|
 |
590d18 |
From 832335c92c7ce21ffb8ea9315837aebc2a085d88 Mon Sep 17 00:00:00 2001
|
|
|
590d18 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
590d18 |
Date: Tue, 1 Sep 2015 16:17:16 +0200
|
|
|
590d18 |
Subject: [PATCH] DNSSEC: remove ccache and keytab of ipa-ods-exporter
|
|
|
590d18 |
|
|
|
590d18 |
Reusing old ccache after reinstall causes authentication error. And
|
|
|
590d18 |
prevents DNSSEC from working.
|
|
|
590d18 |
|
|
|
590d18 |
Related to ticket: https://fedorahosted.org/freeipa/ticket/5273
|
|
|
590d18 |
|
|
|
590d18 |
Reviewed-By: Petr Spacek <pspacek@redhat.com>
|
|
|
590d18 |
---
|
|
|
590d18 |
daemons/dnssec/ipa-ods-exporter | 2 +-
|
|
|
590d18 |
ipaplatform/base/paths.py | 1 +
|
|
|
590d18 |
ipaserver/install/odsexporterinstance.py | 7 +++++++
|
|
|
590d18 |
3 files changed, 9 insertions(+), 1 deletion(-)
|
|
|
590d18 |
|
|
|
590d18 |
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
|
|
|
590d18 |
index 4d5423797fc9d4bdd0a432bac96b8209bb98c6d8..62eca71da10ee6f3efd4d391a274278875714570 100755
|
|
|
590d18 |
--- a/daemons/dnssec/ipa-ods-exporter
|
|
|
590d18 |
+++ b/daemons/dnssec/ipa-ods-exporter
|
|
|
590d18 |
@@ -482,7 +482,7 @@ ipalib.api.finalize()
|
|
|
590d18 |
# Kerberos initialization
|
|
|
590d18 |
PRINCIPAL = str('%s/%s' % (DAEMONNAME, ipalib.api.env.host))
|
|
|
590d18 |
log.debug('Kerberos principal: %s', PRINCIPAL)
|
|
|
590d18 |
-ccache_name = os.path.join(WORKDIR, 'ipa-ods-exporter.ccache')
|
|
|
590d18 |
+ccache_name = paths.IPA_ODS_EXPORTER_CCACHE
|
|
|
590d18 |
|
|
|
590d18 |
try:
|
|
|
590d18 |
ipautil.kinit_keytab(PRINCIPAL, paths.IPA_ODS_EXPORTER_KEYTAB, ccache_name,
|
|
|
590d18 |
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
|
|
|
590d18 |
index 5c8f25d6ef85fab2b9b30a660cd1c0360dbe9931..a407c1273f01b3465bcb1985dd41f2f242346a62 100644
|
|
|
590d18 |
--- a/ipaplatform/base/paths.py
|
|
|
590d18 |
+++ b/ipaplatform/base/paths.py
|
|
|
590d18 |
@@ -333,6 +333,7 @@ class BasePathNamespace(object):
|
|
|
590d18 |
NAMED_RUN = "/var/named/data/named.run"
|
|
|
590d18 |
VAR_OPENDNSSEC_DIR = "/var/opendnssec"
|
|
|
590d18 |
OPENDNSSEC_KASP_DB = "/var/opendnssec/kasp.db"
|
|
|
590d18 |
+ IPA_ODS_EXPORTER_CCACHE = "/var/opendnssec/tmp/ipa-ods-exporter.ccache"
|
|
|
590d18 |
VAR_RUN_DIRSRV_DIR = "/var/run/dirsrv"
|
|
|
590d18 |
KRB5CC_HTTPD = "/var/run/httpd/ipa/krbcache/krb5ccache"
|
|
|
590d18 |
IPA_RENEWAL_LOCK = "/var/run/ipa/renewal.lock"
|
|
|
590d18 |
diff --git a/ipaserver/install/odsexporterinstance.py b/ipaserver/install/odsexporterinstance.py
|
|
|
590d18 |
index 248943d6c0ca4b71815bcf7526d575842f6ce426..db45d2b812ff6d2d56cb8fb326119658bd1f4b7e 100644
|
|
|
590d18 |
--- a/ipaserver/install/odsexporterinstance.py
|
|
|
590d18 |
+++ b/ipaserver/install/odsexporterinstance.py
|
|
|
590d18 |
@@ -93,6 +93,13 @@ class ODSExporterInstance(service.Service):
|
|
|
590d18 |
|
|
|
590d18 |
def __setup_principal(self):
|
|
|
590d18 |
assert self.ods_uid is not None
|
|
|
590d18 |
+
|
|
|
590d18 |
+ for f in [paths.IPA_ODS_EXPORTER_CCACHE, paths.IPA_ODS_EXPORTER_KEYTAB]:
|
|
|
590d18 |
+ try:
|
|
|
590d18 |
+ os.remove(f)
|
|
|
590d18 |
+ except OSError:
|
|
|
590d18 |
+ pass
|
|
|
590d18 |
+
|
|
|
590d18 |
dns_exporter_principal = "ipa-ods-exporter/" + self.fqdn + "@" + self.realm
|
|
|
590d18 |
installutils.kadmin_addprinc(dns_exporter_principal)
|
|
|
590d18 |
|
|
|
590d18 |
--
|
|
|
590d18 |
2.5.1
|
|
|
590d18 |
|