Martin Peřina has uploaded a new change for review. Change subject: tools: Add --resolve-kdc arg to engine-manage-domains ......................................................................
tools: Add --resolve-kdc arg to engine-manage-domains Adds --resolve-kdc argument to engine-mamage-domains which forces discovery of kerberos servers using DNS. This is usefull, when LDAP and Kerberos servers are not provided on same hosts (by default we suppose that LDAP and Kerberos servers are on the same hosts). Change-Id: I7884eae1c67636c7fc4578f7f16358205702ef64 Bug-Url: https://bugzilla.redhat.com/1031778 Signed-off-by: Martin Perina <[email protected]> --- M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java M backend/manager/tools/src/main/resources/manage-domains-help.properties M packaging/man/man8/engine-manage-domains.8 4 files changed, 29 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/93/26193/1 diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java index fcbc884..bbd147b 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java @@ -19,6 +19,7 @@ import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_PASSWORD_FILE; import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_PROVIDER; import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_REPORT; +import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_RESOLVE_KDC; import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_USER; import java.io.BufferedReader; @@ -740,10 +741,13 @@ log.info("Creating kerberos configuration for domain(s): " + gssapiDomainsString); useDnsLookup = utilityConfiguration.getUseDnsLookup(); String domainRealmMappingFile = utilityConfiguration.getDomainRealmMappingFile(); - if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup) { - // Arguments do not contain a list of ldap servers, kerberos configuration should not be - // created according to it if useDnsLookup is set to true as in this case the kdc and - // the domain_realm information will be resolved by DNS during kerberos negotiation. + if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup + || args.contains(ARG_RESOLVE_KDC)) { + // Arguments do not contain a list of ldap servers, so the + // kerberos configuration should not be created according to it if + // useDnsLookup is set to true or resolve KDC argument was entered. + // In those cases the kdc and the domain_realm information will be resolved + // by DNS during kerberos negotiation. ldapServersPerGSSAPIDomains = Collections.emptyMap(); } krbConfCreator = new KrbConfCreator(gssapiDomainsString, useDnsLookup, ldapServersPerGSSAPIDomains, domainRealmMappingFile); diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java index 25c49f3..71b028f 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java @@ -132,6 +132,11 @@ public static final String ARG_REPORT = "--report"; /** + * Resolve KDC servers (don't suppose they are the same LDAP servers) + */ + public static final String ARG_RESOLVE_KDC = "--resolve-kdc"; + + /** * Username */ public static final String ARG_USER = "--user"; @@ -201,6 +206,10 @@ .build()); parser.addArg(new ArgumentBuilder() + .longName(ARG_RESOLVE_KDC) + .build()); + + parser.addArg(new ArgumentBuilder() .longName(ARG_PASSWORD_FILE) .valueRequied(true) .build()); diff --git a/backend/manager/tools/src/main/resources/manage-domains-help.properties b/backend/manager/tools/src/main/resources/manage-domains-help.properties index 965e27b..ec41977 100644 --- a/backend/manager/tools/src/main/resources/manage-domains-help.properties +++ b/backend/manager/tools/src/main/resources/manage-domains-help.properties @@ -9,10 +9,10 @@ \n\tlist list the current configuration\ \n\ \nAdd domain:\ -\n\tengine-manage-domains add --domain=DOMAIN --provider=PROVIDER --user=USER [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--password-file=PASS_FILE] [--change-password-msg]\ +\n\tengine-manage-domains add --domain=DOMAIN --provider=PROVIDER --user=USER [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--resolve-kdc] [--password-file=PASS_FILE] [--change-password-msg]\ \n\ \nEdit domain:\ -\n\tengine-manage-domains edit --domain=DOMAIN [--provider=PROVIDER] [--user=USER] [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--password-file=PASS_FILE] [--change-password-msg]\ +\n\tengine-manage-domains edit --domain=DOMAIN [--provider=PROVIDER] [--user=USER] [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--resolve-kdc] [--password-file=PASS_FILE] [--change-password-msg]\ \n\ \nDelete domain:\ \n\tengine-manage-domains delete --domain=DOMAIN [--force] [--config-file=CFG_FILE] [--password-file=PASS_FILE]\ @@ -57,6 +57,9 @@ \n--report\ \n\tReport all validation error, if occured (default behaviour is to exit when a validation error occurs).\ \n\ +\n--resolve-kdc\ +\n\tResolve KDC servers using DNS (don't assume they are the same as LDAP servers).\ +\n\ \n--user=USER\ \n\tThe domain user.\ \n\ diff --git a/packaging/man/man8/engine-manage-domains.8 b/packaging/man/man8/engine-manage-domains.8 index 7e5dce6..1f82060 100644 --- a/packaging/man/man8/engine-manage-domains.8 +++ b/packaging/man/man8/engine-manage-domains.8 @@ -23,12 +23,12 @@ .PP .B Add domain .RS 4 -engine-manage-domains add --domain=\fIDOMAIN\fR --provider=\fIPROVIDER\fR --user=\fIUSER\fR [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] +engine-manage-domains add --domain=\fIDOMAIN\fR --provider=\fIPROVIDER\fR --user=\fIUSER\fR [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--resolve-kdc] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] .RE .PP .B Edit domain .RS 4 -engine-manage-domains edit --domain=\fIDOMAIN\fR [--provider=\fIPROVIDER\fR] [--user=\fIUSER\fR] [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] +engine-manage-domains edit --domain=\fIDOMAIN\fR [--provider=\fIPROVIDER\fR] [--user=\fIUSER\fR] [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--resolve-kdc] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] .RE .PP .B Delete domain @@ -107,6 +107,11 @@ Report all validation error, if occured (default behaviour is to exit when a validation error occurs). .RE .PP +\fB\-\-resolve-kdc\fR +.RS 4 +Resolve KDC servers using DNS (don't assume they are the same as LDAP servers). +.RE +.PP \fB\-\-user\fR=\fIUSER\fR .RS 4 The domain user. -- To view, visit http://gerrit.ovirt.org/26193 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7884eae1c67636c7fc4578f7f16358205702ef64 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.4 Gerrit-Owner: Martin Peřina <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
