Upgrades to 2.0? about bastillion HOT 4 CLOSED

I was kind of hoping KeyBox wasn't popular enough to have an upgrade process :)

The DB structure has changed, but It shouldn't be too bad to write something to migrate the data!

If you can backup these three files:

id_dsa, id_dsa.pub, keybox.h2.db

in your jetty/keybox/WEB-INF/classes/com/keybox/common/db directory

and I'll try to write a utility to migrate the data in the next day or two.

Thanks John!

from bastillion.

I absolutely love it. I'm managing a ton of servers and developers actively. Once I get my head around how to do dev using jetty and the like I'll be issuing some pull requests to fix some of the UI issues I've stumbled on.

I'm okay using 1.8 for now.

Moving the keys into the DB makes a ton of sense, however these keys are really important as they give the keys to the kingdom. I've backed these up onto our encrypted file store for emergencies. How would you do this in the new version?

I've figured out h2 console thing that fires up in firefox and found the db user/password in the source, so I guess that is a hacky option in the future :)

from bastillion.

UI is definitely not my strong suit!!

2.0 is a little different, user's aren't for managing SSH keys anymore. User's are used to create accounts to the application itself. And you create a user to have 'Full Access' (which is the same as the admin user) or just have access to SSH to the systems set in their profile. There is still a place for public keys and that is setup pretty much as before (except you can add a key for 'All systems' in addition to a specific profile).

There are a couple things that I've been fighting with myself about and the keys are definitely one of them. It's more secure if I store them in the DB and remove from the filesystem, but like you said they are not accessible. I wouldn't be against leaving the keys there and having the application still store and use the ones from the DB. That way you could back them up if you wanted. ..but you would still need the passphrase which is stored in the DB.

In 2.0 maybe the thing to do would be before you add any systems, add your own super-secret SSH key and associate it with 'All systems'. And as you add systems, the super-secret key would be set for them when KeyBox adds its own key (and you can really do that with 1.8 now and just have a user setup for the super-secret key and associate with a profile that has all the systems). That way if something happened and you lost the DB you could still get into your systems with that key.

I'm very open to suggestions with this and like I said its been something I've been fighting with.

I do want to change how adding a public key works in 2.0, though. Currently when you add a public key it will go out to all the servers and the add the key in one request. I'm thinking about making it a 2-step process, so you distribute the keys like 1.8 worked. It would probably be a little more robust and save time if you have a lot of keys to add.

Maybe you should wait until 2.1 to upgrade :)

from bastillion.

Here try this...

Download

• https://github.com/skavanagh/KeyBox/releases/download/v2.00.00/keybox-migration-1_8_54_to_2_0.jar

Then run on the backup of id_dsa, id_dsa.pub, keybox.h2.db

• java -jar keybox-migration-1_8_54_to_2_0.jar /id_dsa /id_dsa.pub /keybox.h2.db

and that should create a 2_0-keybox.h2.db file

Then download a clean copy of 2.0 and untar it

• https://github.com/skavanagh/KeyBox/releases/download/v2.00.00/keybox-jetty-v2.00_00.tar.gz

Then move 2_0-keybox.h2.db to the jetty/keybox/WEB-INF/classes/com/keybox/common/db directory for the 2.0 installation and rename it keybox.h2.db

• mv 2_0-keybox.h2.db <whatever path to 2.0>/jetty/keybox/WEB-INF/classes/com/keybox/common/db/keybox.h2.db

Then you should just be able to startup 2.0 and login with 'admin' and 'changeme' and change your password.

There is no reason why you couldn't try this out on its own and not effect your 1.8 installation. Let me know how it goes!!

Thanks John!

from bastillion.