https://fedorahosted.org/freeipa/ticket/5071

--
David Kupka
From c4a72b64aab5abfde15f06b037da1c3ab2cfa220 Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Thu, 13 Aug 2015 16:41:23 +0200
Subject: [PATCH 1/2] Add /etc/tmpfiles.d/dirsrv-<serverid>.conf to backup

https://fedorahosted.org/freeipa/ticket/5071
---
 ipaplatform/base/paths.py       | 1 +
 ipaserver/install/ipa_backup.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 4c93c1f7162b0aeb4f798ef84e1ac8db4573518b..db7f0345ef91b5a04ad81aada53d8a4aa4874d0b 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -350,6 +350,7 @@ class BasePathNamespace(object):
     DB2BAK = '/usr/sbin/db2bak'
     KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf'
     CERTMONGER = '/usr/sbin/certmonger'
+    ETC_TMPFILES_D_DIRSRV_CONF = '/etc/tmpfiles.d/dirsrv-%s.conf'
 
 
 path_namespace = BasePathNamespace
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 36f666044e85ab1cb3051ff513db5ea7d68e1bb1..c1ec7b9c340bbcc9e628d3dc75a12899432826a7 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -343,6 +343,7 @@ class Backup(admintool.AdminTool):
 
         for file in [
                 paths.SYSCONFIG_DIRSRV_INSTANCE % serverid,
+                paths.ETC_TMPFILES_D_DIRSRV_CONF % serverid,
                 paths.SYSCONFIG_DIRSRV_PKI_IPA_DIR]:
             if os.path.exists(file):
                 self.files.append(file)
-- 
2.4.3

From 90a58ccd8084a0f8b7cd4f27d192fddde05d4d51 Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Wed, 19 Aug 2015 08:10:03 +0200
Subject: [PATCH 2/2] Backup/resore authentication control configuration

https://fedorahosted.org/freeipa/ticket/5071
---
 ipaplatform/base/tasks.py        | 15 +++++++++++++++
 ipaplatform/redhat/authconfig.py |  6 ++++++
 ipaplatform/redhat/tasks.py      | 10 ++++++++++
 ipaserver/install/ipa_backup.py  |  4 ++++
 ipaserver/install/ipa_restore.py |  4 ++++
 5 files changed, 39 insertions(+)

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 08fdb494a3bfc6c59bebf4af2f72f54a26724700..65715145af533c90038b3e8667da07fd28b7ec56 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -150,6 +150,21 @@ class BaseTaskNamespace(object):
 
         return
 
+    def backup_auth_configuration(self, path):
+        """
+        Create backup of access control configuration.
+        :param path: store the backup here. This will be passed to
+        restore_auth_configuration as well.
+        """
+        return
+
+    def restore_auth_configuration(self, path):
+        """
+        Restore backup of access control configuration.
+        :param path: restore the backup from here.
+        """
+        return
+
     def set_selinux_booleans(self, required_settings, backup_func=None):
         """Set the specified SELinux booleans
 
diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py
index 901eb51637d193d80bc3927929d7d436065ec262..edefee8b2b4922ad67cdbac158615ef32c776bb4 100644
--- a/ipaplatform/redhat/authconfig.py
+++ b/ipaplatform/redhat/authconfig.py
@@ -84,3 +84,9 @@ class RedHatAuthConfig(object):
 
         args = self.build_args()
         ipautil.run(["/usr/sbin/authconfig"] + args)
+
+    def backup(self, path):
+        ipautil.run(["/usr/sbin/authconfig", "--savebackup", path])
+
+    def restore(self, path):
+        ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path])
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index 5f88324320d19e8b1be15c0421ef703046212a94..83097b26785193afaeaa41941317a3b2cb64528a 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -161,6 +161,16 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         auth_config.add_option("nostart")
         auth_config.execute()
 
+    def backup_auth_configuration(self, path):
+        auth_config = RedHatAuthConfig()
+        auth_config.backup(path)
+        return
+
+    def restore_auth_configuration(self, path):
+        auth_config = RedHatAuthConfig()
+        auth_config.restore(path)
+        return
+
     def reload_systemwide_ca_store(self):
         try:
             ipautil.run([paths.UPDATE_CA_TRUST])
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index c1ec7b9c340bbcc9e628d3dc75a12899432826a7..950b9870b5a9e3ae5a5eb64a1240a60917c93415 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -41,6 +41,7 @@ from ipapython import ipaldap
 from ipalib.session import ISO8601_DATETIME_FMT
 from ipalib.constants import CACERT
 from ConfigParser import SafeConfigParser
+from ipaplatform.tasks import tasks
 
 """
 A test gpg can be generated like this:
@@ -300,6 +301,9 @@ class Backup(admintool.AdminTool):
                     self.db2ldif(instance, 'userRoot', online=options.online)
                     self.db2bak(instance, online=options.online)
             if not options.data_only:
+                # create backup of auth configuration
+                auth_backup_path = os.path.join(paths.VAR_LIB_IPA, 'auth_backup')
+                tasks.backup_auth_configuration(auth_backup_path)
                 self.file_backup(options)
             self.finalize_backup(options.data_only, options.gpg, options.gpg_keyring)
 
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 65cb49355a0567446debe9c367aa3c1bc5a12e1c..cfa35de91f11a9d7e28f9a4ba9fd76ee841f1095 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -386,6 +386,10 @@ class Restore(admintool.AdminTool):
                     self.log.info('Starting Directory Server')
                     dirsrv.start(capture_output=False)
             else:
+                # restore access controll configuration
+                auth_backup_path = os.path.join(paths.VAR_LIB_IPA, 'auth_backup')
+                if os.path.exists(auth_backup_path):
+                    tasks.restore_auth_configuration(auth_backup_path)
                 # explicitly enable then disable the pki tomcatd service to
                 # re-register its instance. FIXME, this is really wierd.
                 services.knownservices.pki_tomcatd.enable()
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to