Hello, DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if backup failed DNSSEC: improve log messages in uninstaller
This is suitable for ipa-4-2 branch and newer. -- Petr^2 Spacek
From b4618410c8f5c833f5828dd6196989e83df603b7 Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Fri, 30 Oct 2015 10:32:43 +0100 Subject: [PATCH] DNSSEC: improve log messages in uninstaller --- ipaserver/install/opendnssecinstance.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py index 34dce0f32109b6677737199a90832a45c8f30983..02fc61e468735070d3f6a5985bf1ea8333a6689e 100644 --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py @@ -349,9 +349,10 @@ class OpenDNSSECInstance(service.Service): ods_enforcerd = services.knownservices.ods_enforcerd cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update'] try: + self.print_msg("Exporting DNSSEC data before uninstallation") ipautil.run(cmd, runas=ods_enforcerd.get_user_name()) except CalledProcessError: - root_logger.debug("OpenDNSSEC database has not been updated") + root_logger.error("DNSSEC data export failed") try: shutil.copy(paths.OPENDNSSEC_KASP_DB, -- 2.4.3
From de001cfa0e15b0e602c1f2af10a87a590527a21a Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Fri, 30 Oct 2015 10:39:49 +0100 Subject: [PATCH] DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if backup failed --- ipaserver/install/opendnssecinstance.py | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py index 02fc61e468735070d3f6a5985bf1ea8333a6689e..c962c3625d34853e81605358ba200883de901ed1 100644 --- a/ipaserver/install/opendnssecinstance.py +++ b/ipaserver/install/opendnssecinstance.py @@ -343,6 +343,7 @@ class OpenDNSSECInstance(service.Service): 'ISMASTER', None, quotes=False, separator='=') + kasp_db_to_restore = [] if ipautil.file_exists(paths.OPENDNSSEC_KASP_DB): # force to export data @@ -359,14 +360,18 @@ class OpenDNSSECInstance(service.Service): paths.IPA_KASP_DB_BACKUP) except IOError as e: root_logger.error( - "Unable to backup OpenDNSSEC database: %s", e) + "Unable to backup OpenDNSSEC database %s, " + "restore will be skipped: %s", paths.OPENDNSSEC_KASP_DB, e) else: root_logger.info("OpenDNSSEC database backed up in %s", paths.IPA_KASP_DB_BACKUP) + kasp_db_to_restore = [paths.OPENDNSSEC_KASP_DB] + # do not restore OpenDNSSEC's KASP DB if backup failed + # removing the file without backup could totally break DNS setup for f in [paths.OPENDNSSEC_CONF_FILE, paths.OPENDNSSEC_KASP_FILE, - paths.OPENDNSSEC_KASP_DB, paths.SYSCONFIG_ODS, - paths.OPENDNSSEC_ZONELIST_FILE]: + paths.SYSCONFIG_ODS, paths.OPENDNSSEC_ZONELIST_FILE].extend( + kasp_db_to_restore): try: self.fstore.restore_file(f) except ValueError as error: -- 2.4.3
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code