[
https://issues.apache.org/jira/browse/VCL-1095?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16713068#comment-16713068
]
ASF subversion and git services commented on VCL-1095:
------------------------------------------------------
Commit 9a0958ba7103252f25ddb2a629a431c823c3d575 in vcl's branch
refs/heads/VCL-1095_move_AD_unjoin from [~jfthomps]
[ https://git-wip-us.apache.org/repos/asf?p=vcl.git;h=9a0958b ]
VCL-1095 - Move unjoining of Windows VMs from Active Directory to earlier in
the deprovision process
DataStructure.pm: modified get_domain_credentials: changed name of input
parameter and made it optional, if not passed in, will use domain of current
image; updated to receive $domain_dns_name as first item in array returned by
get_management_node_ad_domain_credentials; added more details to debug notify
Windows.pm:
-modified pre_capture: moved unjoining from domain a little earlier, mainly so
setting the Administrator password to the VCL default (from vcld.conf) will not
fail if the password doesn't meet domain restrictions, this required adding an
extra reboot after unjoining
-modified post_reservation: unjoin computer from domain; this was needed so
that reload reservations will be able to unjoin a computer while the previous
image is still loaded and it has a way to lookup what credentials are needed to
unjoin that image; otherwise, the case exists where a computer needs to be
unjoined, but vcld doesn't know which credentials to use for unjoining it
-modified ad_join_ps: cleaned up domain password being written to vcld.log
file; added writing addomain_id tag to currentimage.txt file
-modified ad_unjoin: updated to not pass arguments to ad_delete_computer
-modified ad_search: get $domain_username and $domain_password from passed in
arguments instead of from calling get_domain_credentials; cleaned up domain
password being written to vcld.log file
-modified ad_delete_computer: changed to not accept arguments; get
domain_dns_name and credentials from calling get_domain_credentials; if calling
that with no arguments returns nothing, try recursively calling self and
calling get_domain_credentials with addomain_id from currentimage.txt file;
include domain_dns_name and credentials with data passed to ad_search
utils.pm: modified get_management_node_ad_domain_credentials: changed 2nd
argument from $domain_dns_name to $domain_id; added $domain_dns_name to
beginning of array of returned data; for WHERE clause of query, always use
addomain.id since domainDNSName is no longer unique; added domain_dns_name to
debug notify
update-vcl.sql:
-changed key on domainDNSName in addomain table from a unique key to just an
index; this allows multiple accounts per domain_dns_name
-added DropExistingIndices and AddIndexIfNotExists calls for
addomain.domainDNSName
vcl.sql: changed key on domainDNSName in addomain table from a unique key to
just an index; this allows multiple accounts per domain_dns_name
> Move unjoining of Windows VMs from Active Directory to earlier in the
> deprovision process
> -----------------------------------------------------------------------------------------
>
> Key: VCL-1095
> URL: https://issues.apache.org/jira/browse/VCL-1095
> Project: VCL
> Issue Type: Improvement
> Components: vcld (backend)
> Reporter: Josh Thompson
> Priority: Major
> Fix For: 2.5.1
>
>
> Windows VMs that are joined to Active Directory need to be unjoined earlier
> in the deprovisioning process. Currently, they are unjoined by the reload
> process that loads the VM with the next image. The problem is that this
> reload process has not loaded the AD credentials needed to log in to AD to
> unjoin the VM.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
