You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2018/12/07 16:38:00 UTC
[jira] [Commented] (VCL-1095) Move unjoining of Windows VMs from
Active Directory to earlier in the deprovision process
[ https://issues.apache.org/jira/browse/VCL-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16713068#comment-16713068 ]
ASF subversion and git services commented on VCL-1095:
------------------------------------------------------
Commit 9a0958ba7103252f25ddb2a629a431c823c3d575 in vcl's branch refs/heads/VCL-1095_move_AD_unjoin from [~jfthomps]
[ https://git-wip-us.apache.org/repos/asf?p=vcl.git;h=9a0958b ]
VCL-1095 - Move unjoining of Windows VMs from Active Directory to earlier in the deprovision process
DataStructure.pm: modified get_domain_credentials: changed name of input parameter and made it optional, if not passed in, will use domain of current image; updated to receive $domain_dns_name as first item in array returned by get_management_node_ad_domain_credentials; added more details to debug notify
Windows.pm:
-modified pre_capture: moved unjoining from domain a little earlier, mainly so setting the Administrator password to the VCL default (from vcld.conf) will not fail if the password doesn't meet domain restrictions, this required adding an extra reboot after unjoining
-modified post_reservation: unjoin computer from domain; this was needed so that reload reservations will be able to unjoin a computer while the previous image is still loaded and it has a way to lookup what credentials are needed to unjoin that image; otherwise, the case exists where a computer needs to be unjoined, but vcld doesn't know which credentials to use for unjoining it
-modified ad_join_ps: cleaned up domain password being written to vcld.log file; added writing addomain_id tag to currentimage.txt file
-modified ad_unjoin: updated to not pass arguments to ad_delete_computer
-modified ad_search: get $domain_username and $domain_password from passed in arguments instead of from calling get_domain_credentials; cleaned up domain password being written to vcld.log file
-modified ad_delete_computer: changed to not accept arguments; get domain_dns_name and credentials from calling get_domain_credentials; if calling that with no arguments returns nothing, try recursively calling self and calling get_domain_credentials with addomain_id from currentimage.txt file; include domain_dns_name and credentials with data passed to ad_search
utils.pm: modified get_management_node_ad_domain_credentials: changed 2nd argument from $domain_dns_name to $domain_id; added $domain_dns_name to beginning of array of returned data; for WHERE clause of query, always use addomain.id since domainDNSName is no longer unique; added domain_dns_name to debug notify
update-vcl.sql:
-changed key on domainDNSName in addomain table from a unique key to just an index; this allows multiple accounts per domain_dns_name
-added DropExistingIndices and AddIndexIfNotExists calls for addomain.domainDNSName
vcl.sql: changed key on domainDNSName in addomain table from a unique key to just an index; this allows multiple accounts per domain_dns_name
> Move unjoining of Windows VMs from Active Directory to earlier in the deprovision process
> -----------------------------------------------------------------------------------------
>
> Key: VCL-1095
> URL: https://issues.apache.org/jira/browse/VCL-1095
> Project: VCL
> Issue Type: Improvement
> Components: vcld (backend)
> Reporter: Josh Thompson
> Priority: Major
> Fix For: 2.5.1
>
>
> Windows VMs that are joined to Active Directory need to be unjoined earlier in the deprovisioning process. Currently, they are unjoined by the reload process that loads the VM with the next image. The problem is that this reload process has not loaded the AD credentials needed to log in to AD to unjoin the VM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)