Support OpenDNSSEC 2.1: new ods-signer protocol

The communication between ods-signer and the socket-activated process has changed with OpenDNSSEC 2.1. Adapt ipa-ods-exporter to support also the new protocol. The internal database was also modified. Add a wrapper calling the right code (table names hab=ve changed, as well as table columns). With OpenDNSSEC the policy also needs to be explicitely loaded after ods-enforcer-db-setup has been run, with ods-enforcer policy import The command ods-ksmutil notify must be replace with ods-enforce flush. Related: https://pagure.io/freeipa/issue/8214 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com>
2025-02-25 18:55:28 -06:00 · 2020-03-05 15:54:40 +01:00
parent b857828180
commit 8080bf7b35
8 changed files with 266 additions and 34 deletions
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@@ -314,6 +314,7 @@ class OpenDNSSECInstance(service.Service):

    def __start(self):
        self.restart()  # needed to reload conf files
+        tasks.run_ods_policy_import()

    def uninstall(self):
        if not self.is_configured():