https://fedorahosted.org/freeipa/ticket/5293
Patch attached.
From 1436a83909d808e7f81e91dc2d992b8f1e39ed84 Mon Sep 17 00:00:00 2001 From: Martin Basti <mba...@redhat.com> Date: Thu, 10 Sep 2015 16:35:54 +0200 Subject: [PATCH] IPA Restore: allows to specify files that should be removed Some files/directories should be removed before backup files are copied to filesystem. In case of DNSSEC, the /var/lib/ipa/dnssec/tokens directory has to be removed, otherwise tokens that are backed up and existing tokens will be mixed and SOFTHSM log in will not work https://fedorahosted.org/freeipa/ticket/5293 --- ipaserver/install/ipa_restore.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index e8820b99ede4bb8eaa95bb8f25d946cb369f3048..8e5f4d4beaf353bc61bd286ecfc459b7fdea450f 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -50,6 +50,15 @@ except ImportError: adtrustinstance = None +# directories and files listed here will be removed from filesystem before +# files from backup are copied +DIRS_TO_BE_REMOVED = [ + paths.DNSSEC_TOKENS_DIR, +] + +FILES_TO_BE_REMOVED = [] + + def recursive_chown(path, uid, gid): ''' Change ownership of all files and directories in a path. @@ -365,6 +374,7 @@ class Restore(admintool.AdminTool): # We do either a full file restore or we restore data. if restore_type == 'FULL': + self.remove_old_files() if 'CA' in self.backup_services: create_ca_user() self.cert_restore_prepare() @@ -648,6 +658,20 @@ class Restore(admintool.AdminTool): os.chdir(cwd) + def remove_old_files(self): + """ + Removes all directories, files or temporal files that should be + removed before backup files are copied, to prevent errors. + """ + for d in DIRS_TO_BE_REMOVED: + shutil.rmtree(d, ignore_errors=True) + + for f in FILES_TO_BE_REMOVED: + try: + os.remove(f) + except OSError: + pass + def file_restore(self, nologs=False): ''' Restore all the files in the tarball. -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code