IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

DNSSEC: logging improvements in ipa-ods-exporter

Browse Source 
https://fedorahosted.org/freeipa/ticket/5348

Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
Petr Spacek
2015-12-15 14:16:52 +01:00
committed by Martin Basti
parent 3c9c37cec1
commit 6bdc18d0c5
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
daemons/dnssec/ipa-ods-exporter
View File

@@ -487,6 +487,11 @@ def cmd2ods_zone_name(cmd):
return zone_name return zone_name
def sync_zone(log, ldap, dns_dn, zone_name): def sync_zone(log, ldap, dns_dn, zone_name):
"""synchronize metadata about zone keys for single DNS zone
Key material has to be synchronized elsewhere.
Keep in mind that keys could be shared among multiple zones!"""
log.getChild("%s.%s" % (__name__, zone_name))
log.debug('synchronizing zone "%s"', zone_name) log.debug('synchronizing zone "%s"', zone_name)
ods_keys = get_ods_keys(zone_name) ods_keys = get_ods_keys(zone_name)
ods_keys_id = set(ods_keys.keys()) ods_keys_id = set(ods_keys.keys())
@@ -519,30 +524,30 @@ def sync_zone(log, ldap, dns_dn, zone_name):
ldap_keys_id = set(ldap_keys.keys()) ldap_keys_id = set(ldap_keys.keys())
new_keys_id = ods_keys_id - ldap_keys_id new_keys_id = ods_keys_id - ldap_keys_id
log.info('new keys from ODS: %s', new_keys_id) log.info('new key metadata from ODS: %s', new_keys_id)
for key_id in new_keys_id: for key_id in new_keys_id:
cn = "cn=%s" % key_id cn = "cn=%s" % key_id
key_dn = DN(cn, keys_dn) key_dn = DN(cn, keys_dn)
log.debug('adding key "%s" to LDAP', key_dn) log.debug('adding key metadata "%s" to LDAP', key_dn)
ldap_key = ldap.make_entry(key_dn, ldap_key = ldap.make_entry(key_dn,
objectClass=['idnsSecKey'], objectClass=['idnsSecKey'],
**ods_keys[key_id]) **ods_keys[key_id])
ldap.add_entry(ldap_key) ldap.add_entry(ldap_key)
deleted_keys_id = ldap_keys_id - ods_keys_id deleted_keys_id = ldap_keys_id - ods_keys_id
log.info('deleted keys in LDAP: %s', deleted_keys_id) log.info('deleted key metadata in LDAP: %s', deleted_keys_id)
for key_id in deleted_keys_id: for key_id in deleted_keys_id:
cn = "cn=%s" % key_id cn = "cn=%s" % key_id
key_dn = DN(cn, keys_dn) key_dn = DN(cn, keys_dn)
log.debug('deleting key "%s" from LDAP', key_dn) log.debug('deleting key metadata "%s" from LDAP', key_dn)
ldap.delete_entry(key_dn) ldap.delete_entry(key_dn)
update_keys_id = ldap_keys_id.intersection(ods_keys_id) update_keys_id = ldap_keys_id.intersection(ods_keys_id)
log.info('keys in LDAP & ODS: %s', update_keys_id) log.info('key metadata in LDAP & ODS: %s', update_keys_id)
for key_id in update_keys_id: for key_id in update_keys_id:
ldap_key = ldap_keys[key_id] ldap_key = ldap_keys[key_id]
ods_key = ods_keys[key_id] ods_key = ods_keys[key_id]
log.debug('updating key "%s" in LDAP', ldap_key.dn) log.debug('updating key metadata "%s" in LDAP', ldap_key.dn)
ldap_key.update(ods_key) ldap_key.update(ods_key)
try: try:
ldap.update_entry(ldap_key) ldap.update_entry(ldap_key)