DNSSEC: on uninstall, do not restore OpenDNSSEC kasp.db if backup failed

Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-10-30 10:39:49 +01:00 · 2015-10-30 10:39:49 +01:00 · d7f0d633d9
commit d7f0d633d9
parent 9ffb388253
1 changed files with 9 additions and 4 deletions
--- a/ipaserver/install/opendnssecinstance.py
+++ b/ipaserver/install/opendnssecinstance.py
@ -343,6 +343,9 @@ class OpenDNSSECInstance(service.Service):
                                   'ISMASTER', None,
                                   quotes=False, separator='=')

+        restore_list = [paths.OPENDNSSEC_CONF_FILE, paths.OPENDNSSEC_KASP_FILE,
+                        paths.SYSCONFIG_ODS, paths.OPENDNSSEC_ZONELIST_FILE]
+
        if ipautil.file_exists(paths.OPENDNSSEC_KASP_DB):

            # force to export data
@ -358,14 +361,16 @@ class OpenDNSSECInstance(service.Service):
                            paths.IPA_KASP_DB_BACKUP)
            except IOError as e:
                root_logger.error(
-                    "Unable to backup OpenDNSSEC database: %s", e)
+                    "Unable to backup OpenDNSSEC database %s, "
+                    "restore will be skipped: %s", paths.OPENDNSSEC_KASP_DB, e)
            else:
                root_logger.info("OpenDNSSEC database backed up in %s",
                                 paths.IPA_KASP_DB_BACKUP)
+                # restore OpenDNSSEC's KASP DB only if backup succeeded
+                # removing the file without backup could totally break DNSSEC
+                restore_list.append(paths.OPENDNSSEC_KASP_DB)

-        for f in [paths.OPENDNSSEC_CONF_FILE, paths.OPENDNSSEC_KASP_FILE,
-                  paths.OPENDNSSEC_KASP_DB, paths.SYSCONFIG_ODS,
-                  paths.OPENDNSSEC_ZONELIST_FILE]:
+        for f in restore_list:
            try:
                self.fstore.restore_file(f)
            except ValueError as error: