On 09/21/2015 12:57 PM, Jan Cholasta wrote:
> Hi,
> 
> On 21.9.2015 09:47, Tomas Babej wrote:
>>
>>
>> On 09/17/2015 05:13 PM, Tomas Babej wrote:
>>> Hi,
>>>
>>> Certain subcomponents of IPA, such as Dogtag, cannot function if
>>> non-critical directories (such as log directories) have not been
>>> stored in the backup.
>>>
>>> This patch implements storage of selected empty directories,
>>> while preserving attributes and SELinux context.
>>>
>>> https://fedorahosted.org/freeipa/ticket/5297
>>>
>>
>> Attaching a patch for gzip requires. This is more a formal thing than
>> anything else, gzip is required by systemd anyway.
> 
> Please squash this change into the previous patch, there is no benefit
> in having it in a separate patch.
> 
> Honza
> 

Sure, this was more of an afterthought, attached.

I also added some helpful comments that Martin^2 requested.

Tomas
From b549f1e3fca4c052c5fbfd24ad9c633a11b470ed Mon Sep 17 00:00:00 2001
From: Tomas Babej <tba...@redhat.com>
Date: Thu, 17 Sep 2015 17:09:33 +0200
Subject: [PATCH] ipa-backup: Add mechanism to store empty directory structure

Certain subcomponents of IPA, such as Dogtag, cannot function if
non-critical directories (such as log directories) have not been
stored in the backup.

This patch implements storage of selected empty directories,
while preserving attributes and SELinux context.

https://fedorahosted.org/freeipa/ticket/5297
---
 freeipa.spec.in                 |  1 +
 ipaplatform/base/paths.py       |  3 +++
 ipaserver/install/ipa_backup.py | 50 ++++++++++++++++++++++++++++++++++++++---
 3 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in
index ddbb179be66471f71879cbdd95e83e5ba31cf6da..67c5acb9e49b6222a072ef799038573c46f4eb4c 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -160,6 +160,7 @@ Requires: softhsm >= 2.0.0rc1-1
 Requires: p11-kit
 Requires: systemd-python
 Requires: %{etc_systemd_dir}
+Requires: gzip
 
 Conflicts: %{alt_name}-server
 Obsoletes: %{alt_name}-server < %{version}
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 0b6b199df84b5878a3822b1ab08cd16b1d747a76..a3e221bb20619c24256781275de2fcea7f3c2d2a 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -329,6 +329,9 @@ class BasePathNamespace(object):
     TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
     TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"
     TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"
+    TOMCAT_KRA_DIR = "/var/log/pki/pki-tomcat/kra"
+    TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
+    TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
     LOG_SECURE = "/var/log/secure"
     NAMED_RUN = "/var/named/data/named.run"
     VAR_OPENDNSSEC_DIR = "/var/opendnssec"
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index ce5cf9d4f3670bc162f588ee6b2095519410175e..f9e3a700a0a56ff6237cf0529ca6a94b4a7d7bb7 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -202,6 +202,16 @@ class Backup(admintool.AdminTool):
       paths.NAMED_RUN,
     )
 
+    required_dirs=(
+      paths.TOMCAT_TOPLEVEL_DIR,
+      paths.TOMCAT_CA_DIR,
+      paths.TOMCAT_SIGNEDAUDIT_DIR,
+      paths.TOMCAT_CA_ARCHIVE_DIR,
+      paths.TOMCAT_KRA_DIR,
+      paths.TOMCAT_KRA_SIGNEDAUDIT_DIR,
+      paths.TOMCAT_KRA_ARCHIVE_DIR,
+    )
+
     def __init__(self, options, args):
         super(Backup, self).__init__(options, args)
         self._conn = None
@@ -486,13 +496,15 @@ class Backup(admintool.AdminTool):
         def verify_directories(dirs):
             return [s for s in dirs if os.path.exists(s)]
 
+        tarfile = os.path.join(self.dir, 'files.tar')
+
         self.log.info("Backing up files")
         args = ['tar',
                 '--exclude=/var/lib/ipa/backup',
                 '--xattrs',
                 '--selinux',
-                '-czf',
-                os.path.join(self.dir, 'files.tar')
+                '-cf',
+                tarfile
                ]
 
         args.extend(verify_directories(self.dirs))
@@ -503,7 +515,39 @@ class Backup(admintool.AdminTool):
 
         (stdout, stderr, rc) = run(args, raiseonerr=False)
         if rc != 0:
-            raise admintool.ScriptError('tar returned non-zero %d: %s' % (rc, stdout))
+            raise admintool.ScriptError('tar returned non-zero code '
+                '%d: %s' % (rc, stderr))
+
+        # Backup the necessary directory structure. This is a separate
+        # call since we are using the '--no-recursion' flag to store
+        # the directory structure only, no files.
+        missing_directories = verify_directories(self.required_dirs)
+
+        if missing_directories:
+            args = ['tar',
+                    '--exclude=/var/lib/ipa/backup',
+                    '--xattrs',
+                    '--selinux',
+                    '--no-recursion',
+                    '-rf',  # -r appends to an existing archive
+                    tarfile,
+                   ]
+            args.extend(missing_directories)
+
+            (stdout, stderr, rc) = run(args, raiseonerr=False)
+            if rc != 0:
+                raise admintool.ScriptError('tar returned non-zero %d when adding '
+                    'directory structure: %s' % (rc, stderr))
+
+        # Compress the archive. This is done separately, since 'tar' cannot
+        # append to a compressed archive.
+        (stdout, stderr, rc) = run(['gzip', tarfile], raiseonerr=False)
+        if rc != 0:
+            raise admintool.ScriptError('gzip returned non-zero %d when '
+                'compressing the backup: %s' % (rc, stderr))
+
+        # Rename the archive back to files.tar to preserve compatibility
+        os.rename(os.path.join(self.dir, 'files.tar.gz'), tarfile)
 
 
     def create_header(self, data_only):
-- 
2.1.0

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to