红帽全球峰会14.5. Migrating from the Legacy Provider to the New Extension-Based Provider
Directory servers configured using the domain management tool are not supported after Red Hat Enterprise Virtualization 3.6. If your directory servers are configured using the domain management tool, it is highly recommended to migrate to the new extension-based provider. Two options are available:
- Attach the directory server using the new extension-based provider, verify that it is working, and remove the old directory server profile configured using the domain management tool.
- An upstream tool is also available to assist with automating the migration. The migration tool can be downloaded at https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases. Currently this option is only supported by opening a support case with Red Hat.
Procedure 14.6. Manually Migration from the Legacy Provider to the New Extension-Based Provider
- Use the interactive setup tool to attach directory servers using the new extension-based provider. See Section 14.3.1, “Configuring an External LDAP Provider (Interactive Setup)” for more information. The interactive setup script asks you to perform search and login queries to verify that the setup was successful. You can also log in to the Administration Portal to verify if the directory server has been successfully attached. At this stage the same directory server is attached twice: Once using the legacy provider with the domain management tool, and once using the new extension-based provider. To distinguish between the two, the profile name must not be the same. You can rename the profile name after the legacy profile has been removed.
- After verifying that the new setup was successful, remove the old directory server profile:
engine-manage-domains delete --domain=directory.demo.example.com
# engine-manage-domains delete --domain=directory.demo.example.comCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Log in to the Administration Portal, and remove all users and groups related to the old profile. Users defined in the removed domain will no longer be able to authenticate with the Red Hat Enterprise Virtualization Manager. The entries for the affected users will remain defined in the Red Hat Enterprise Virtualization Manager until they are explicitly removed from the Administration Portal.
- Optionally rename the profile name of the directory server to the one originally used. Restart the engine service:
vi /etc/ovirt-engine/extensions.d/profile1-authn.properties
# vi /etc/ovirt-engine/extensions.d/profile1-authn.properties ovirt.engine.aaa.authn.profile.name = New_profile_nameCopy to Clipboard Copied! Toggle word wrap Toggle overflow service ovirt-engine restart
# service ovirt-engine restartCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}