IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Backup CS.cfg before modifying it

Browse Source 
https://fedorahosted.org/freeipa/ticket/4166

Reviewed-By: Petr Viktorin <pviktori@redhat.com>
This commit is contained in:
Jan Cholasta 2014-09-03 15:04:35 +02:00 committed by Petr Viktorin
parent cd80528123
commit b6c7e5fd4c
2 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
install/tools/ipa-upgradeconfig
View File

@ -1145,6 +1145,7 @@ def main():
sub_dict['SUBJECT_BASE'] = subject_base sub_dict['SUBJECT_BASE'] = subject_base
ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR) ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
ca.backup_config()
# migrate CRL publish dir before the location in ipa.conf is updated # migrate CRL publish dir before the location in ipa.conf is updated
ca_restart = migrate_crl_publish_dir(ca) ca_restart = migrate_crl_publish_dir(ca)

21
ipaserver/install/cainstance.py
View File

@ -455,6 +455,7 @@ class CAInstance(service.Service):
self.step("creating pki-ca instance", self.create_instance) self.step("creating pki-ca instance", self.create_instance)
self.step("configuring certificate server instance", self.__configure_instance) self.step("configuring certificate server instance", self.__configure_instance)
self.step("stopping certificate server instance to update CS.cfg", self.__stop) self.step("stopping certificate server instance to update CS.cfg", self.__stop)
self.step("backing up CS.cfg", self.backup_config)
self.step("disabling nonces", self.__disable_nonce) self.step("disabling nonces", self.__disable_nonce)
self.step("set up CRL publishing", self.__enable_crl_publish) self.step("set up CRL publishing", self.__enable_crl_publish)
self.step("enable PKIX certificate path discovery and validation", self.enable_pkix) self.step("enable PKIX certificate path discovery and validation", self.enable_pkix)
@ -818,6 +819,12 @@ class CAInstance(service.Service):
root_logger.debug(traceback.format_exc()) root_logger.debug(traceback.format_exc())
root_logger.critical("Failed to restart the certificate server. See the installation log for details.") root_logger.critical("Failed to restart the certificate server. See the installation log for details.")
def backup_config(self):
try:
backup_config(self.dogtag_constants)
except Exception, e:
root_logger.warning("Failed to backup CS.cfg: %s", e)
def __disable_nonce(self): def __disable_nonce(self):
# Turn off Nonces # Turn off Nonces
update_result = installutils.update_file( update_result = installutils.update_file(
@ -1822,6 +1829,16 @@ def install_replica_ca(config, postinstall=False):
return ca return ca
def backup_config(dogtag_constants=None):
"""
Create a backup copy of CS.cfg
"""
if dogtag_constants is None:
dogtag_constants = dogtag.configured_constants()
shutil.copy(dogtag_constants.CS_CFG_PATH,
dogtag_constants.CS_CFG_PATH + '.ipabkp')
def update_cert_config(nickname, cert, dogtag_constants=None): def update_cert_config(nickname, cert, dogtag_constants=None):
""" """
When renewing a CA subsystem certificate the configuration file When renewing a CA subsystem certificate the configuration file
@ -1843,6 +1860,10 @@ def update_cert_config(nickname, cert, dogtag_constants=None):
with stopped_service(dogtag_constants.SERVICE_NAME, with stopped_service(dogtag_constants.SERVICE_NAME,
instance_name=dogtag_constants.PKI_INSTANCE_NAME): instance_name=dogtag_constants.PKI_INSTANCE_NAME):
try:
backup_config(dogtag_constants)
except Exception, e:
syslog.syslog(syslog.LOG_ERR, "Failed to backup CS.cfg: %s" % e)
installutils.set_directive(dogtag.configured_constants().CS_CFG_PATH, installutils.set_directive(dogtag.configured_constants().CS_CFG_PATH,
directives[nickname], directives[nickname],