76 lines
3.0 KiB
Diff
76 lines
3.0 KiB
Diff
|
From 44669a5a35970020d492cba644d0584bcc68774f Mon Sep 17 00:00:00 2001
|
||
|
From: Christian Heimes <cheimes@redhat.com>
|
||
|
Date: Mon, 14 Dec 2020 17:44:38 +0100
|
||
|
Subject: [PATCH] Change mkdir logic in DNSSEC
|
||
|
|
||
|
- Create /var/named/dyndb-ldap/ipa/master/ early
|
||
|
- Assume that /var/named/dyndb-ldap/ipa/master/ exists in BINDMgr.sync()
|
||
|
|
||
|
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
||
|
---
|
||
|
ipaserver/dnssec/bindmgr.py | 7 +++----
|
||
|
ipaserver/install/dnskeysyncinstance.py | 19 +++++++++++++------
|
||
|
ipaserver/install/server/upgrade.py | 1 +
|
||
|
3 files changed, 17 insertions(+), 10 deletions(-)
|
||
|
|
||
|
diff --git a/ipaserver/dnssec/bindmgr.py b/ipaserver/dnssec/bindmgr.py
|
||
|
index 4f7cad89344..a15c0e601a2 100644
|
||
|
--- a/ipaserver/dnssec/bindmgr.py
|
||
|
+++ b/ipaserver/dnssec/bindmgr.py
|
||
|
@@ -182,10 +182,9 @@ def sync_zone(self, zone):
|
||
|
zone_path = os.path.join(paths.BIND_LDAP_DNS_ZONE_WORKDIR,
|
||
|
self.get_zone_dir_name(zone))
|
||
|
try:
|
||
|
- os.makedirs(zone_path)
|
||
|
- except OSError as e:
|
||
|
- if e.errno != errno.EEXIST:
|
||
|
- raise e
|
||
|
+ os.mkdir(zone_path, 0o770)
|
||
|
+ except FileExistsError:
|
||
|
+ pass
|
||
|
|
||
|
# fix HSM permissions
|
||
|
# TODO: move out
|
||
|
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
|
||
|
index 26c1d9c7516..16870b73b5c 100644
|
||
|
--- a/ipaserver/install/dnskeysyncinstance.py
|
||
|
+++ b/ipaserver/install/dnskeysyncinstance.py
|
||
|
@@ -66,12 +66,19 @@ def set_dyndb_ldap_workdir_permissions(self):
|
||
|
"""
|
||
|
Setting up correct permissions to allow write/read access for daemons
|
||
|
"""
|
||
|
- if not os.path.exists(paths.BIND_LDAP_DNS_IPA_WORKDIR):
|
||
|
- os.mkdir(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
|
||
|
- # dnssec daemons require to have access into the directory
|
||
|
- os.chmod(paths.BIND_LDAP_DNS_IPA_WORKDIR, 0o770)
|
||
|
- os.chown(paths.BIND_LDAP_DNS_IPA_WORKDIR, self.named_uid,
|
||
|
- self.named_gid)
|
||
|
+ directories = [
|
||
|
+ paths.BIND_LDAP_DNS_IPA_WORKDIR,
|
||
|
+ paths.BIND_LDAP_DNS_ZONE_WORKDIR,
|
||
|
+ ]
|
||
|
+ for directory in directories:
|
||
|
+ try:
|
||
|
+ os.mkdir(directory, 0o770)
|
||
|
+ except FileExistsError:
|
||
|
+ pass
|
||
|
+ else:
|
||
|
+ os.chmod(directory, 0o770)
|
||
|
+ # dnssec daemons require to have access into the directory
|
||
|
+ os.chown(directory, self.named_uid, self.named_gid)
|
||
|
|
||
|
def remove_replica_public_keys(self, replica_fqdn):
|
||
|
ldap = api.Backend.ldap2
|
||
|
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
|
||
|
index 18891d53c7d..c453e16b08a 100644
|
||
|
--- a/ipaserver/install/server/upgrade.py
|
||
|
+++ b/ipaserver/install/server/upgrade.py
|
||
|
@@ -1749,6 +1749,7 @@ def upgrade_configuration():
|
||
|
else:
|
||
|
if dnssec_set_openssl_engine(dnskeysyncd):
|
||
|
dnskeysyncd.start_dnskeysyncd()
|
||
|
+ dnskeysyncd.set_dyndb_ldap_workdir_permissions()
|
||
|
|
||
|
cleanup_kdc(fstore)
|
||
|
cleanup_adtrust(fstore)
|