sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-28 11:42:03 +03:00
Code Activity

samba-tool visualize for understanding AD DC behaviour

Browse Source 
To work out what is happening in a replication graph, it is sometimes
helpful to use visualisations. We introduce a samba-tool subcommand to
write Graphviz dot output and generate text-based heatmaps of the
distance in hops between DCs.

There are two subcommands, two graphical modes, and (roughly) two modes of
operation with respect to the location of authority.

`samba-tool visualize ntdsconn` looks at NTDS Connections.
`samba-tool visualize reps` looks at repsTo and repsFrom objects.

In '--distance' mode (default), the distances between DCs are shown in
a matrix in the terminal. With '--color=yes', this is depicted as a
heatmap. With '--utf8' it is a lttle prettier.

In '--dot' mode, Graphviz dot output is generated. When viewed using
dot or xdot, this shows the network as a graph with DCs as vertices
and connections edges. Certain types of degenerate edges are shown in
different colours or line-styles.

Normally samba-tool talks to one database; with the '-r' (a.k.a.
'--talk-to-remote') option attempts are made to contact all the DCs
known to the first database. This is necessary to get sensible results
from `samba-tool visualize reps` because the repsFrom/To objects are
not replicated, and it can reveal replication issues in other modes.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This commit is contained in:
Douglas Bagnall
2017-08-10 11:57:24 +12:00
committed by Karolin Seeger
parent ba2306f00d
commit c6294c3c7b
5 changed files with 1156 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
python/samba/tests/samba_tool/visualize_drs.py Normal file
View File

@ -0,0 +1,110 @@
# Originally based on tests for samba.kcc.ldif_import_export.
# Copyright (C) Andrew Bartlett 2015, 2018
#
# by Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
"""Tests for samba-tool visualize using the vampire DC and promoted DC
environments. We can't assert much about what state they are in, so we
mainly check for cmmand failure.
"""
import os
from samba.tests.samba_tool.base import SambaToolCmdTest
ENV_DSAS = {
'promoted_dc': ['CN=PROMOTEDVDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com',
'CN=LOCALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com'],
'vampire_dc': ['CN=LOCALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com',
'CN=LOCALVAMPIREDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=example,DC=com'],
}
class SambaToolVisualizeDrsTest(SambaToolCmdTest):
def setUp(self):
super(SambaToolVisualizeDrsTest, self).setUp()
def test_ntdsconn(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "ntdsconn",
'-H', server,
'-U', creds,
'--color=no', '-S')
self.assertCmdSuccess(result, out, err)
def test_ntdsconn_remote(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "ntdsconn",
'-H', server,
'-U', creds,
'--color=no', '-S', '-r')
self.assertCmdSuccess(result, out, err)
def test_reps(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "reps",
'-H', server,
'-U', creds,
'--color=no', '-S')
self.assertCmdSuccess(result, out, err)
def test_reps_remote(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "reps",
'-H', server,
'-U', creds,
'--color=no', '-S', '-r')
self.assertCmdSuccess(result, out, err)
def test_ntdsconn_dot(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "ntdsconn",
'-H', server,
'-U', creds, '--dot',
'--color=no', '-S')
self.assertCmdSuccess(result, out, err)
def test_ntdsconn_remote_dot(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "ntdsconn",
'-H', server,
'-U', creds, '--dot',
'--color=no', '-S', '-r')
self.assertCmdSuccess(result, out, err)
def test_reps_dot(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "reps",
'-H', server,
'-U', creds, '--dot',
'--color=no', '-S')
self.assertCmdSuccess(result, out, err)
def test_reps_remote_dot(self):
server = "ldap://%s" % os.environ["SERVER"]
creds = "%s%%%s" % (os.environ["USERNAME"], os.environ["PASSWORD"])
(result, out, err) = self.runsubcmd("visualize", "reps",
'-H', server,
'-U', creds, '--dot',
'--color=no', '-S', '-r')
self.assertCmdSuccess(result, out, err)