DNSSEC: allow to disable/replace DNSSEC key master

This commit allows to replace or disable DNSSEC key master Replacing DNSSEC master requires to copy kasp.db file manually by user ipa-dns-install: --disable-dnssec-master DNSSEC master will be disabled --dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement --force Skip checks https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-05-13 14:45:32 +02:00
parent b258bcee83
commit e151492560
7 changed files with 309 additions and 22 deletions
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -90,6 +90,7 @@ class BasePathNamespace(object):
    ETC_OPENDNSSEC_DIR = "/etc/opendnssec"
    OPENDNSSEC_CONF_FILE = "/etc/opendnssec/conf.xml"
    OPENDNSSEC_KASP_FILE = "/etc/opendnssec/kasp.xml"
+    OPENDNSSEC_ZONELIST_FILE = "/etc/opendnssec/zonelist.xml"
    OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf"
    PAM_LDAP_CONF = "/etc/pam_ldap.conf"
    PASSWD = "/etc/passwd"
@@ -276,6 +277,7 @@ class BasePathNamespace(object):
    SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
    IPA_BACKUP_DIR = "/var/lib/ipa/backup"
    IPA_DNSSEC_DIR = "/var/lib/ipa/dnssec"
+    IPA_KASP_DB_BACKUP = "/var/lib/ipa/ipa-kasp.db.backup"
    DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
    DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
    IPA_CA_CSR = "/var/lib/ipa/ca.csr"