Bug #60984 Issues with configuration_report.txt during upgrade
Submitted: 27 Apr 2011 8:42 Modified: 23 May 2011 22:14
Reporter: Daniël van Eeden Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Installing Severity:S3 (Non-critical)
Version:2.3.3 OS:Any
Assigned to: CPU Architecture:Any
Triage: Needs Triage: D3 (Medium)

[27 Apr 2011 8:42] Daniël van Eeden
Description:
1. During the installation the installer advised to remove the configuration_report.txt as it contains passwords.

2. During the upgrade from 2.3.2 to 2.3.3 it complains about not being able to rename the configuration_report.txt

Error: Error renaming /opt/mysqlenterprise/monitor/configuration_report.txt to 
/opt/mysqlenterprise/monitor/backup/configuration_report.txt
Press [Enter] to continue :

The error doesn't indicate why it failed to rename the report. The reason was that it simply wasn't there. I think it should've been a warning.

It will generate a new configuration report w/o warning to remove it. This is not good for security.

How to repeat:
upgrade mem from 2.3.2 (with conf report removed) to 2.3.3

Expected result:
- warning about not finding the old conf report (or no warning at all)
- warning about a new config report being generated (security warning)

Actual result:
- error about not finding the old conf report
- no warning about the new config report

Suggested fix:
Fix installer
[28 Apr 2011 11:45] Valeriy Kravchuk
Thank you for the bug report.
[23 May 2011 22:14] John Russell
Added to 2.3.4 changelog:

Rather than writing the user name and password into the
configuration_report.txt file, the installer now writes a placeholder
value using asterisks. Make sure to record these credentials yourself
at the time of the install. If you remove that report file, the
upgrade installer now handles that situation gracefully rather than
reporting an error.