Bug #58148 Upgrade installer support SSL connections between Service Manager and Repository
Submitted: 11 Nov 2010 20:04 Modified: 23 Aug 2011 10:39
Reporter: Bill Weber Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Installing Severity:S3 (Non-critical)
Version:2.3.0.2036 OS:Any
Assigned to: BitRock Merlin CPU Architecture:Any

[11 Nov 2010 20:04] Bill Weber
Description:
Similar to the full installer option of using SSL connections between Service Manager and Repository, this option should be in the upgrade installer.

How to repeat:
n/a
[19 Nov 2010 21:44] Enterprise Tools JIRA Robot
Andy Bang writes: 
In the *full* installer we have the following sequence of screens:

  o Intro stuff
  o Tomcat Server Options
  o Database Installation
      Use bundled or existing?; use SSL?
  o Repository Configuration
      Username, password, port, hostname?
  o Etc.

But in the *upgrade* installer we currently have only the following:

  o Intro stuff
  o Tomcat Server Options
  o Ready to Install
  o Etc.

To address the issue described in this bug report we need to (1) move the "Use SSL" checkbox from the "Database Installation" screen to the "Repository Configuration" screen in the full installer (it logically belongs with those other options anyway), and then (2) add the "Repository Configuration" screen into the *upgrade* installer (but not the "Database Installation" screen) so the sequence is as follows:

  o Intro stuff
  o Tomcat Server Options
  o Repository Configuration
      Username, password, port, hostname, use SSL?
  o Ready to Install
  o Etc.

However, the defaults shown for all the fields on the "Repository Configuration" screen should *not* be the same as for the full installer, but should instead be based on the values in the existing config.properties file as follows:
  
  o The values in all the username, password, re-enter, port, and
    hostname fields on this screen should be pre-populated from
    mysql.user, mysql.pass, mysql.port, and mysql.server.  These
    should all be read-only so the user can't change them.
    
  o If config.properties contains mysql.use_ssl=true, then the "Use
    SSL when connecting to the database" checkbox should be checked,
    otherwise it should not be checked (i.e. if mysql.use_ssl=false,
    or if mysql.use_ssl is missing from config.properties).

Regardless of whether they chose to use the bundled MySQL database or their own existing one, validate that SSL is enabled if they have checked the "Use SSL when connecting to the database" checkbox:

     mysql> SHOW GLOBAL VARIABLES LIKE 'have_ssl';
     +---------------+-------+
     | Variable_name | Value |
     +---------------+-------+
     | have_ssl      | YES   |
     +---------------+-------+
     1 row in set (0.00 sec)

If the answer is not "YES", show a warning message and give them the opportunity to go back and uncheck the SSL option.  But they cannot continue installation unless either (1) the SSL option is unchecked or (2) you can validate that SSL is enabled.

Note that in the full installer we only do this check when they choose to use their own existing MySQL database (because we would turn on SSL ourselves when installing the bundled one).  However, because this is an upgrade and the customer might have made changes by hand, we need to do this check in both cases.

Finally, we need to update the config.properties file:

  o Set "mysql.use_ssl=true" if "use SSL" is checked on the
    "Repository Configuration" screen, otherwise set it to "false".
  
  o Keep "mysql.verify_server_cert" the same as it was, if it was
    present in the file before the upgrade.  It it was not present,
    add it with a value of "false".
[19 Nov 2010 21:50] Andy Bang
Note that the "use SSL" checkbox on the "Repository Configuration" screen should be changeable by the user (i.e. it should not be read-only like the other fields on that screen.
[24 Nov 2010 15:00] BitRock Merlin
Patch sent to Andy.
[29 Nov 2010 13:53] Enterprise Tools JIRA Robot
Andy Bang writes: 
In build 2.3.1.2044.
[29 Nov 2010 19:54] Enterprise Tools JIRA Robot
Bill Weber writes: 
Build 2.3.1.2044's upgrade installer lets you check "Use SSL when connecting to the database" and continue with the install even though the existing (bundled) MySQL server's have_ssl is not "YES" ("have_ssl = DISABLED").
[30 Nov 2010 11:04] BitRock Merlin
New patch sent to Andy. 

The previous fix was only checking the SSL variable for "existing" databases and not for "bundled" databases. This patch fixes this issue.
[1 Dec 2010 18:41] Enterprise Tools JIRA Robot
Andy Bang writes: 
In build 2.3.1.2046.
[8 Dec 2010 20:00] Enterprise Tools JIRA Robot
Andy Bang writes: 
If you are upgrading a system that has "mysql.use_ssl=true" in config.properties, the checkbox should default to "yes" (i.e. checked), per the original spec above.
[9 Dec 2010 10:04] BitRock Merlin
Sorry we can not reproduce this issue on our side. Could you specify the exact upgrade process to try reproduce it?
[23 Aug 2011 10:39] Stefan Hinz
Thank you for your bug report. This issue has already been fixed in the latest released version of that product, which you can download at

  http://www.mysql.com/downloads/