krb5 commit: Use "replica" in iprop settings
Greg Hudson
ghudson at mit.edu
Wed Oct 3 12:28:45 EDT 2018
https://github.com/krb5/krb5/commit/07d9f95e433cf59674faedf1121fe810ab3683c7
commit 07d9f95e433cf59674faedf1121fe810ab3683c7
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Sep 27 12:14:25 2018 -0400
Use "replica" in iprop settings
Change the default dump filename for iprop to "replica_datatrans", and
the iprop poll interval profile variable to "iprop_replica_poll",
preserving compatibility with the old name.
ticket: 8742 (new)
doc/admin/admin_commands/kprop.rst | 2 +-
doc/admin/admin_commands/kpropd.rst | 2 +-
doc/admin/conf_files/kdc_conf.rst | 9 +++++++--
doc/admin/database.rst | 4 ++--
doc/admin/install_kdc.rst | 8 ++++----
doc/mitK5defaults.rst | 12 ++++++------
src/include/k5-int.h | 1 +
src/include/osconf.hin | 2 +-
src/kprop/replica_update | 2 +-
src/lib/kadm5/alt_prof.c | 6 +++++-
src/tests/t_iprop.py | 8 ++++----
11 files changed, 33 insertions(+), 23 deletions(-)
diff --git a/doc/admin/admin_commands/kprop.rst b/doc/admin/admin_commands/kprop.rst
index 6365d85..3fad2c6 100644
--- a/doc/admin/admin_commands/kprop.rst
+++ b/doc/admin/admin_commands/kprop.rst
@@ -33,7 +33,7 @@ OPTIONS
**-f** *file*
Specifies the filename where the dumped principal database file is
to be found; by default the dumped database file is normally
- |kdcdir|\ ``/slave_datatrans``.
+ |kdcdir|\ ``/replica_datatrans``.
**-P** *port*
Specifies the port to use to contact the :ref:`kpropd(8)` server
diff --git a/doc/admin/admin_commands/kpropd.rst b/doc/admin/admin_commands/kpropd.rst
index 37162c9..d3e4fb1 100644
--- a/doc/admin/admin_commands/kpropd.rst
+++ b/doc/admin/admin_commands/kpropd.rst
@@ -53,7 +53,7 @@ compatibility but does nothing.
Incremental propagation may be enabled with the **iprop_enable**
variable in :ref:`kdc.conf(5)`. If incremental propagation is
enabled, the replica periodically polls the master KDC for updates, at
-an interval determined by the **iprop_slave_poll** variable. If the
+an interval determined by the **iprop_replica_poll** variable. If the
replica receives updates, kpropd updates its log file with any updates
from the master. :ref:`kproplog(8)` can be used to view a summary of
the update entry log on the replica KDC. If incremental propagation
diff --git a/doc/admin/conf_files/kdc_conf.rst b/doc/admin/conf_files/kdc_conf.rst
index ee17099..c73791c 100644
--- a/doc/admin/conf_files/kdc_conf.rst
+++ b/doc/admin/conf_files/kdc_conf.rst
@@ -227,10 +227,15 @@ The following tags may be specified in a [realms] subsection:
retained for incremental propagation. The default value is 1000.
Prior to release 1.11, the maximum value was 2500.
-**iprop_slave_poll**
+**iprop_replica_poll**
(Delta time string.) Specifies how often the replica KDC polls
for new updates from the master. The default value is ``2m``
- (that is, two minutes).
+ (that is, two minutes). New in release 1.17.
+
+**iprop_slave_poll**
+ (Delta time string.) The name for **iprop_replica_poll** prior to
+ release 1.17. Its value is used as a fallback if
+ **iprop_replica_poll** is not specified.
**iprop_listen**
(Whitespace- or comma-separated list.) Specifies the iprop RPC
diff --git a/doc/admin/database.rst b/doc/admin/database.rst
index 960f304..3007cfe 100644
--- a/doc/admin/database.rst
+++ b/doc/admin/database.rst
@@ -817,7 +817,7 @@ data in the KDC config file (See :ref:`kdc.conf(5)`):
====================== =============== ===========================================
iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*.
iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500.
-iprop_slave_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes.
+iprop_replica_poll *time interval* Indicates how often the replica should poll the master KDC for changes to the database. The default is two minutes.
iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both master and replica configuration files.
iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes).
iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.)
@@ -892,4 +892,4 @@ The Sun implementation hard-codes pathnames in ``/var/krb5`` for the
update log and the per-replica kprop dump files. In the MIT
implementation, the pathname for the update log is specified in the
config file, and the per-replica dump files are stored in
-|kdcdir|\ ``/slave_datatrans_hostname``.
+|kdcdir|\ ``/replica_datatrans_hostname``.
diff --git a/doc/admin/install_kdc.rst b/doc/admin/install_kdc.rst
index c7eec1e..5d1e70e 100644
--- a/doc/admin/install_kdc.rst
+++ b/doc/admin/install_kdc.rst
@@ -425,12 +425,12 @@ Propagate the database to each replica KDC
First, create a dump file of the database on the master KDC, as
follows::
- shell% kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans
+ shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
Then, manually propagate the database to each replica KDC, as in the
following example::
- shell% kprop -f /usr/local/var/krb5kdc/slave_datatrans kerberos-1.mit.edu
+ shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu
Database propagation to kerberos-1.mit.edu: SUCCEEDED
@@ -448,11 +448,11 @@ following is an example of a Bourne shell script that will do this.
kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu"
- kdb5_util dump /usr/local/var/krb5kdc/slave_datatrans
+ kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
for kdc in $kdclist
do
- kprop -f /usr/local/var/krb5kdc/slave_datatrans $kdc
+ kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc
done
You will need to set up a cron job to run this script at the intervals
diff --git a/doc/mitK5defaults.rst b/doc/mitK5defaults.rst
index 308fbbd..65d904e 100644
--- a/doc/mitK5defaults.rst
+++ b/doc/mitK5defaults.rst
@@ -35,16 +35,16 @@ Replica KDC propagation defaults
This table shows defaults used by the :ref:`kprop(8)` and
:ref:`kpropd(8)` programs.
