named: Make use of 'pkcs11' OpenSSL engine for BIND on Fedora31

Fixes: https://pagure.io/freeipa/issue/8094
Signed-off-by: Stanislav Levin <slev@altlinux.org>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Christian Heimes <cheimes@redhat.com>

ipaplatform/fedora/constants.py

@@ -27,4 +27,6 @@ class FedoraConstantsNamespace(RedHatConstantsNamespace):
     if HAS_NFS_CONF:
         SECURE_NFS_VAR = None
 
+    NAMED_OPENSSL_ENGINE = "pkcs11"
+
 constants = FedoraConstantsNamespace()

ipaplatform/fedora/paths.py

@@ -36,6 +36,8 @@ class FedoraPathNamespace(RedHatPathNamespace):
     NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
     if HAS_NFS_CONF:
         SYSCONFIG_NFS = '/etc/nfs.conf'
+    DNSSEC_OPENSSL_CONF = "/etc/ipa/dnssec/openssl.cnf"
+    DNSSEC_KEYFROMLABEL = "/usr/sbin/dnssec-keyfromlabel"
 
 
 paths = FedoraPathNamespace()

ipaplatform/fedora/services.py

@@ -29,6 +29,8 @@ from ipaplatform.redhat import services as redhat_services
 # Mappings from service names as FreeIPA code references to these services
 # to their actual systemd service names
 fedora_system_units = redhat_services.redhat_system_units.copy()
+fedora_system_units['named'] = fedora_system_units['named-regular']
+fedora_system_units['named-conflict'] = fedora_system_units['named-pkcs11']
 
 
 # Service classes that implement Fedora-specific behaviour
@@ -41,6 +43,8 @@ class FedoraService(redhat_services.RedHatService):
 # of specified name
 
 def fedora_service_class_factory(name, api=None):
+    if name in ['named', 'named-conflict']:
+        return FedoraService(name, api)
     return redhat_services.redhat_service_class_factory(name, api)