URL: https://github.com/freeipa/freeipa/pull/920 Author: tduehr Title: #920: fix ods-ksmutil for 2.0.x Action: opened
PR body: """ It became ods-enforcer and its behavior changed. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/920/head:pr920 git checkout pr920
From 55940573bdccd72db12efc59b2ac7512518702fb Mon Sep 17 00:00:00 2001 From: Timur Duehr <tdu...@gmail.com> Date: Fri, 14 Jul 2017 11:10:50 -0500 Subject: [PATCH] fix ods-ksmutil for 2.0.x It became ods-enforcer and its behavior changed. --- install/share/opendnssec_conf.template | 1 - ipaplatform/base/paths.py | 3 ++- ipaserver/dnssec/odsmgr.py | 20 +++++++++++--------- ipaserver/install/opendnssecinstance.py | 9 ++------- 4 files changed, 15 insertions(+), 18 deletions(-) diff --git a/install/share/opendnssec_conf.template b/install/share/opendnssec_conf.template index 3d01fb4156..1dc3468632 100644 --- a/install/share/opendnssec_conf.template +++ b/install/share/opendnssec_conf.template @@ -8,7 +8,6 @@ <Module>$SOFTHSM_LIB</Module> <TokenLabel>$TOKEN_LABEL</TokenLabel> <PIN>$PIN</PIN> - <AllowExtraction/> </Repository> </RepositoryList> diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index de3cdce44b..78f762babf 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -168,7 +168,8 @@ class BasePathNamespace(object): NET = "/usr/bin/net" BIN_NISDOMAINNAME = "/usr/bin/nisdomainname" NSUPDATE = "/usr/bin/nsupdate" - ODS_KSMUTIL = "/usr/bin/ods-ksmutil" + ODS_ENFORCER = "/usr/bin/ods-enforcer" + ODS_ENFORCER_SETUP = "/usr/bin/ods-enforcer-db-setup" ODS_SIGNER = "/usr/sbin/ods-signer" OPENSSL = "/usr/bin/openssl" PK12UTIL = "/usr/bin/pk12util" diff --git a/ipaserver/dnssec/odsmgr.py b/ipaserver/dnssec/odsmgr.py index 6b181e2e03..f0f577bff1 100644 --- a/ipaserver/dnssec/odsmgr.py +++ b/ipaserver/dnssec/odsmgr.py @@ -12,6 +12,7 @@ from xml.etree import ElementTree as etree from ipapython import ipa_log_manager, ipautil +from ipaplatform.paths import paths logger = logging.getLogger(__name__) @@ -130,42 +131,43 @@ class ODSMgr(object): def __init__(self): self.zl_ldap = LDAPZoneListReader() - def ksmutil(self, params): - """Call ods-ksmutil with given parameters and return stdout. + def enforcer(self, params): + """Call ods-enforcer with given parameters and return stdout. Raises CalledProcessError if returncode != 0. """ - cmd = ['ods-ksmutil'] + params + cmd = ['ods-enforcer'] + params result = ipautil.run(cmd, capture_output=True) return result.output def get_ods_zonelist(self): - stdout = self.ksmutil(['zonelist', 'export']) - reader = ODSZoneListReader(stdout) + stdout = self.enforcer(['zonelist', 'export']) + with open(paths.OPENDNSSEC_ZONELIST_FILE) as f + reader = ODSZoneListReader(f.read()) return reader def add_ods_zone(self, uuid, name): zone_path = '%s%s' % (ENTRYUUID_PREFIX, uuid) cmd = ['zone', 'add', '--zone', str(name), '--input', zone_path] - output = self.ksmutil(cmd) + output = self.enforcer(cmd) logger.info('%s', output) self.notify_enforcer() def del_ods_zone(self, name): - # ods-ksmutil blows up if zone name has period at the end + # ods-enforcer blows up if zone name has period at the end name = name.relativize(dns.name.root) # detect if name is root zone if name == dns.name.empty: name = dns.name.root cmd = ['zone', 'delete', '--zone', str(name)] - output = self.ksmutil(cmd) + output = self.enforcer(cmd) logger.info('%s', output) self.notify_enforcer() self.cleanup_signer(name) def notify_enforcer(self): cmd = ['notify'] - output = self.ksmutil(cmd) + output = self.enforcer(cmd) logger.info('%s', output) def cleanup_signer(self, zone_name): diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py index 0082b8f26f..3249ed4a93 100644 --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py @@ -279,20 +279,15 @@ def __setup_dnssec(self): os.chmod(paths.OPENDNSSEC_KASP_DB, 0o660) # regenerate zonelist.xml - cmd = [paths.ODS_KSMUTIL, 'zonelist', 'export'] + cmd = [paths.ODS_ENCFORCER, 'zonelist', 'export'] result = ipautil.run(cmd, runas=constants.ODS_USER, capture_output=True) - with open(paths.OPENDNSSEC_ZONELIST_FILE, 'w') as zonelistf: - zonelistf.write(result.output) - os.chown(paths.OPENDNSSEC_ZONELIST_FILE, - self.ods_uid, self.ods_gid) - os.chmod(paths.OPENDNSSEC_ZONELIST_FILE, 0o660) else: # initialize new kasp.db command = [ - paths.ODS_KSMUTIL, + paths.ODS_ENCFORCER_SETUP, 'setup' ]
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org