Change mkdir logic in DNSSEC

- Create /var/named/dyndb-ldap/ipa/master/ early
- Assume that /var/named/dyndb-ldap/ipa/master/ exists in BINDMgr.sync()

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Christian Heimes 2020-12-14 17:44:38 +01:00 committed by Alexander Bokovoy
parent 4c0398433e
commit a297097bc2
3 changed files with 17 additions and 10 deletions

View File

@ -182,10 +182,9 @@ class BINDMgr:
zone_path = os.path.join(paths.BIND_LDAP_DNS_ZONE_WORKDIR,
self.get_zone_dir_name(zone))
try:
os.makedirs(zone_path)
except OSError as e:
if e.errno != errno.EEXIST:
raise e
os.mkdir(zone_path, 0o770)
except FileExistsError:
pass
# fix HSM permissions
# TODO: move out

View File

@ -66,12 +66,19 @@ class DNSKeySyncInstance(service.Service):
"""
Setting up correct permissions to allow write/read access for daemons
"""
if not os.path.exists(paths.BIND_LDAP_DNS_IPA_WORKDIR):
os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
directories = [
paths.BIND_LDAP_DNS_IPA_WORKDIR,
paths.BIND_LDAP_DNS_ZONE_WORKDIR,
]
for directory in directories:
try:
os.mkdir(directory, 0o770)
except FileExistsError:
pass
else:
os.chmod(directory, 0o770)
# dnssec daemons require to have access into the directory
os.chmod(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
os.chown(paths.BIND_LDAP_DNS_IPA_WORKDIR, self.named_uid,
self.named_gid)
os.chown(directory, self.named_uid, self.named_gid)
def remove_replica_public_keys(self, replica_fqdn):
ldap = api.Backend.ldap2

View File

@ -1750,6 +1750,7 @@ def upgrade_configuration():
else:
if dnssec_set_openssl_engine(dnskeysyncd):
dnskeysyncd.start_dnskeysyncd()
dnskeysyncd.set_dyndb_ldap_workdir_permissions()
cleanup_kdc(fstore)
cleanup_adtrust(fstore)