Re: [ovirt-devel] AAA changes on 3.6 and master

Wed, 12 Aug 2015 22:40:22 -0700 

On 08/12/2015 01:11 PM, Martin Perina wrote:

Hi,

yesterday we merged couple of changes in the AAA area:

1. Legacy provider for 'internal' domain (3.6 and master)
    - it's still installed by default if aaa-jdbc provider
      is not present (details below)
    - UUID of 'admin@internal' user is no longer static, but
      for new installations UUID is generated
    - Password of 'admin@internal' is no longer saved in vdc_options table,
      but it's stored encoded in legacy internal provider config file
      (PREFIX/etc/ovirt-engine/extensions.d/internal-authn.properties)
    - If you want to change 'admin@internal' password please execute:

        PREFIX/bin/engine-setup \
            --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD"


Is this supported in the answer file?


      replacing MY_PASSWORD with your new password


2. aaa-jdbc provider for 'internal' domain (3.6 and master)
    - this is new implementation of AAA provider which stores users/groups
      in database and provide (from engine point of view) same capabilities
      as aaa-ldap provider
    - on RPM installations it replaces legacy provider for 'internal'
      domain
    - it's configured automatically on RPM installations when running
      engine-setup
    - if you want to use it also in development environment, please do
      following steps:

        a. Checkout sources [1], build and install into your PREFIX

        b. Execute
             PREFIX/bin/engine-setup \
              
--otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD"

       This will replace legacy internal provider with aaa-jdbc one.


3. Legacy kerbldap provider (master only)
    - it has been dropped from the project
    - engine-setup will fail if you have kerbldap provider configured
    - you can either migrate to the new aaa-ldap provider using [2]
      or create new prefix without kerbldap provider config


Thanks

Martin Perina

[1] https://gerrit.ovirt.org/#/admin/projects/ovirt-engine-extension-aaa-jdbc
[2] https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases
_______________________________________________
Devel mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/devel


_______________________________________________
Devel mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/devel

Reply via email to