DNSSEC: allow to disable/replace DNSSEC key master

This commit allows to replace or disable DNSSEC key master

Replacing DNSSEC master requires to copy kasp.db file manually by user

ipa-dns-install:
--disable-dnssec-master  DNSSEC master will be disabled
--dnssec-master --kasp-db=FILE  This configure new DNSSEC master server,  kasp.db from old server is required for sucessful replacement
--force Skip checks

https://fedorahosted.org/freeipa/ticket/4657

Reviewed-By: Petr Spacek <pspacek@redhat.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index ff80eab98..9fef3e7a1 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -90,6 +90,7 @@ class BasePathNamespace(object):
     ETC_OPENDNSSEC_DIR = "/etc/opendnssec"
     OPENDNSSEC_CONF_FILE = "/etc/opendnssec/conf.xml"
     OPENDNSSEC_KASP_FILE = "/etc/opendnssec/kasp.xml"
+    OPENDNSSEC_ZONELIST_FILE = "/etc/opendnssec/zonelist.xml"
     OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf"
     PAM_LDAP_CONF = "/etc/pam_ldap.conf"
     PASSWD = "/etc/passwd"
@@ -276,6 +277,7 @@ class BasePathNamespace(object):
     SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index"
     IPA_BACKUP_DIR = "/var/lib/ipa/backup"
     IPA_DNSSEC_DIR = "/var/lib/ipa/dnssec"
+    IPA_KASP_DB_BACKUP = "/var/lib/ipa/ipa-kasp.db.backup"
     DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens"
     DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin"
     IPA_CA_CSR = "/var/lib/ipa/ca.csr"