Joey Boggs
2009-May-06 19:06 UTC
[Ovirt-devel] [PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local
This updates ovirt-add-host to use ipa-addservice and ipa-getkeytab rather than
kadmin.local. This also enables the ability to use a remote ipa server in the
future. Functionality and behavior is retained the same.
---
scripts/ovirt-add-host | 24 +++++++++++++++++-------
1 files changed, 17 insertions(+), 7 deletions(-)
diff --git a/scripts/ovirt-add-host b/scripts/ovirt-add-host
index c6b7cd2..eb7b90d 100755
--- a/scripts/ovirt-add-host
+++ b/scripts/ovirt-add-host
@@ -6,8 +6,11 @@ import socket
import shutil
import sys
-def kadmin_local(command):
- ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" +
command + "'")
+def add_principal(command):
+ ret = os.system("ipa-addservice '" + command +
"'")
+
+def get_keytab(command):
+ ret = os.system("ipa-getkeytab -s " + ipa_host + " -p
" + command + " -k " + outname)
if ret != 0:
raise
@@ -22,6 +25,14 @@ default_realm = krbV.Context().default_realm
ipaddr = get_ip(sys.argv[1])
+f = open('/etc/krb5.conf','r')
+for line in f.read().split('\n'):
+ if "admin_server" in line:
+ key, value = line.split("=", 1)
+ host,port = value.split(":",1)
+ ipa_host = host.strip()
+f.close()
+
libvirt_princ = 'libvirt/' + sys.argv[1] + '@' + default_realm
qpidd_princ = 'qpidd/' + sys.argv[1] + '@' + default_realm
@@ -32,11 +43,10 @@ else:
# here, generate the libvirt/ principle for this machine, necessary
# for taskomatic and host-browser
-kadmin_local('addprinc -randkey +requires_preauth ' + libvirt_princ)
-kadmin_local('ktadd -k ' + outname + ' ' + libvirt_princ)
-
-kadmin_local('addprinc -randkey ' + qpidd_princ)
-kadmin_local('ktadd -k ' + outname + ' ' + qpidd_princ)
+add_principal(libvirt_princ)
+get_keytab(libvirt_princ)
+add_principal(qpidd_princ)
+get_keytab(qpidd_princ)
# make sure it is readable by apache and qpidd.
os.chmod(outname, 0644)
--
1.6.0.6