Perry N. Myers
2008-May-23 01:40 UTC
[Ovirt-devel] [PATCH] set ldap.yml from dns srv during ovirt-wui-install
Doing the DNS SRV lookup from Ruby directly is where we want to be (and with Darryl's patches we're almost there) but I decided it wouldn't hurt to edit ldap.yml as part of the install. dig is used to look up the srv record and then if one is found, ldap.yml is edited. I've tested this and verified that it does set the yml file correctly, but even with that set correctly I still can't get the grant_admin_privileges to work properly. Signed-off-by: Perry Myers <pmyers at redhat.com> diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install index e0cbbc0..f0f8b3e 100755 --- a/wui/scripts/ovirt-wui-install +++ b/wui/scripts/ovirt-wui-install @@ -11,6 +11,7 @@ PW_FILE=${OVIRT_CFG}/db/dbaccess STEP_TICKER=0.fedora.pool.ntp.org STEP_FILE=/etc/ntp/step-tickers SASL_FILE=/etc/sasl2/libvirt.conf +LDAP_CFG=${OVIRT_DIR}/config/ldap.yml DISABLE_SVCS="libvirtd" ENABLE_SVCS="ntpd httpd postgresql ovirt-host-browser ovirt-host-status \ @@ -23,6 +24,17 @@ usage() { exit 1 } >&2 +find_srv() { + local dnsreply + dnsreply=$(dig +short -t srv _$1._$2.$(dnsdomainname)) + if [ $? -eq 0 ]; then + set _ $dnsreply; shift + SRV_HOST=$4; SRV_PORT=$3 + else + SRV_HOST=; SRV_PORT+ fi +} + PASSWD for i ; do case $1 in @@ -46,6 +58,18 @@ for svc in $ENABLE_SVCS ; do done } > /dev/null 2>&1 +# grab ldap server from DNS +find_srv ldap tcp +if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then + SRV_HOST=${SRV_HOST%.} + SRV_BASE=$(echo $SRV_HOST | awk -F. '{ for(i=2; i <= NF; i++) { printf("dc=%s", $(i)); if(i<NF) printf(","); } }') + + sed -i -e "s/host: .*/host: $SRV_HOST/g" \ + -e "s/port: .*/port: $SRV_PORT/g" \ + -e "s/base: .*/base: $SRV_BASE/g" \ + $LDAP_CFG +fi + # setup an NTP step-ticker if [ -f $STEP_FILE ]; then if ! grep "^$${STEP_TICKER}$" $STEP_FILE > /dev/null 2>&1 ; then
Perry N. Myers
2008-May-23 05:11 UTC
[Ovirt-devel] [PATCH] REPOST - set ldap.yml from dns srv during ovirt-wui-install
[This email is either empty or too large to be displayed at this time]
Perry N. Myers
2008-May-23 05:15 UTC
[Ovirt-devel] Re: [PATCH] [REPOST] set ldap.yml from dns srv during ovirt-wui-install
Subject: [PATCH] This patch adds logic to the ovirt-wui-install script to attempt to determine the ldap server information from dns srv records and then write that info to the ldap.yml file. Signed-off-by: Perry Myers <pmyers at redhat.com> --- wui/scripts/ovirt-wui-install | 66 ++++++++++++++++++++++++++++++++++++++++- 1 files changed, 65 insertions(+), 1 deletions(-) diff --git a/wui/scripts/ovirt-wui-install b/wui/scripts/ovirt-wui-install index e0cbbc0..6285b3c 100755 --- a/wui/scripts/ovirt-wui-install +++ b/wui/scripts/ovirt-wui-install @@ -11,6 +11,7 @@ PW_FILE=${OVIRT_CFG}/db/dbaccess STEP_TICKER=0.fedora.pool.ntp.org STEP_FILE=/etc/ntp/step-tickers SASL_FILE=/etc/sasl2/libvirt.conf +LDAP_CFG=${OVIRT_DIR}/config/ldap.yml DISABLE_SVCS="libvirtd" ENABLE_SVCS="ntpd httpd postgresql ovirt-host-browser ovirt-host-status \ @@ -23,6 +24,52 @@ usage() { exit 1 } >&2 +find_srv() { + local dnsreply + + # This checks to see if we're running on a bundled/developer install. + # If so, the server queried is localhost instead of using resolv.conf. + if [ "$(hostname)" == "management.priv.ovirt.org" ]; then + local server_flag=@localhost + fi + + dnsreply=$(dig $server_flag +short -t srv _$1._$2.$(dnsdomainname)) + if [ $? -eq 0 ]; then + set _ $dnsreply; shift + SRV_HOST=$4; SRV_PORT=$3 + else + SRV_HOST=; SRV_PORT+ fi +} + +find_ldap_base() { + local found=0 + + domain=$(echo $SRV_HOST | cut -d. -f 2-) + while [ -n "$domain" ]; do + base=$(echo $domain | awk -F. '{ for(i=1; i <= NF; i++) { printf("dc=%s", $(i)); if(i<NF) printf(","); } }') + ldapsearch -h $SRV_HOST -p $SRV_PORT -x \ + -b "cn=users,cn=accounts,$base" -LLL uid > /dev/null 2>&1 + if [ $? -eq 0 ]; then + found=1 + break + fi + + if ! echo $domain | grep "\." > /dev/null 2>&1 ; then + domain="" + else + domain=$(echo $domain | cut -d. -f 2-) + fi + done + + if [ $found -eq 1 ]; then + echo $base + return 0 + else + return 1 + fi +} + PASSWD for i ; do case $1 in @@ -46,10 +93,27 @@ for svc in $ENABLE_SVCS ; do done } > /dev/null 2>&1 +# grab ldap server from DNS +find_srv ldap tcp +if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then + SRV_HOST=${SRV_HOST%.} + srv_base=$(find_ldap_base) + [ $? != 0 ] && echo "Failed to determine base for ldap" && exit 1 + + sed -i -e "s/host: .*/host: $SRV_HOST/g" \ + -e "s/port: .*/port: $SRV_PORT/g" \ + -e "s/base: .*/base: $srv_base/g" \ + $LDAP_CFG +else + # FIXME: Eventually this script should prompt for things that can't + # be found in DNS SRV records. + echo "Failed to get ldap host/port" && exit 1 +fi + # setup an NTP step-ticker if [ -f $STEP_FILE ]; then if ! grep "^$${STEP_TICKER}$" $STEP_FILE > /dev/null 2>&1 ; then - echo $STEP_TICKER >> $STEP_FILE + echo $STEP_TICKER >> $STEP_FILE fi fi