The attached patch implements a request by Petr^2 Spacek during the review of my PATCHES 0015-0017, which are prerequisites of the patch and were pushed today.

Petr wanted each DNSSEC daemon (ipa-dnskeysync-replica, ipa-dnskeysyncd, and ipa-ods-exporter) to have its own CCache file to simplify his life during debugging DNSSEC-related issues.


--
Martin^3 Babinsky
From b4ceafcbb9cefe19121caf0e63cc09a30e2ef811 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 15 Apr 2015 15:20:00 +0200
Subject: [PATCH] use separate ccache filename for each IPA DNSSEC daemon

ipa-dnskeysyncd, ipa-dnskeysync-replica, and ipa-ods-exporter use a generic
'ccache' filename for credential storage, making debugging Kerberos-related
errors unnecessarily complicated. This patch renames the ccache files so that
each of these daemons now has its own credenital cache.
---
 daemons/dnssec/ipa-dnskeysync-replica | 2 +-
 daemons/dnssec/ipa-dnskeysyncd        | 2 +-
 daemons/dnssec/ipa-ods-exporter       | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica
index bcf9282153c9d105179d21237442598c1db530b5..c2c4c2725a9c46db4db04894a326ddf40e254eab 100755
--- a/daemons/dnssec/ipa-dnskeysync-replica
+++ b/daemons/dnssec/ipa-dnskeysync-replica
@@ -139,7 +139,7 @@ log.setLevel(level=logging.DEBUG)
 # Kerberos initialization
 PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host))
 log.debug('Kerberos principal: %s', PRINCIPAL)
-ccache_filename = os.path.join(WORKDIR, 'ccache')
+ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysync-replica.ccache')
 ipautil.kinit_keytab(PRINCIPAL, paths.IPA_DNSKEYSYNCD_KEYTAB, ccache_filename)
 os.environ['KRB5CCNAME'] = ccache_filename
 log.debug('Got TGT')
diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd
index b17c8d94e8a3c35a2aa29a1ce697ffdef654eeda..398f0076290c0d4bea48d15714505d46cd5ef5d4 100755
--- a/daemons/dnssec/ipa-dnskeysyncd
+++ b/daemons/dnssec/ipa-dnskeysyncd
@@ -65,7 +65,7 @@ log = root_logger
 # Kerberos initialization
 PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host))
 log.debug('Kerberos principal: %s', PRINCIPAL)
-ccache_filename = os.path.join(WORKDIR, 'ccache')
+ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysyncd.ccache')
 ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename)
 os.environ['KRB5CCNAME'] = ccache_filename
 
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 6d33b79bbddb59a8194107a7f2455e56637bad17..913b418af2806e2660a7db221e06394b501bbb18 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -399,7 +399,7 @@ ipalib.api.finalize()
 # Kerberos initialization
 PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host))
 log.debug('Kerberos principal: %s', PRINCIPAL)
-ccache_name = os.path.join(WORKDIR, 'ccache')
+ccache_name = os.path.join(WORKDIR, 'ipa-ods-exporter.ccache')
 ipautil.kinit_keytab(PRINCIPAL, paths.IPA_ODS_EXPORTER_KEYTAB, ccache_name)
 os.environ['KRB5CCNAME'] = ccache_name
 log.debug('Got TGT')
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to