The attached patch implements a request by Petr^2 Spacek during the
review of my PATCHES 0015-0017, which are prerequisites of the patch and
were pushed today.
Petr wanted each DNSSEC daemon (ipa-dnskeysync-replica, ipa-dnskeysyncd,
and ipa-ods-exporter) to have its own CCache file to simplify his life
during debugging DNSSEC-related issues.
--
Martin^3 Babinsky
From b4ceafcbb9cefe19121caf0e63cc09a30e2ef811 Mon Sep 17 00:00:00 2001
From: Martin Babinsky
Date: Wed, 15 Apr 2015 15:20:00 +0200
Subject: [PATCH] use separate ccache filename for each IPA DNSSEC daemon
ipa-dnskeysyncd, ipa-dnskeysync-replica, and ipa-ods-exporter use a generic
'ccache' filename for credential storage, making debugging Kerberos-related
errors unnecessarily complicated. This patch renames the ccache files so that
each of these daemons now has its own credenital cache.
---
daemons/dnssec/ipa-dnskeysync-replica | 2 +-
daemons/dnssec/ipa-dnskeysyncd| 2 +-
daemons/dnssec/ipa-ods-exporter | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/daemons/dnssec/ipa-dnskeysync-replica b/daemons/dnssec/ipa-dnskeysync-replica
index bcf9282153c9d105179d21237442598c1db530b5..c2c4c2725a9c46db4db04894a326ddf40e254eab 100755
--- a/daemons/dnssec/ipa-dnskeysync-replica
+++ b/daemons/dnssec/ipa-dnskeysync-replica
@@ -139,7 +139,7 @@ log.setLevel(level=logging.DEBUG)
# Kerberos initialization
PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host))
log.debug('Kerberos principal: %s', PRINCIPAL)
-ccache_filename = os.path.join(WORKDIR, 'ccache')
+ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysync-replica.ccache')
ipautil.kinit_keytab(PRINCIPAL, paths.IPA_DNSKEYSYNCD_KEYTAB, ccache_filename)
os.environ['KRB5CCNAME'] = ccache_filename
log.debug('Got TGT')
diff --git a/daemons/dnssec/ipa-dnskeysyncd b/daemons/dnssec/ipa-dnskeysyncd
index b17c8d94e8a3c35a2aa29a1ce697ffdef654eeda..398f0076290c0d4bea48d15714505d46cd5ef5d4 100755
--- a/daemons/dnssec/ipa-dnskeysyncd
+++ b/daemons/dnssec/ipa-dnskeysyncd
@@ -65,7 +65,7 @@ log = root_logger
# Kerberos initialization
PRINCIPAL = str('%s/%s' % (DAEMONNAME, api.env.host))
log.debug('Kerberos principal: %s', PRINCIPAL)
-ccache_filename = os.path.join(WORKDIR, 'ccache')
+ccache_filename = os.path.join(WORKDIR, 'ipa-dnskeysyncd.ccache')
ipautil.kinit_keytab(PRINCIPAL, KEYTAB_FB, ccache_filename)
os.environ['KRB5CCNAME'] = ccache_filename
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
index 6d33b79bbddb59a8194107a7f2455e56637bad17..913b418af2806e2660a7db221e06394b501bbb18 100755
--- a/daemons/dnssec/ipa-ods-exporter
+++ b/daemons/dnssec/ipa-ods-exporter
@@ -399,7 +399,7 @@ ipalib.api.finalize()
# Kerberos initialization
PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host))
log.debug('Kerberos principal: %s', PRINCIPAL)
-ccache_name = os.path.join(WORKDIR, 'ccache')
+ccache_name = os.path.join(WORKDIR, 'ipa-ods-exporter.ccache')
ipautil.kinit_keytab(PRINCIPAL, paths.IPA_ODS_EXPORTER_KEYTAB, ccache_name)
os.environ['KRB5CCNAME'] = ccache_name
log.debug('Got TGT')
--
2.1.0
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code