Fix named.conf update bug NAMED_DNSSEC_VALIDATION

Commit a5cbdb57e5 introduced a bug when updating IPA from 4.8.6 to 4.8.7. NAMED_DNSSEC_VALIDATION template variable was not declared. Fixes: https://pagure.io/freeipa/issue/8363 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-06-09 15:08:20 +02:00
parent e6fda6f0fb
commit 379b560c75
3 changed files with 44 additions and 1 deletions
--- a/ipaserver/install/server/upgrade.py
+++ b/ipaserver/install/server/upgrade.py
@@ -594,6 +594,15 @@ def named_add_ipa_ext_conf_file():
        logger.info('DNS is not configured.')
        return False

+    # migrate value from named.conf
+    dnssec_validation = bindinstance.named_conf_get_directive(
+        "dnssec-validation",
+        bindinstance.NAMED_SECTION_OPTIONS,
+        str_val=False
+    )
+    if dnssec_validation is None:
+        dnssec_validation = "yes"
+
    tasks = [
        bindinstance.named_add_ext_conf_file(
            paths.NAMED_CUSTOM_CFG_SRC,
@@ -601,7 +610,10 @@ def named_add_ipa_ext_conf_file():
        ),
        bindinstance.named_add_ext_conf_file(
            paths.NAMED_CUSTOM_OPTIONS_CFG_SRC,
-            paths.NAMED_CUSTOM_OPTIONS_CONFIG
+            paths.NAMED_CUSTOM_OPTIONS_CONFIG,
+            dict(
+                NAMED_DNSSEC_VALIDATION=dnssec_validation
+            )
        )
    ]