-========================== ============================== ===========
-Description Default Environment
-========================== ============================== ===========
-kprop database dump file |kdcdir|\ ``/slave_datatrans``
+========================== ================================ ===========
+Description Default Environment
+========================== ================================ ===========
+kprop database dump file |kdcdir|\ ``/replica_datatrans``
kpropd temporary dump file |kdcdir|\ ``/from_master``
kdb5_util location |sbindir|\ ``/kdb5_util``
kprop location |sbindir|\ ``/kprop``
kpropd ACL file |kdcdir|\ ``/kpropd.acl``
-kprop port 754 KPROP_PORT
-========================== ============================== ===========
+kprop port 754 KPROP_PORT
+========================== ================================ ===========
.. _paths:
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
index bf32458..6522422 100644
--- a/src/include/k5-int.h
+++ b/src/include/k5-int.h
@@ -226,6 +226,7 @@ typedef unsigned char u_char;
#define KRB5_CONF_IPROP_MASTER_ULOGSIZE "iprop_master_ulogsize"
#define KRB5_CONF_IPROP_PORT "iprop_port"
#define KRB5_CONF_IPROP_RESYNC_TIMEOUT "iprop_resync_timeout"
+#define KRB5_CONF_IPROP_REPLICA_POLL "iprop_replica_poll"
#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll"
#define KRB5_CONF_K5LOGIN_AUTHORITATIVE "k5login_authoritative"
#define KRB5_CONF_K5LOGIN_DIRECTORY "k5login_directory"
diff --git a/src/include/osconf.hin b/src/include/osconf.hin
index 391f48d..c24717b 100644
--- a/src/include/osconf.hin
+++ b/src/include/osconf.hin
@@ -125,7 +125,7 @@
* krb5 replica support follows
*/
-#define KPROP_DEFAULT_FILE KDC_DIR "/slave_datatrans"
+#define KPROP_DEFAULT_FILE KDC_DIR "/replica_datatrans"
#define KPROPD_DEFAULT_FILE KDC_DIR "/from_master"
#define KPROPD_DEFAULT_KDB5_UTIL "@SBINDIR/kdb5_util"
#define KPROPD_DEFAULT_KPROP "@SBINDIR/kprop"
diff --git a/src/kprop/replica_update b/src/kprop/replica_update
index 69e7bd4..a8b4944 100644
--- a/src/kprop/replica_update
+++ b/src/kprop/replica_update
@@ -7,7 +7,7 @@
KDB_DIR=/usr/local/var/krb5kdc
KDB_FILE=$KDB_DIR/principal.db
-DUMPFILE=$KDB_DIR/slave_datatrans
+DUMPFILE=$KDB_DIR/replica_datatrans
KDB5_UTIL=/usr/local/sbin/kdb5_util
KPROP=/usr/local/sbin/kprop
diff --git a/src/lib/kadm5/alt_prof.c b/src/lib/kadm5/alt_prof.c
index e2d8f77..3f6b536 100644
--- a/src/lib/kadm5/alt_prof.c
+++ b/src/lib/kadm5/alt_prof.c
@@ -804,7 +804,11 @@ krb5_error_code kadm5_get_config_params(krb5_context context,
}
GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
- KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60); /* 2m */
+ KRB5_CONF_IPROP_REPLICA_POLL, -1);
+ if (params.iprop_poll_time == -1) {
+ GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
+ KRB5_CONF_IPROP_SLAVE_POLL, 2 * 60);
+ }
*params_out = params;
diff --git a/src/tests/t_iprop.py b/src/tests/t_iprop.py
index 92e22b9..46cb075 100755
--- a/src/tests/t_iprop.py
+++ b/src/tests/t_iprop.py
@@ -114,27 +114,27 @@ def check_ulog(num, first, last, entries, env=None):
# DB and ulog file.
conf = {'realms': {'$realm': {'iprop_enable': 'true',
'iprop_logfile': '$testdir/db.ulog'}}}
-conf_rep1 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep1 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica1'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}}
conf_rep1m = {'realms': {'$realm': {'iprop_logfile': '$testdir/ulog.replica1',
'iprop_port': '$port8'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica1'}}}
-conf_rep2 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep2 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica2',
'iprop_port': '$port8'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica2'}}}
conf_foo = {'libdefaults': {'default_realm': 'FOO'},
'domain_realm': {hostname: 'FOO'}}
-conf_rep3 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep3 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica3',
'iprop_port': '$port8'},
'FOO': {'iprop_logfile': '$testdir/ulog.replica3'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica3'}}}
krb5_conf_rep4 = {'domain_realm': {hostname: 'FOO'}}
-conf_rep4 = {'realms': {'$realm': {'iprop_slave_poll': '600',
+conf_rep4 = {'realms': {'$realm': {'iprop_replica_poll': '600',
'iprop_logfile': '$testdir/ulog.replica4',
'iprop_port': '$port8'}},
'dbmodules': {'db': {'database_name': '$testdir/db.replica4'}}}
More information about the cvs-krb5
mailing list