On 19/08/15 10:44, David Kupka wrote:
On 19/08/15 09:21, David Kupka wrote:
https://fedorahosted.org/freeipa/ticket/5071

Updated patches attached.

Removed copy-pasted returns. Updated patch attached.

--
David Kupka
From 04644ea40b5bcf6385f5e68a8407bc6b8858b93c Mon Sep 17 00:00:00 2001
From: David Kupka <dku...@redhat.com>
Date: Wed, 19 Aug 2015 08:10:03 +0200
Subject: [PATCH] Backup/resore authentication control configuration

https://fedorahosted.org/freeipa/ticket/5071
---
 ipaplatform/base/tasks.py        | 15 +++++++++++++++
 ipaplatform/redhat/authconfig.py |  6 ++++++
 ipaplatform/redhat/tasks.py      |  8 ++++++++
 ipaserver/install/ipa_backup.py  |  4 ++++
 ipaserver/install/ipa_restore.py |  4 ++++
 5 files changed, 37 insertions(+)

diff --git a/ipaplatform/base/tasks.py b/ipaplatform/base/tasks.py
index 08fdb494a3bfc6c59bebf4af2f72f54a26724700..65715145af533c90038b3e8667da07fd28b7ec56 100644
--- a/ipaplatform/base/tasks.py
+++ b/ipaplatform/base/tasks.py
@@ -150,6 +150,21 @@ class BaseTaskNamespace(object):
 
         return
 
+    def backup_auth_configuration(self, path):
+        """
+        Create backup of access control configuration.
+        :param path: store the backup here. This will be passed to
+        restore_auth_configuration as well.
+        """
+        return
+
+    def restore_auth_configuration(self, path):
+        """
+        Restore backup of access control configuration.
+        :param path: restore the backup from here.
+        """
+        return
+
     def set_selinux_booleans(self, required_settings, backup_func=None):
         """Set the specified SELinux booleans
 
diff --git a/ipaplatform/redhat/authconfig.py b/ipaplatform/redhat/authconfig.py
index 901eb51637d193d80bc3927929d7d436065ec262..edefee8b2b4922ad67cdbac158615ef32c776bb4 100644
--- a/ipaplatform/redhat/authconfig.py
+++ b/ipaplatform/redhat/authconfig.py
@@ -84,3 +84,9 @@ class RedHatAuthConfig(object):
 
         args = self.build_args()
         ipautil.run(["/usr/sbin/authconfig"] + args)
+
+    def backup(self, path):
+        ipautil.run(["/usr/sbin/authconfig", "--savebackup", path])
+
+    def restore(self, path):
+        ipautil.run(["/usr/sbin/authconfig", "--restorebackup", path])
diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py
index b26604aa736eb472c88bc0dcbc3a4b515712ce9d..1af99d318c6745b1e5285c7829c2b292f86c8390 100644
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
@@ -161,6 +161,14 @@ class RedHatTaskNamespace(BaseTaskNamespace):
         auth_config.add_option("nostart")
         auth_config.execute()
 
+    def backup_auth_configuration(self, path):
+        auth_config = RedHatAuthConfig()
+        auth_config.backup(path)
+
+    def restore_auth_configuration(self, path):
+        auth_config = RedHatAuthConfig()
+        auth_config.restore(path)
+
     def reload_systemwide_ca_store(self):
         try:
             ipautil.run([paths.UPDATE_CA_TRUST])
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index b655be87dfb90ca3cd0df8bce5e4693ab4f136fd..6ce467f1e819a2ea8693e5ae9d1ee631ecc31bd2 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -41,6 +41,7 @@ from ipapython import ipaldap
 from ipalib.session import ISO8601_DATETIME_FMT
 from ipalib.constants import CACERT
 from ConfigParser import SafeConfigParser
+from ipaplatform.tasks import tasks
 
 """
 A test gpg can be generated like this:
@@ -302,6 +303,9 @@ class Backup(admintool.AdminTool):
                     self.db2ldif(instance, 'userRoot', online=options.online)
                     self.db2bak(instance, online=options.online)
             if not options.data_only:
+                # create backup of auth configuration
+                auth_backup_path = os.path.join(paths.VAR_LIB_IPA, 'auth_backup')
+                tasks.backup_auth_configuration(auth_backup_path)
                 self.file_backup(options)
             self.finalize_backup(options.data_only, options.gpg, options.gpg_keyring)
 
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index cb2aa781a1331171aa3a31f889bff9736f22ef80..ea9f8228f3cff233abb160a28c9af8b2435b65ec 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -386,6 +386,10 @@ class Restore(admintool.AdminTool):
                     self.log.info('Starting Directory Server')
                     dirsrv.start(capture_output=False)
             else:
+                # restore access controll configuration
+                auth_backup_path = os.path.join(paths.VAR_LIB_IPA, 'auth_backup')
+                if os.path.exists(auth_backup_path):
+                    tasks.restore_auth_configuration(auth_backup_path)
                 # explicitly enable then disable the pki tomcatd service to
                 # re-register its instance. FIXME, this is really wierd.
                 services.knownservices.pki_tomcatd.enable()
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to