Hello,
DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if backup failed
DNSSEC: improve log messages in uninstaller
This is suitable for ipa-4-2 branch and newer.
--
Petr^2 Spacek
From b4618410c8f5c833f5828dd6196989e83df603b7 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 30 Oct 2015 10:32:43 +0100
Subject: [PATCH] DNSSEC: improve log messages in uninstaller
---
ipaserver/install/opendnssecinstance.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 34dce0f32109b6677737199a90832a45c8f30983..02fc61e468735070d3f6a5985bf1ea8333a6689e 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -349,9 +349,10 @@ class OpenDNSSECInstance(service.Service):
ods_enforcerd = services.knownservices.ods_enforcerd
cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
try:
+ self.print_msg("Exporting DNSSEC data before uninstallation")
ipautil.run(cmd, runas=ods_enforcerd.get_user_name())
except CalledProcessError:
- root_logger.debug("OpenDNSSEC database has not been updated")
+ root_logger.error("DNSSEC data export failed")
try:
shutil.copy(paths.OPENDNSSEC_KASP_DB,
--
2.4.3
From de001cfa0e15b0e602c1f2af10a87a590527a21a Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 30 Oct 2015 10:39:49 +0100
Subject: [PATCH] DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if
backup failed
---
ipaserver/install/opendnssecinstance.py | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 02fc61e468735070d3f6a5985bf1ea8333a6689e..c962c3625d34853e81605358ba200883de901ed1 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -343,6 +343,7 @@ class OpenDNSSECInstance(service.Service):
'ISMASTER', None,
quotes=False, separator='=')
+ kasp_db_to_restore = []
if ipautil.file_exists(paths.OPENDNSSEC_KASP_DB):
# force to export data
@@ -359,14 +360,18 @@ class OpenDNSSECInstance(service.Service):
paths.IPA_KASP_DB_BACKUP)
except IOError as e:
root_logger.error(
- "Unable to backup OpenDNSSEC database: %s", e)
+ "Unable to backup OpenDNSSEC database %s, "
+ "restore will be skipped: %s", paths.OPENDNSSEC_KASP_DB, e)
else:
root_logger.info("OpenDNSSEC database backed up in %s",
paths.IPA_KASP_DB_BACKUP)
+ kasp_db_to_restore = [paths.OPENDNSSEC_KASP_DB]
+ # do not restore OpenDNSSEC's KASP DB if backup failed
+ # removing the file without backup could totally break DNS setup
for f in [paths.OPENDNSSEC_CONF_FILE, paths.OPENDNSSEC_KASP_FILE,
- paths.OPENDNSSEC_KASP_DB, paths.SYSCONFIG_ODS,
- paths.OPENDNSSEC_ZONELIST_FILE]:
+ paths.SYSCONFIG_ODS, paths.OPENDNSSEC_ZONELIST_FILE].extend(
+ kasp_db_to_restore):
try:
self.fstore.restore_file(f)
except ValueError as error:
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
