On 30.10.2015 10:55, Martin Basti wrote:
> 
> 
> On 30.10.2015 10:41, Petr Spacek wrote:
>> Hello,
>>
>> DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if backup failed
>> DNSSEC: improve log messages in uninstaller
>>
>> This is suitable for ipa-4-2 branch and newer.
>>
> NACK
> 
> Please extract the list from for cycle to separate variable and do extend with
> that variable.
> 
> Also this code doesnt work, I tried simillar in python and I got:
> 
> In [1]: t=[1]
> 
> In [2]: for f in [10, 20, 30].extend(t):
>    ...:     print f
>    ...:
> ---------------------------------------------------------------------------
> TypeError                                 Traceback (most recent call last)
> <ipython-input-2-bb6c0d6748ef> in <module>()
> ----> 1 for f in [10, 20, 30].extend(t):
>       2     print f
>       3
> 
> TypeError: 'NoneType' object is not iterable

Thank you for catching this. I believed to lint and that was a bad idea!

Push only to master is fine with me, I'm not willing to go though more
bureaucracy for this small change.

-- 
Petr^2 Spacek
From e24e4a5a19c8e66e342bdd6def7b9372a8c799b1 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 30 Oct 2015 10:39:49 +0100
Subject: [PATCH] DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if
 backup failed

---
 ipaserver/install/opendnssecinstance.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 02fc61e468735070d3f6a5985bf1ea8333a6689e..322eec5861e8b2101c2e26874e95b2415246f5b4 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -343,6 +343,9 @@ class OpenDNSSECInstance(service.Service):
                                    'ISMASTER', None,
                                    quotes=False, separator='=')
 
+        restore_list = [paths.OPENDNSSEC_CONF_FILE, paths.OPENDNSSEC_KASP_FILE,
+                        paths.SYSCONFIG_ODS, paths.OPENDNSSEC_ZONELIST_FILE]
+
         if ipautil.file_exists(paths.OPENDNSSEC_KASP_DB):
 
             # force to export data
@@ -359,14 +362,16 @@ class OpenDNSSECInstance(service.Service):
                             paths.IPA_KASP_DB_BACKUP)
             except IOError as e:
                 root_logger.error(
-                    "Unable to backup OpenDNSSEC database: %s", e)
+                    "Unable to backup OpenDNSSEC database %s, "
+                    "restore will be skipped: %s", paths.OPENDNSSEC_KASP_DB, e)
             else:
                 root_logger.info("OpenDNSSEC database backed up in %s",
                                  paths.IPA_KASP_DB_BACKUP)
+                # restore OpenDNSSEC's KASP DB only if backup succeeded
+                # removing the file without backup could totally break DNSSEC
+                restore_list.append(paths.OPENDNSSEC_KASP_DB)
 
-        for f in [paths.OPENDNSSEC_CONF_FILE, paths.OPENDNSSEC_KASP_FILE,
-                  paths.OPENDNSSEC_KASP_DB, paths.SYSCONFIG_ODS,
-                  paths.OPENDNSSEC_ZONELIST_FILE]:
+        for f in restore_list:
             try:
                 self.fstore.restore_file(f)
             except ValueError as error:
-- 
2.4.3

From b4618410c8f5c833f5828dd6196989e83df603b7 Mon Sep 17 00:00:00 2001
From: Petr Spacek <pspa...@redhat.com>
Date: Fri, 30 Oct 2015 10:32:43 +0100
Subject: [PATCH] DNSSEC: improve log messages in uninstaller

---
 ipaserver/install/opendnssecinstance.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/opendnssecinstance.py b/ipaserver/install/opendnssecinstance.py
index 34dce0f32109b6677737199a90832a45c8f30983..02fc61e468735070d3f6a5985bf1ea8333a6689e 100644
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -349,9 +349,10 @@ class OpenDNSSECInstance(service.Service):
             ods_enforcerd = services.knownservices.ods_enforcerd
             cmd = [paths.IPA_ODS_EXPORTER, 'ipa-full-update']
             try:
+                self.print_msg("Exporting DNSSEC data before uninstallation")
                 ipautil.run(cmd, runas=ods_enforcerd.get_user_name())
             except CalledProcessError:
-                root_logger.debug("OpenDNSSEC database has not been updated")
+                root_logger.error("DNSSEC data export failed")
 
             try:
                 shutil.copy(paths.OPENDNSSEC_KASP_DB,
-- 
2.4.3

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to