[Ovirt-devel] [PATCH server] update host-browser to use ipa commands rather than kadmin

Wed May 20 20:44:53 UTC 2009

This completes the server side daemons ipa support

---
 installer/modules/ovirt/manifests/ovirt.pp |    5 ++++
 src/host-browser/host-browser.rb           |   29 +++++++++++++++++++++------
 2 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/installer/modules/ovirt/manifests/ovirt.pp b/installer/modules/ovirt/manifests/ovirt.pp
index 2e91e69..d3d01d6 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -130,6 +130,11 @@ class ovirt::setup {
 		notify => Service[qpidd]
 	}
 
+        single_exec { "ipa_admin_keytab" :
+                command => "/usr/sbin/ipa-getkeytab -s $ipa_host -p admin@$realm_name -k /usr/share/ovirt-server/ipa-admin.tab",
+                require => Exec[get_krb5_tkt]
+        }
+
 	service {"httpd" :
                 enable => true,
                 require => Package[httpd],
diff --git a/src/host-browser/host-browser.rb b/src/host-browser/host-browser.rb
index 13b2ac4..b62fdba 100755
--- a/src/host-browser/host-browser.rb
+++ b/src/host-browser/host-browser.rb
@@ -331,12 +331,23 @@ class HostBrowser
         # TODO need a way to test this portion
         unless (defined? TESTING) || File.exists?(@keytab_filename)
             # TODO replace with Kr5Auth when it supports admin actions
-            puts "Writing keytab file: #{@keytab_filename}" unless defined?(TESTING)
-            kadmin_local('addprinc -randkey ' + libvirt_princ)
-            kadmin_local('ktadd -k ' + @keytab_filename + ' ' + libvirt_princ)
-            kadmin_local('addprinc -randkey ' + qpidd_princ)
-            kadmin_local('ktadd -k ' + @keytab_filename + ' ' + qpidd_princ)
 
+        krb5conf = File.new("/etc/krb5.conf", "r")
+        while (line = krb5conf.gets)
+            if line =~ /admin_server/ && !line.include?("FILE")
+            key,value = line.split("=")
+            ipa_host,ipa_port = value.split(":")
+            end
+        end
+        krb5conf.close
+
+            puts "Writing keytab file: #{@keytab_filename}" unless defined?(TESTING)
+            admin_keytab="/usr/share/ovirt-server/ipa-admin.tab"
+            system("/usr/kerberos/bin/kinit admin -k -t #{admin_keytab}")
+            add_principal(libvirt_princ)
+            get_keytab(libvirt_princ,ipa_host)
+            add_principal(qpidd_princ)
+            get_keytab(qpidd_princ,ipa_host)
             File.chmod(0644, at keytab_filename)
         end
 
@@ -367,8 +378,12 @@ class HostBrowser
 
     # Executes an external program to support the keytab function.
     #
-    def kadmin_local(command)
-        system("/usr/kerberos/sbin/kadmin.local -q '" + command + "'")
+    def add_principal(command)
+        system("/usr/sbin/ipa-addservice #{command}")
+    end
+
+    def get_keytab(command,ipa_host)
+        system("ipa-getkeytab -s #{ipa_host} -p #{command} -k #{@keytab_filename}")
     end
 end
 
-- 
1.6.0.6


