From: Greg Hudson Date: Thu, 27 Sep 2018 16:14:25 +0000 (-0400) Subject: Use "replica" in iprop settings X-Git-Tag: krb5-1.17-beta1~32 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=07d9f95e433cf59674faedf1121fe810ab3683c7;p=thirdparty%2Fkrb5.git Use "replica" in iprop settings Change the default dump filename for iprop to "replica_datatrans", and the iprop poll interval profile variable to "iprop_replica_poll", preserving compatibility with the old name. ticket: 8742 (new) --- diff --git a/doc/admin/admin_commands/kprop.rst b/doc/admin/admin_commands/kprop.rst index 6365d853de..3fad2c6847 100644 --- a/doc/admin/admin_commands/kprop.rst +++ b/doc/admin/admin_commands/kprop.rst @@ -33,7 +33,7 @@ OPTIONS **-f** *file* Specifies the filename where the dumped principal database file is to be found; by default the dumped database file is normally - |kdcdir|\ ``/slave_datatrans``. + |kdcdir|\ ``/replica_datatrans``. **-P** *port* Specifies the port to use to contact the :ref:`kpropd(8)` server diff --git a/doc/admin/admin_commands/kpropd.rst b/doc/admin/admin_commands/kpropd.rst index 37162c935c..d3e4fb1868 100644 --- a/doc/admin/admin_commands/kpropd.rst +++ b/doc/admin/admin_commands/kpropd.rst @@ -53,7 +53,7 @@ compatibility but does nothing. Incremental propagation may be enabled with the **iprop_enable** variable in :ref:`kdc.conf(5)`. If incremental propagation is enabled, the replica periodically polls the master KDC for updates, at -an interval determined by the **iprop_slave_poll** variable. If the +an interval determined by the **iprop_replica_poll** variable. If the replica receives updates, kpropd updates its log file with any updates from the master. :ref:`kproplog(8)` can be used to view a summary of the update entry log on the replica KDC. If incremental propagation diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst index ee17099067..c73791ceb9 100644 --- a/doc/admin/conf_files/kdc_conf.rst +++ b/doc/admin/conf_files/kdc_conf.rst @@ -227,10 +227,15 @@ The following tags may be specified in a [realms] subsection: retained for incremental propagation. The default value is 1000. Prior to release 1.11, the maximum value was 2500. -**iprop_slave_poll** +**iprop_replica_poll** (Delta time string.) Specifies how often the replica KDC polls for new updates from the master. The default value is ``2m`` - (that is, two minutes). + (that is, two minutes). New in release 1.17. + +**iprop_slave_poll** + (Delta time string.) The name for **iprop_replica_poll** prior to + release 1.17. Its value is used as a fallback if + **iprop_replica_poll** is not specified. **iprop_listen** (Whitespace- or comma-separated list.) Specifies the iprop RPC diff --git a/doc/admin/database.rst b/doc/admin/database.rst index 960f304360..3007cfe35a 100644 --- a/doc/admin/database.rst +++ b/doc/admin/database.rst @@ -817,7 +817,7 @@ data in the KDC config file (See :ref:`kdc.conf(5)`): ====================== =============== =========================================== iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*. iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500. -iprop_slave_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes. +iprop_replica_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes. iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and replica configuration files. iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes). iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.) @@ -892,4 +892,4 @@ The Sun implementation hard-codes pathnames in ``/var/krb5`` for the update log and the per-replica kprop dump files. In the MIT implementation, the pathname for the update log is specified in the config file, and the per-replica dump files are stored in -|kdcdir|\ ``/slave_datatrans_hostname``. +|kdcdir|\ ``/replica_datatrans_hostname``. diff --git a/doc/admin/install_kdc.rst b/doc/admin/install_kdc.rst index c7eec1e070..5d1e70edec 100644 --- a/doc/admin/install_kdc.rst +++ b/doc/admin/install_kdc.rst @@ -425,12 +425,12 @@ Propagate the database to each replica KDC First, create a dump file of the database on the master KDC, as follows:: - shell% kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans + shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans Then, manually propagate the database to each replica KDC, as in the following example:: - shell% kprop -f /usr/local/var/krb5kdc/slave_datatrans kerberos-1.mit.edu + shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu Database propagation to kerberos-1.mit.edu: SUCCEEDED @@ -448,11 +448,11 @@ following is an example of a Bourne shell script that will do this. kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu" - kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans + kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans for kdc in $kdclist do - kprop -f /usr/local/var/krb5kdc/slave_datatrans $kdc + kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc done You