KDC setup for Linux#6158
Conversation
|
Hi @rahulkotecha, I'm your friendly neighborhood .NET Foundation Pull Request Bot (You can call me DNFBOT). Thanks for your contribution! TTYL, DNFBOT; |
|
@rahulkotecha, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR. |
| <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform> | ||
| <ProjectGuid>{A55A2B9A-830F-4330-A0E7-02A9FB30ABD2}</ProjectGuid> | ||
| <OutputType>Library</OutputType> | ||
| <UnsupportedPlatforms>OSX</UnsupportedPlatforms> |
|
cc @morganbr |
| exit 0 | ||
| fi | ||
|
|
||
| configure_kdc |
There was a problem hiding this comment.
If user already has krb5 installed this script will be a no-op. In such cases, the tests may fail (the user's krb5.conf may not contain the principals needed for the test)
There was a problem hiding this comment.
Is there a way to prompt the user to overwrite their set up if that's actually what they want?
What about an uninstall, that undoes all of the configuration done in the script?
There was a problem hiding this comment.
Prompting will not be possible due to the automated nature.
For uninstall, @stephentoub should we add an argument to the script? Then in #6139 should we also do an uninstall each time? (Note that always cleaning up will add to the time when devs run NegotiateStream tests locally)
There was a problem hiding this comment.
Prompting will not be possible due to the automated nature.
That's not necessarily true. There are many utilities that prompt, for example, unless you pass a /force or /Y or some such flag that says "I know what I'm doing, I automatically say 'yes' to any prompt, so don't prompt me".
For uninstall, @stephentoub should we add an argument to the script?
Yes, please.
Then in #6139 should we also do an uninstall each time?
If running the tests does an automatic install, then they should also automatically uninstall. Otherwise, running the tests leaves the box in a state different than it started. It should also be possible to run the uninstall manually and clean up any vestiges of the previous install.
Note that always cleaning up will add to the time when devs run NegotiateStream tests locally
We should make it so that it only uninstalls if it needed to install. That way, if a developer is working on this library and has manually run the install script, no extra install/uninstall time is taken in each run. If it's someone who's just running a full test pass or otherwise running the tests locally, and they don't have things set up appropriately, the tests will do the install and uninstall and their box will (hopefully) be left clean.
There was a problem hiding this comment.
Makes sense. Thanks for the idea about force switch
There was a problem hiding this comment.
@stephentoub we are not actually overwriting user's setup. If the kdc is already installed, we are assuming that the machine is already setup with required users for the testing (through earlier runs of the script). If this assumption is indeed correct, then we might not require the force switch.
Let me know if this assumption is correct.
There was a problem hiding this comment.
@rahulkotecha the force switch is also to let a dev running script outside CI to see some prompts before KDC config. Having the force switch allows the script to be run without prompts from test class setup
|
Thanks, @rahulkotecha. A few more comments/questions, but overall LGTM. @mmitche, could you take a peek as well? |
rahulkotecha-zz
force-pushed
the
dev/negotiatestream
branch
from
66e3c3a to
be45003
Compare
|
incorporated all comments received so far and squashed. |
|
@mmitche please let us know if the changes look ok. |
|
@rahulkotecha there are some conflicts (probably because setup-kdc.sh has been checked in via Priya's commit) |
1. KDC setup script and config files (tested on Ubuntu, Debian, CentOS and Red Hat) - Provides option for installation and uninstallation of KDC - Prompts user for (un)installation and bypasses prompts when run with 'y' switch - Need to be run as sudoer/superuser 2. Changes to project file so as to copy the KDC setup script and related conf files to output directory
|
Changes look good to me @dotnet-bot test this please |
|
Is there a reason we can't just stand up a Kerberos in Azure and depend on that, instead of requiring folks that want to run these tests do all the work to set things up? |
rahulkotecha-zz
force-pushed
the
dev/negotiatestream
branch
from
be45003 to
6e7b559
Compare
11 participants
cc: @stephentoub, @bartonjs, @Priya91