence is as follows: o Intro stuff o Tomcat Server Options o Repository Configuration Username, password, port, hostname, use SSL? o Ready to Install o Etc. However, the defaults shown for all the fields on the "Repository Configuration" screen should *not* be the same as for the full installer, but should instead be based on the values in the existing config.properties file as follows: o The values in all the username, password, re-enter, port, and hostname fields on this screen should be pre-populated from mysql.user, mysql.pass, mysql.port, and mysql.server. These should all be read-only so the user can't change them. o If config.properties contains mysql.use_ssl=true, then the "Use SSL when connecting to the database" checkbox should be checked, otherwise it should not be checked (i.e. if mysql.use_ssl=false, or if mysql.use_ssl is missing from config.properties). Regardless of whether they chose to use the bundled MySQL database or their own existing one, validate that SSL is enabled if they have checked the "Use SSL when connecting to the database" checkbox: mysql> SHOW GLOBAL VARIABLES LIKE 'have_ssl'; +---------------+-------+ | Variable_name | Value | +---------------+-------+ | have_ssl | YES | +---------------+-------+ 1 row in set (0.00 sec) If the answer is not "YES", show a warning message and give them the opportunity to go back and uncheck the SSL option. But they cannot continue installation unless either (1) the SSL option is unchecked or (2) you can validate that SSL is enabled. Note that in the full installer we only do this check when they choose to use their own existing MySQL database (because we would turn on SSL ourselves when installing the bundled one). However, because this is an upgrade and the customer might have made changes by hand, we need to do this check in both cases. Finally, we need to update the config.properties file: o Set "mysql.use_ssl=true" if "use SSL" is checked on the "Repository Configuration" screen, otherwise set it to "false". o Keep "mysql.verify_server_cert" the same as it was, if it was present in the file before the upgrade. It it was not present, add it with a value of "false".
[19 Nov 2010 21:50]
Andy Bang
Note that the "use SSL" checkbox on the "Repository Configuration" screen should be changeable by the user (i.e. it should not be read-only like the other fields on that screen.
[24 Nov 2010 15:00]
BitRock Merlin
Patch sent to Andy.
[29 Nov 2010 13:53]
Enterprise Tools JIRA Robot
Andy Bang writes: In build 2.3.1.2044.
[29 Nov 2010 19:54]
Enterprise Tools JIRA Robot
Bill Weber writes: Build 2.3.1.2044's upgrade installer lets you check "Use SSL when connecting to the database" and continue with the install even though the existing (bundled) MySQL server's have_ssl is not "YES" ("have_ssl = DISABLED").
[30 Nov 2010 11:04]
BitRock Merlin
New patch sent to Andy. The previous fix was only checking the SSL variable for "existing" databases and not for "bundled" databases. This patch fixes this issue.
[1 Dec 2010 18:41]
Enterprise Tools JIRA Robot
Andy Bang writes: In build 2.3.1.2046.
[8 Dec 2010 20:00]
Enterprise Tools JIRA Robot
Andy Bang writes: If you are upgrading a system that has "mysql.use_ssl=true" in config.properties, the checkbox should default to "yes" (i.e. checked), per the original spec above.
[9 Dec 2010 10:04]
BitRock Merlin
Sorry we can not reproduce this issue on our side. Could you specify the exact upgrade process to try reproduce it?
[23 Aug 2011 10:39]
Stefan Hinz
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at http://www.mysql.com/downloads/