diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-05-13 14:45:32 +0200 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-07-07 08:37:15 +0200 |
| commit | e151492560db25fa13c2a3edf5e2139dc6629047 (patch) | |
| tree | 1cfb5a1a48dd522e265d425695122858a9366288 /install | |
| parent | b258bcee8337063259aa38b4387b9bb5721fb380 (diff) | |
| download | freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.gz freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.xz freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.zip | |
DNSSEC: allow to disable/replace DNSSEC key master
This commit allows to replace or disable DNSSEC key master
Replacing DNSSEC master requires to copy kasp.db file manually by user
ipa-dns-install:
--disable-dnssec-master DNSSEC master will be disabled
--dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement
--force Skip checks
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'install')
| -rwxr-xr-x | install/tools/ipa-dns-install | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/install/tools/ipa-dns-install b/install/tools/ipa-dns-install index fd9311657..d82799201 100755 --- a/install/tools/ipa-dns-install +++ b/install/tools/ipa-dns-install @@ -61,6 +61,15 @@ def parse_options(): help="DNS zone manager e-mail address. Defaults to hostmaster@DOMAIN") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") + parser.add_option("--disable-dnssec-master", dest="disable_dnssec_master", + action="store_true", default=False, help="Disable the " + "DNSSEC master on this server") + parser.add_option("--kasp-db", dest="kasp_db_file", type="string", + metavar="FILE", action="store", help="Copy OpenDNSSEC " + "metadata from the specified file (will not create a new " + "kasp.db file)") + parser.add_option("--force", dest="force", action="store_true", + help="Force install") options, args = parser.parse_args() safe_options = parser.get_safe_opts(options) @@ -74,6 +83,9 @@ def parse_options(): if not options.forwarders and not options.no_forwarders: parser.error("You must specify at least one --forwarder option or --no-forwarders option") + if options.kasp_db_file and not ipautil.file_exists(options.kasp_db_file): + parser.error("File %s does not exist" % options.kasp_db_file) + if options.dm_password: print ("WARNING: Option -p/--ds-password is deprecated " "and should not be used anymore.") |