https://fedorahosted.org/freeipa/ticket/5071
-- David Kupka
From c4a72b64aab5abfde15f06b037da1c3ab2cfa220 Mon Sep 17 00:00:00 2001 From: David Kupka <dku...@redhat.com> Date: Thu, 13 Aug 2015 16:41:23 +0200 Subject: [PATCH 1/2] Add /etc/tmpfiles.d/dirsrv-<serverid>.conf to backup https://fedorahosted.org/freeipa/ticket/5071 --- ipaplatform/base/paths.py | 1 + ipaserver/install/ipa_backup.py | 1 + 2 files changed, 2 insertions(+) diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 4c93c1f7162b0aeb4f798ef84e1ac8db4573518b..db7f0345ef91b5a04ad81aada53d8a4aa4874d0b 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -350,6 +350,7 @@ class BasePathNamespace(object): DB2BAK = '/usr/sbin/db2bak' KDCPROXY_CONFIG = '/etc/ipa/kdcproxy/kdcproxy.conf' CERTMONGER = '/usr/sbin/certmonger' + ETC_TMPFILES_D_DIRSRV_CONF = '/etc/tmpfiles.d/dirsrv-%s.conf' path_namespace = BasePathNamespace diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index 36f666044e85ab1cb3051ff513db5ea7d68e1bb1..c1ec7b9c340bbcc9e628d3dc75a12899432826a7 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -343,6 +343,7 @@ class Backup(admintool.AdminTool): for file in [ paths.SYSCONFIG_DIRSRV_INSTANCE % serverid, + paths.ETC_TMPFILES_D_DIRSRV_CONF % serverid, paths.SYSCONFIG_DIRSRV_PKI_IPA_DIR]: if os.path.exists(file): self.files.append(file) -- 2.4.3
From 90a58ccd8084a0f8b7cd4f27d192fddde05d4d51 Mon Sep 17 00:00:00 2001 From: David Kupka <dku...@redhat.com> Date: Wed, 19 Aug 2015 08:10:03 +0200 Subject: [PATCH 2/2] Backup/resore authentication control configuration https://fedorahosted.org/freeipa/ticket/5071 --- ipaplatform/base/tasks.py | 15 +++++++++++++++ ipaplatform/redhat/authconfig.py | 6 ++++++ ipaplatform/redhat/tasks.py | 10 ++++++++++ ipaserver/install/ipa_backup.py | 4 ++++ ipaserver/install/ipa_restore.py | 4 ++++ 5 files changed, 39 insertions(+) diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py index 08fdb494a3bfc6c59bebf4af2f72f54a26724700..65715145af533c90038b3e8667da07fd28b7ec56 100644 --- a/ipaplatform/base/tasks.py +++ b/ipaplatform/base/tasks.py @@ -150,6 +150,21 @@ class BaseTaskNamespace(object): return + def backup_auth_configuration(self, path): + """ + Create backup of access control configuration. + :param path: store the backup here. This will be passed to + restore_auth_configuration as well. + """ + return + + def restore_auth_configuration(self, path): + """ + Restore backup of access control configuration. + :param path: restore the backup from here. + """ + return + def set_selinux_booleans(self, required_settings, backup_func=None): """Set the specified SELinux booleans diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py index 901eb51637d193d80bc3927929d7d436065ec262..edefee8b2b4922ad67cdbac158615ef32c776bb4 100644 --- a/ipaplatform/redhat/authconfig.py +++ b/ipaplatform/redhat/authconfig.py @@ -84,3 +84,9 @@ class RedHatAuthConfig(object): args = self.build_args() ipautil.run(["/usr/sbin/authconfig"] + args) + + def backup(self, path): + ipautil.run(["/usr/sbin/authconfig", "--savebackup", path]) + + def restore(self, path): + ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path]) diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 5f88324320d19e8b1be15c0421ef703046212a94..83097b26785193afaeaa41941317a3b2cb64528a 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -161,6 +161,16 @@ class RedHatTaskNamespace(BaseTaskNamespace): auth_config.add_option("nostart") auth_config.execute() + def backup_auth_configuration(self, path): + auth_config = RedHatAuthConfig() + auth_config.backup(path) + return + + def restore_auth_configuration(self, path): + auth_config = RedHatAuthConfig() + auth_config.restore(path) + return + def reload_systemwide_ca_store(self): try: ipautil.run([paths.UPDATE_CA_TRUST]) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index c1ec7b9c340bbcc9e628d3dc75a12899432826a7..950b9870b5a9e3ae5a5eb64a1240a60917c93415 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -41,6 +41,7 @@ from ipapython import ipaldap from ipalib.session import ISO8601_DATETIME_FMT from ipalib.constants import CACERT from ConfigParser import SafeConfigParser +from ipaplatform.tasks import tasks """ A test gpg can be generated like this: @@ -300,6 +301,9 @@ class Backup(admintool.AdminTool): self.db2ldif(instance, 'userRoot', online=options.online) self.db2bak(instance, online=options.online) if not options.data_only: + # create backup of auth configuration + auth_backup_path = os.path.join(paths.VAR_LIB_IPA, 'auth_backup') + tasks.backup_auth_configuration(auth_backup_path) self.file_backup(options) self.finalize_backup(options.data_only, options.gpg, options.gpg_keyring) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 65cb49355a0567446debe9c367aa3c1bc5a12e1c..cfa35de91f11a9d7e28f9a4ba9fd76ee841f1095 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -386,6 +386,10 @@ class Restore(admintool.AdminTool): self.log.info('Starting Directory Server') dirsrv.start(capture_output=False) else: + # restore access controll configuration + auth_backup_path = os.path.join(paths.VAR_LIB_IPA, 'auth_backup') + if os.path.exists(auth_backup_path): + tasks.restore_auth_configuration(auth_backup_path) # explicitly enable then disable the pki tomcatd service to # re-register its instance. FIXME, this is really wierd. services.knownservices.pki_tomcatd.enable() -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
