Description of problem: Although users use manage-domains correctly, DNS queries are sent to an empty domain string. This is a regression as a result of fix for https://bugzilla.redhat.com/show_bug.cgi?id=871591 Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I've tried to verify it on sf-8: A domain was added, and got the engine-manage-domains.log bellow. Where can I see the "a DNS srv record query is sent (a proper one)" (yzaslavs) please? engine-manage-domains.log: 2013-02-28 16:18:40,640 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos configuration for domain(s): qa.lab.tlv.redhat.com 2013-02-28 16:18:40,677 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created kerberos configuration for domain(s): qa.lab.tlv.redhat.com 2013-02-28 16:18:40,677 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos configuration for domain: qa.lab.tlv.redhat.com 2013-02-28 16:18:41,030 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested kerberos configuration for domain: qa.lab.tlv.redhat.com 2013-02-28 16:18:41,032 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos configuration 2013-02-28 16:18:41,032 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] uuid: 9b9002d1-ec33-4083-8a7b-31f6b8931648 username: vdcadmin.TLV.REDHAT.COM domain: qa.lab.tlv.redhat.com 2013-02-28 16:18:41,081 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserName to qa.lab.tlv.redhat.com:vdcadmin.TLV.REDHAT.COM 2013-02-28 16:18:42,474 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserPassword to qa.lab.tlv.redhat.com:******** 2013-02-28 16:18:44,080 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LdapServers to 2013-02-28 16:18:45,510 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for AdUserId to qa.lab.tlv.redhat.com:9b9002d1-ec33-4083-8a7b-31f6b8931648 2013-02-28 16:18:46,868 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPSecurityAuthentication to qa.lab.tlv.redhat.com:GSSAPI 2013-02-28 16:18:48,357 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for DomainName to qa.lab.tlv.redhat.com 2013-02-28 16:18:49,738 INFO [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value for LDAPProviderTypes to qa.lab.tlv.redhat.com:activeDirectory
(In reply to comment #3) > I've tried to verify it on sf-8: > A domain was added, and got the engine-manage-domains.log bellow. > Where can I see the "a DNS srv record query is sent (a proper one)" > (yzaslavs) please? > > engine-manage-domains.log: > > 2013-02-28 16:18:40,640 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Creating kerberos > configuration for domain(s): qa.lab.tlv.redhat.com > 2013-02-28 16:18:40,677 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully created > kerberos configuration for domain(s): qa.lab.tlv.redhat.com > 2013-02-28 16:18:40,677 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Testing kerberos > configuration for domain: qa.lab.tlv.redhat.com > 2013-02-28 16:18:41,030 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Successfully tested > kerberos configuration for domain: qa.lab.tlv.redhat.com > 2013-02-28 16:18:41,032 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomains] Applying kerberos > configuration > 2013-02-28 16:18:41,032 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] uuid: > 9b9002d1-ec33-4083-8a7b-31f6b8931648 username: > vdcadmin.TLV.REDHAT.COM domain: qa.lab.tlv.redhat.com > 2013-02-28 16:18:41,081 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for AdUserName to qa.lab.tlv.redhat.com:vdcadmin.TLV.REDHAT.COM > 2013-02-28 16:18:42,474 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for AdUserPassword to qa.lab.tlv.redhat.com:******** > 2013-02-28 16:18:44,080 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for LdapServers to > 2013-02-28 16:18:45,510 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for AdUserId to qa.lab.tlv.redhat.com:9b9002d1-ec33-4083-8a7b-31f6b8931648 > 2013-02-28 16:18:46,868 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for LDAPSecurityAuthentication to qa.lab.tlv.redhat.com:GSSAPI > 2013-02-28 16:18:48,357 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for DomainName to qa.lab.tlv.redhat.com > 2013-02-28 16:18:49,738 INFO > [org.ovirt.engine.core.utils.kerberos.ManageDomainsDAOImpl] Setting value > for LDAPProviderTypes to qa.lab.tlv.redhat.com:activeDirectory You can't verify it using the log. You need to use tcpdump and actually capture dns SRV calls, and analyze them to see engine-manage-domains issues the correct dns SRV calls
Verified on sf-12: [1] Added a domain by: rhevm-manage-domains -action=add -addPermissions -domain=qa.lab.tlv.redhat.com -user=vdcadmin -interactive -provider=activeDirectory [2] tcpdump record for DNS port 'tcpdump -s 1500 port 53' run in paralll to [1]: machine request ldap srv record, and in reply it got the info on the machine + the ldap port to use (389): 15:12:32.884344 IP vm-161-161.scl.lab.tlv.redhat.com.48451 > ns2.eng.tlv.redhat.com.domain: 1+ SRV? _ldap._tcp.qa.lab.tlv.redhat.com. (50) 15:12:32.884925 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.48451: 1 1/1/2 SRV qa1.qa.lab.tlv.redhat.com.:389 0 100 (145) 15:12:32.954756 IP vm-161-161.scl.lab.tlv.redhat.com.47033 > ns2.eng.tlv.redhat.com.domain: 60846+ A? qa1.qa.lab.tlv.redhat.com. (43) 15:12:32.954842 IP vm-161-161.scl.lab.tlv.redhat.com.47033 > ns2.eng.tlv.redhat.com.domain: 30006+ AAAA? qa1.qa.lab.tlv.redhat.com. (43) 15:12:32.955335 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.47033: 60846 1/1/1 A 10.35.64.1 (93) 15:12:32.955350 IP ns2.eng.tlv.redhat.com.domain > vm-161-161.scl.lab.tlv.redhat.com.47033: 30006 0/1/0 (90)
3.2 has been released