Martin Peřina has uploaded a new change for review. Change subject: tools: Add --resolve-kdc arg to engine-manage-domains ......................................................................
tools: Add --resolve-kdc arg to engine-manage-domains Adds --resolve-kdc argument to engine-mamage-domains which forces discovery of kerberos servers using DNS. This is usefull, when LDAP and Kerberos servers are not provided on same hosts (by default we suppose that LDAP and Kerberos servers are on the same hosts). Change-Id: I7884eae1c67636c7fc4578f7f16358205702ef64 Bug-Url: https://bugzilla.redhat.com/1031778 Signed-off-by: Martin Perina <mper...@redhat.com> --- M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java M backend/manager/tools/src/main/resources/manage-domains-help.properties M packaging/man/man8/engine-manage-domains.8 4 files changed, 28 insertions(+), 8 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/76/24576/1 diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java index 42b662e..d724539 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java @@ -19,6 +19,7 @@ import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_PASSWORD_FILE; import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_PROVIDER; import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_REPORT; +import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_RESOLVE_KDC; import static org.ovirt.engine.core.domains.ManageDomainsArguments.ARG_USER; import java.io.BufferedReader; @@ -744,11 +745,13 @@ try { log.info("Creating kerberos configuration for domain(s): " + gssapiDomainsString); useDnsLookup = utilityConfiguration.getUseDnsLookup(); - if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup) { - // The arguments do not contain a list of ldap servers, the + if (!args.contains(ARG_LDAP_SERVERS) && useDnsLookup + || args.contains(ARG_RESOLVE_KDC)) { + // Arguments do not contain a list of ldap servers, so the // kerberos configuration should not be created according to it if - // useDnsLookup is set to true as in this case the kdc and the domain_realm information - // will be resolved by DNS during kerberos negotiation. + // useDnsLookup is set to true or resolve KDC argument was entered. + // In those cases the kdc and the domain_realm information will be resolved + // by DNS during kerberos negotiation. ldapServersPerGSSAPIDomains = Collections.emptyMap(); } krbConfCreator = new KrbConfCreator(gssapiDomainsString, useDnsLookup, ldapServersPerGSSAPIDomains); diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java index 7d8c532..a450e8b 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomainsArguments.java @@ -132,6 +132,11 @@ public static final String ARG_REPORT = "--report"; /** + * Resolve KDC servers (don't suppose they are the same LDAP servers) + */ + public static final String ARG_RESOLVE_KDC = "--resolve-kdc"; + + /** * Username */ public static final String ARG_USER = "--user"; @@ -201,6 +206,10 @@ .build()); parser.addArg(new ArgumentBuilder() + .longName(ARG_RESOLVE_KDC) + .build()); + + parser.addArg(new ArgumentBuilder() .longName(ARG_PASSWORD_FILE) .valueRequied(true) .build()); diff --git a/backend/manager/tools/src/main/resources/manage-domains-help.properties b/backend/manager/tools/src/main/resources/manage-domains-help.properties index 965e27b..ec41977 100644 --- a/backend/manager/tools/src/main/resources/manage-domains-help.properties +++ b/backend/manager/tools/src/main/resources/manage-domains-help.properties @@ -9,10 +9,10 @@ \n\tlist list the current configuration\ \n\ \nAdd domain:\ -\n\tengine-manage-domains add --domain=DOMAIN --provider=PROVIDER --user=USER [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--password-file=PASS_FILE] [--change-password-msg]\ +\n\tengine-manage-domains add --domain=DOMAIN --provider=PROVIDER --user=USER [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--resolve-kdc] [--password-file=PASS_FILE] [--change-password-msg]\ \n\ \nEdit domain:\ -\n\tengine-manage-domains edit --domain=DOMAIN [--provider=PROVIDER] [--user=USER] [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--password-file=PASS_FILE] [--change-password-msg]\ +\n\tengine-manage-domains edit --domain=DOMAIN [--provider=PROVIDER] [--user=USER] [--add-permissions] [--config-file=CFG_FILE] [--ldap-servers=SERVERS] [--resolve-kdc] [--password-file=PASS_FILE] [--change-password-msg]\ \n\ \nDelete domain:\ \n\tengine-manage-domains delete --domain=DOMAIN [--force] [--config-file=CFG_FILE] [--password-file=PASS_FILE]\ @@ -57,6 +57,9 @@ \n--report\ \n\tReport all validation error, if occured (default behaviour is to exit when a validation error occurs).\ \n\ +\n--resolve-kdc\ +\n\tResolve KDC servers using DNS (don't assume they are the same as LDAP servers).\ +\n\ \n--user=USER\ \n\tThe domain user.\ \n\ diff --git a/packaging/man/man8/engine-manage-domains.8 b/packaging/man/man8/engine-manage-domains.8 index 7e5dce6..1f82060 100644 --- a/packaging/man/man8/engine-manage-domains.8 +++ b/packaging/man/man8/engine-manage-domains.8 @@ -23,12 +23,12 @@ .PP .B Add domain .RS 4 -engine-manage-domains add --domain=\fIDOMAIN\fR --provider=\fIPROVIDER\fR --user=\fIUSER\fR [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] +engine-manage-domains add --domain=\fIDOMAIN\fR --provider=\fIPROVIDER\fR --user=\fIUSER\fR [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--resolve-kdc] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] .RE .PP .B Edit domain .RS 4 -engine-manage-domains edit --domain=\fIDOMAIN\fR [--provider=\fIPROVIDER\fR] [--user=\fIUSER\fR] [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] +engine-manage-domains edit --domain=\fIDOMAIN\fR [--provider=\fIPROVIDER\fR] [--user=\fIUSER\fR] [--add-permissions] [--config-file=\fICFG_FILE\fR] [--ldap-servers=\fISERVERS\fR] [--resolve-kdc] [--password-file=\fIPASS_FILE\fR] [--change-password-msg] .RE .PP .B Delete domain @@ -107,6 +107,11 @@ Report all validation error, if occured (default behaviour is to exit when a validation error occurs). .RE .PP +\fB\-\-resolve-kdc\fR +.RS 4 +Resolve KDC servers using DNS (don't assume they are the same as LDAP servers). +.RE +.PP \fB\-\-user\fR=\fIUSER\fR .RS 4 The domain user. -- To view, visit http://gerrit.ovirt.org/24576 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7884eae1c67636c7fc4578f7f16358205702ef64 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Martin Peřina <mper...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
