Joey Boggs
2009-May-06 19:06 UTC
[Ovirt-devel] [PATCH server] update ovirt-add-host to use ipa commands instead of kadmin.local
This updates ovirt-add-host to use ipa-addservice and ipa-getkeytab rather than kadmin.local. This also enables the ability to use a remote ipa server in the future. Functionality and behavior is retained the same. --- scripts/ovirt-add-host | 24 +++++++++++++++++------- 1 files changed, 17 insertions(+), 7 deletions(-) diff --git a/scripts/ovirt-add-host b/scripts/ovirt-add-host index c6b7cd2..eb7b90d 100755 --- a/scripts/ovirt-add-host +++ b/scripts/ovirt-add-host @@ -6,8 +6,11 @@ import socket import shutil import sys -def kadmin_local(command): - ret = os.system("/usr/kerberos/sbin/kadmin.local -q '" + command + "'") +def add_principal(command): + ret = os.system("ipa-addservice '" + command + "'") + +def get_keytab(command): + ret = os.system("ipa-getkeytab -s " + ipa_host + " -p " + command + " -k " + outname) if ret != 0: raise @@ -22,6 +25,14 @@ default_realm = krbV.Context().default_realm ipaddr = get_ip(sys.argv[1]) +f = open('/etc/krb5.conf','r') +for line in f.read().split('\n'): + if "admin_server" in line: + key, value = line.split("=", 1) + host,port = value.split(":",1) + ipa_host = host.strip() +f.close() + libvirt_princ = 'libvirt/' + sys.argv[1] + '@' + default_realm qpidd_princ = 'qpidd/' + sys.argv[1] + '@' + default_realm @@ -32,11 +43,10 @@ else: # here, generate the libvirt/ principle for this machine, necessary # for taskomatic and host-browser -kadmin_local('addprinc -randkey +requires_preauth ' + libvirt_princ) -kadmin_local('ktadd -k ' + outname + ' ' + libvirt_princ) - -kadmin_local('addprinc -randkey ' + qpidd_princ) -kadmin_local('ktadd -k ' + outname + ' ' + qpidd_princ) +add_principal(libvirt_princ) +get_keytab(libvirt_princ) +add_principal(qpidd_princ) +get_keytab(qpidd_princ) # make sure it is readable by apache and qpidd. os.chmod(outname, 0644) -- 1.6.0.6