will need to set up a cron job to run this script at the intervals diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst index 308fbbd22a..65d904ef6c 100644 --- a/doc/mitK5defaults.rst +++ b/doc/mitK5defaults.rst @@ -35,16 +35,16 @@ Replica KDC propagation defaults This table shows defaults used by the :ref:`kprop(8)` and :ref:`kpropd(8)` programs. -========================== ============================== =========== -Description Default Environment -========================== ============================== =========== -kprop database dump file |kdcdir|\ ``/slave_datatrans`` +========================== ================================ =========== +Description Default Environment +========================== ================================ =========== +kprop database dump file |kdcdir|\ ``/replica_datatrans`` kpropd temporary dump file |kdcdir|\ ``/from_master`` kdb5_util location |sbindir|\ ``/kdb5_util`` kprop location |sbindir|\ ``/kprop`` kpropd ACL file |kdcdir|\ ``/kpropd.acl`` -kprop port 754 KPROP_PORT -========================== ============================== =========== +kprop port 754 KPROP_PORT +========================== ================================ =========== .. _paths: diff --git a/src/include/k5-int.h b/src/include/k5-int.h index bf324582c7..652242207a 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -226,6 +226,7 @@ typedef unsigned char u_char; #define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize" #define KRB5_CONF_IPROP_PORT "iprop_port" #define KRB5_CONF_IPROP_RESYNC_TIMEOUT "iprop_resync_timeout" +#define KRB5_CONF_IPROP_REPLICA_POLL "iprop_replica_poll" #define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll" #define KRB5_CONF_K5LOGIN_AUTHORITATIVE "k5login_authoritative" #define KRB5_CONF_K5LOGIN_DIRECTORY "k5login_directory" diff --git a/src/include/osconf.hin b/src/include/osconf.hin index 391f48d757..c24717be67 100644 --- a/src/include/osconf.hin +++ b/src/include/osconf.hin @@ -125,7 +125,7 @@ * krb5 replica support follows */ -#define KPROP_DEFAULT_FILE KDC_DIR "/slave_datatrans" +#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans" #define KPROPD_DEFAULT_FILE KDC_DIR "/from_master" #define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util" #define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop" diff --git a/src/kprop/replica_update b/src/kprop/replica_update index 69e7bd4089..a8b49446a2 100644 --- a/src/kprop/replica_update +++ b/src/kprop/replica_update @@ -7,7 +7,7 @@ KDB_DIR=/usr/local/var/krb5kdc KDB_FILE=$KDB_DIR/principal.db -DUMPFILE=$KDB_DIR/slave_datatrans +DUMPFILE=$KDB_DIR/replica_datatrans KDB5_UTIL=/usr/local/sbin/kdb5_util KPROP=/usr/local/sbin/kprop diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c index e2d8f7789c..3f6b536517 100644 --- a/src/lib/kadm5/alt_prof.c +++ b/src/lib/kadm5/alt_prof.c @@ -804,7 +804,11 @@ krb5_error_code kadm5_get_config_params(krb5_context context, } GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, - KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */ + KRB5_CONF_IPROP_REPLICA_POLL, -1); + if (params.iprop_poll_time == -1) { + GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME, + KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); + } *params_out = params; diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py index 92e22b9503..46cb075502 100755 --- a/src/tests/t_iprop.py +++ b/src/tests/t_iprop.py @@ -114,27 +114,27 @@ def check_ulog(num, first, last, entries, env=None): # DB and ulog file. conf = {'realms': {'$realm': {'iprop_enable': 'true', 'iprop_logfile': '$testdir/db.ulog'}}} -conf_rep1 = {'realms': {'$realm': {'iprop_slave_poll': '600', +conf_rep1 = {'realms': {'$realm': {'iprop_replica_poll': '600', 'iprop_logfile': '$testdir/ulog.replica1'}}, 'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}} conf_rep1m = {'realms': {'$realm': {'iprop_logfile': '$testdir/ulog.replica1', 'iprop_port': '$port8'}}, 'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}} -conf_rep2 = {'realms': {'$realm': {'iprop_slave_poll': '600', +conf_rep2 = {'realms': {'$realm': {'iprop_replica_poll': '600', 'iprop_logfile': '$testdir/ulog.replica2', 'iprop_port': '$port8'}}, 'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}} conf_foo = {'libdefaults': {'default_realm': 'FOO'}, 'domain_realm': {hostname: 'FOO'}} -conf_rep3 = {'realms': {'$realm': {'iprop_slave_poll': '600', +conf_rep3 = {'realms': {'$realm': {'iprop_replica_poll': '600', 'iprop_logfile': '$testdir/ulog.replica3', 'iprop_port': '$port8'}, 'FOO': {'iprop_logfile': '$testdir/ulog.replica3'}}, 'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}} krb5_conf_rep4 = {'domain_realm': {hostname: 'FOO'}} -conf_rep4 = {'realms': {'$realm': {'iprop_slave_poll': '600', +conf_rep4 = {'realms': {'$realm': {'iprop_replica_poll': '600', 'iprop_logfile': '$testdir/ulog.replica4', 'iprop_port': '$port8'}}, 'dbmodules': {'db': {'database_name': '$testdir/db.replica4'}}}