Secure root password on restore from backup after root-enable
On the restore of an instance that has root enabled on it, we need to ensure that we are correctly securing the root password so that the password is not empty. Fixes bug: 1211557 Change-Id: I6386b9e0573a39a6667504666556b918927abf76
This commit is contained in:
parent
885d4b6dda
commit
f5f93e3c80
|
@ -114,10 +114,10 @@ class Manager(periodic_task.PeriodicTasks):
|
|||
self._perform_restore(backup_id, context, CONF.mount_point, app)
|
||||
LOG.info(_("Securing mysql now."))
|
||||
app.secure(config_location, config_contents)
|
||||
if backup_id and MySqlAdmin().is_root_enabled():
|
||||
enable_root_on_restore = (backup_id and MySqlAdmin().is_root_enabled())
|
||||
if enable_root_on_restore:
|
||||
MySqlAdmin().report_root_enabled(context)
|
||||
else:
|
||||
app.secure_root()
|
||||
app.secure_root(secure_remote_root=not enable_root_on_restore)
|
||||
app.complete_install_or_restart()
|
||||
|
||||
if databases:
|
||||
|
|
|
@ -666,13 +666,14 @@ class MySqlApp(object):
|
|||
|
||||
LOG.info(_("Dbaas secure complete."))
|
||||
|
||||
def secure_root(self):
|
||||
def secure_root(self, secure_remote_root=True):
|
||||
engine = sqlalchemy.create_engine("mysql://root:@localhost:3306",
|
||||
echo=True)
|
||||
with LocalSqlClient(engine) as client:
|
||||
LOG.info(_("Preserving root access from restore"))
|
||||
self._generate_root_password(client)
|
||||
self._remove_remote_root_access(client)
|
||||
if secure_remote_root:
|
||||
self._remove_remote_root_access(client)
|
||||
|
||||
def _install_mysql(self):
|
||||
"""Install mysql server. The current version is 5.5"""
|
||||
|
|
|
@ -33,8 +33,7 @@ BACKUP_DECRYPT_KEY = CONF.backup_aes_cbc_key
|
|||
RESET_ROOT_RETRY_TIMEOUT = 100
|
||||
RESET_ROOT_SLEEP_INTERVAL = 10
|
||||
RESET_ROOT_MYSQL_COMMAND = """
|
||||
UPDATE mysql.user SET Password=PASSWORD('') WHERE User='root';
|
||||
FLUSH PRIVILEGES;
|
||||
SET PASSWORD FOR 'root'@'localhost'=PASSWORD('');
|
||||
"""
|
||||
|
||||
|
||||
|
|
|
@ -156,7 +156,7 @@ class GuestAgentManagerTest(testtools.TestCase):
|
|||
when(dbaas.MySqlApp).install_if_needed().thenReturn(None)
|
||||
when(backup).restore(self.context, backup_id).thenReturn(None)
|
||||
when(dbaas.MySqlApp).secure(any()).thenReturn(None)
|
||||
when(dbaas.MySqlApp).secure_root().thenReturn(None)
|
||||
when(dbaas.MySqlApp).secure_root(any()).thenReturn(None)
|
||||
when(dbaas.MySqlApp).is_installed().thenReturn(is_mysql_installed)
|
||||
when(dbaas.MySqlAdmin).is_root_enabled().thenReturn(is_root_enabled)
|
||||
when(dbaas.MySqlAdmin).create_user().thenReturn(None)
|
||||
|
@ -186,7 +186,6 @@ class GuestAgentManagerTest(testtools.TestCase):
|
|||
verify(dbaas.MySqlAdmin, never).create_database()
|
||||
verify(dbaas.MySqlAdmin, never).create_user()
|
||||
times_report = 1 if is_root_enabled else 0
|
||||
times_reset_root = 1 if not backup_id or not is_root_enabled else 0
|
||||
verify(dbaas.MySqlApp, times=times_reset_root).secure_root()
|
||||
verify(dbaas.MySqlApp).secure_root(secure_remote_root=any())
|
||||
verify(dbaas.MySqlAdmin, times=times_report).report_root_enabled(
|
||||
self.context)
|
||||
|
|
Loading…
Reference in New Issue