-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NAS-129123 / 24.10 / Expand error recovery in AD health checks #13781
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was not a detailed review. I might circle back.
f9271ce
to
e1aa30c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approving because all comments are suggestions/cleanup, and not essential.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approve also since most my suggestions were flake8 fixes.
This primarily adds two new features to our AD health checks * Check whether the secrets.tdb file exists and has a valid machine account password. If it's missing, then try to restore from backup. * Check whether we have a stored kerberos keytab for the AD domain. If it's missing, reconstruct it from our machine account password in the secrets.tdb file.
This PR has been merged and conversations have been locked. |
This primarily adds two new features to our AD health checks
Check whether the secrets.tdb file exists and has a valid machine account password. If it's missing, then try to restore from backup.
Check whether we have a stored kerberos keytab for the AD domain. If it's missing, reconstruct it from our machine account password in the secrets.tdb file.
This commit also refactors the kerberos plugin to move many methods into general-purpose krb5 utils that can be tested more easily in isolation.