mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Fix upgrade when named.conf does not exist
Commit aee0d2180c
adds an upgrade step
that adds system crypto policy include to named.conf. This step
omitted the named.conf existence check; upgrade fails when it does
not exist. Add the existence check.
Also update the test to add the IPA-related part of the named.conf
config, because the "existence check" actually does more than just
check that the file exists - it also check that it contains the IPA
bind-dyndb-ldap configuration section.
Part of: https://pagure.io/freeipa/issue/4853
Reviewed-By: Christian Heimes <cheimes@redhat.com>
This commit is contained in:
parent
b0d8c6c211
commit
421fc376cc
@ -93,6 +93,10 @@ def create_reverse():
|
|||||||
|
|
||||||
|
|
||||||
def named_conf_exists():
|
def named_conf_exists():
|
||||||
|
"""
|
||||||
|
Checks that named.conf exists AND that it contains IPA-related config.
|
||||||
|
|
||||||
|
"""
|
||||||
try:
|
try:
|
||||||
with open(paths.NAMED_CONF, 'r') as named_fd:
|
with open(paths.NAMED_CONF, 'r') as named_fd:
|
||||||
lines = named_fd.readlines()
|
lines = named_fd.readlines()
|
||||||
|
@ -905,6 +905,10 @@ def named_add_server_id():
|
|||||||
def named_add_crypto_policy():
|
def named_add_crypto_policy():
|
||||||
"""Add crypto policy include
|
"""Add crypto policy include
|
||||||
"""
|
"""
|
||||||
|
if not bindinstance.named_conf_exists():
|
||||||
|
logger.info('DNS is not configured')
|
||||||
|
return False
|
||||||
|
|
||||||
if sysupgrade.get_upgrade_state('named.conf', 'add_crypto_policy'):
|
if sysupgrade.get_upgrade_state('named.conf', 'add_crypto_policy'):
|
||||||
# upgrade was done already
|
# upgrade was done already
|
||||||
return False
|
return False
|
||||||
|
@ -24,7 +24,6 @@ options {
|
|||||||
include "random/file";
|
include "random/file";
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
|
||||||
EXPECTED_CONFIG = """
|
EXPECTED_CONFIG = """
|
||||||
options {
|
options {
|
||||||
\tdnssec-enable yes;
|
\tdnssec-enable yes;
|
||||||
@ -35,6 +34,12 @@ options {
|
|||||||
include "random/file";
|
include "random/file";
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
# bindinstance.named_conf_exists() looks for a section like this
|
||||||
|
IPA_DYNDB_CONFIG = """
|
||||||
|
dyndb "ipa" "/usr/lib/bind/ldap.so" {
|
||||||
|
};
|
||||||
|
"""
|
||||||
|
|
||||||
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
|
POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
|
||||||
|
|
||||||
|
|
||||||
@ -53,14 +58,16 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
|
|||||||
m_get.return_value = False
|
m_get.return_value = False
|
||||||
with open(namedconf, 'w') as f:
|
with open(namedconf, 'w') as f:
|
||||||
f.write(TEST_CONFIG)
|
f.write(TEST_CONFIG)
|
||||||
|
f.write(IPA_DYNDB_CONFIG)
|
||||||
|
|
||||||
named_add_crypto_policy()
|
result = named_add_crypto_policy()
|
||||||
|
assert result
|
||||||
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
||||||
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
|
m_set.assert_called_with('named.conf', 'add_crypto_policy', True)
|
||||||
|
|
||||||
with open(namedconf) as f:
|
with open(namedconf) as f:
|
||||||
content = f.read()
|
content = f.read()
|
||||||
assert content == EXPECTED_CONFIG
|
assert content == ''.join([EXPECTED_CONFIG, IPA_DYNDB_CONFIG])
|
||||||
|
|
||||||
m_get.reset_mock()
|
m_get.reset_mock()
|
||||||
m_set.reset_mock()
|
m_set.reset_mock()
|
||||||
@ -69,3 +76,19 @@ def test_add_crypto_policy(m_set, m_get, namedconf):
|
|||||||
named_add_crypto_policy()
|
named_add_crypto_policy()
|
||||||
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
m_get.assert_called_with('named.conf', 'add_crypto_policy')
|
||||||
m_set.assert_not_called()
|
m_set.assert_not_called()
|
||||||
|
|
||||||
|
|
||||||
|
@patch('ipaserver.install.sysupgrade.get_upgrade_state')
|
||||||
|
@patch('ipaserver.install.sysupgrade.set_upgrade_state')
|
||||||
|
def test_add_crypto_policy_no_ipa(m_set, m_get, namedconf):
|
||||||
|
# Test if the update step is skipped when named.conf doesn't contain
|
||||||
|
# IPA related settings.
|
||||||
|
m_get.return_value = False
|
||||||
|
with open(namedconf, 'w') as f:
|
||||||
|
f.write(TEST_CONFIG)
|
||||||
|
|
||||||
|
result = named_add_crypto_policy()
|
||||||
|
assert not result
|
||||||
|
|
||||||
|
m_get.assert_not_called()
|
||||||
|
m_set.assert_not_called()
|
||||||
|
Loading…
Reference in New Issue
Block a user