84 lines
3.1 KiB
Diff
84 lines
3.1 KiB
Diff
From 677d30806662856595289525ef529a77adbf2272 Mon Sep 17 00:00:00 2001
|
|
From: Florence Blanc-Renaud <flo@redhat.com>
|
|
Date: Fri, 26 Jan 2024 13:26:48 +0100
|
|
Subject: [PATCH] ipa-backup: adapt for 389ds switch to LMDB
|
|
|
|
ipa-backup is relying on the presence of the directory
|
|
/var/lib/dirsrv/slapd-<INSTANCE>/db/ipaca/
|
|
to detect if the CA is installed on the server and backup
|
|
the ipaca backend.
|
|
|
|
With the switch to LMDB, this directory does not exist and the
|
|
backup is missing ipaca information.
|
|
|
|
Use lib389.cli_ctl.dblib.run_dbscan utility instead to
|
|
check if ipaca backend is present (this method has been
|
|
introduced in 389ds 2.1.0 and works with Berkeley DB and LMDB).
|
|
|
|
Fixes: https://pagure.io/freeipa/issue/9516
|
|
Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
|
|
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
|
|
---
|
|
freeipa.spec.in | 7 ++++---
|
|
ipaserver/install/ipa_backup.py | 8 ++++++--
|
|
2 files changed, 10 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/freeipa.spec.in b/freeipa.spec.in
|
|
index a091fee68..997a55d8d 100755
|
|
--- a/freeipa.spec.in
|
|
+++ b/freeipa.spec.in
|
|
@@ -78,8 +78,8 @@
|
|
%global ds_version 1.4.3.16-12
|
|
%global selinux_policy_version 3.14.3-107
|
|
%else
|
|
-# DNA interval enabled
|
|
-%global ds_version 2.0.5-1
|
|
+# version supporting LMDB and lib389.cli_ctl.dblib.run_dbscan utility
|
|
+%global ds_version 2.1.0
|
|
%global selinux_policy_version 38.1.1-1
|
|
%endif
|
|
|
|
@@ -124,10 +124,11 @@
|
|
|
|
# Make sure to use 389-ds-base versions that fix https://github.com/389ds/389-ds-base/issues/4700
|
|
# and has DNA interval enabled
|
|
+# version supporting LMDB and lib389.cli_ctl.dblib.run_dbscan utility
|
|
%if 0%{?fedora} < 34
|
|
%global ds_version 1.4.4.16-1
|
|
%else
|
|
-%global ds_version 2.0.7-1
|
|
+%global ds_version 2.1.0
|
|
%endif
|
|
|
|
# Fix for TLS 1.3 PHA, RHBZ#1775146
|
|
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
|
|
index 2904c9e2e..f4fa73ff5 100644
|
|
--- a/ipaserver/install/ipa_backup.py
|
|
+++ b/ipaserver/install/ipa_backup.py
|
|
@@ -41,6 +41,7 @@ from ipaserver.install import installutils
|
|
from ipapython import ipaldap
|
|
from ipaplatform.constants import constants
|
|
from ipaplatform.tasks import tasks
|
|
+from lib389.cli_ctl.dblib import run_dbscan
|
|
|
|
# pylint: disable=import-error
|
|
if six.PY3:
|
|
@@ -337,8 +338,11 @@ class Backup(admintool.AdminTool):
|
|
instance = ipaldap.realm_to_serverid(api.env.realm)
|
|
if os.path.exists(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE %
|
|
instance):
|
|
- if os.path.exists(paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
|
|
- (instance, 'ipaca')):
|
|
+ # Check existence of ipaca backend
|
|
+ dbpath = (paths.SLAPD_INSTANCE_DB_DIR_TEMPLATE %
|
|
+ (instance, ""))
|
|
+ output = run_dbscan(['-L', dbpath])
|
|
+ if 'ipaca/' in output:
|
|
self.db2ldif(instance, 'ipaca', online=options.online)
|
|
self.db2ldif(instance, 'userRoot', online=options.online)
|
|
self.db2bak(instance, online=options.online)
|
|
--
|
|
2.43.0
|
|
|