diff options
author | Martin Basti <mbasti@redhat.com> | 2015-05-13 14:45:32 +0200 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-07-07 08:37:15 +0200 |
commit | e151492560db25fa13c2a3edf5e2139dc6629047 (patch) | |
tree | 1cfb5a1a48dd522e265d425695122858a9366288 /ipaserver/install/server/install.py | |
parent | b258bcee8337063259aa38b4387b9bb5721fb380 (diff) | |
download | freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.gz freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.xz freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.zip |
DNSSEC: allow to disable/replace DNSSEC key master
This commit allows to replace or disable DNSSEC key master
Replacing DNSSEC master requires to copy kasp.db file manually by user
ipa-dns-install:
--disable-dnssec-master DNSSEC master will be disabled
--dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement
--force Skip checks
https://fedorahosted.org/freeipa/ticket/4657
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipaserver/install/server/install.py')
-rw-r--r-- | ipaserver/install/server/install.py | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py index 72376357b..b9bf3f34b 100644 --- a/ipaserver/install/server/install.py +++ b/ipaserver/install/server/install.py @@ -1326,6 +1326,25 @@ class ServerDNS(common.Installable, core.Group, core.Composite): description="Setup server to be DNSSEC key master", ) + disable_dnssec_master = Knob( + bool, False, + initializable=False, + description="Disable the DNSSEC master on this server", + ) + + kasp_db_file = Knob( + str, None, + initializable=False, + description="Copy OpenDNSSEC metadata from the specified file (will " + "not create a new kasp.db file)", + ) + + force = Knob( + bool, False, + initializable=False, + description="Force install", + ) + zonemgr = Knob( str, None, description=("DNS zone manager e-mail address. Defaults to " @@ -1614,7 +1633,6 @@ class Server(common.Installable, common.Interactive, core.Composite): self.ca_cert_files = self.ca.ca_cert_files self.subject = self.ca.subject self.ca_signing_algorithm = self.ca.ca_signing_algorithm - self.setup_dns = self.dns.setup_dns self.forwarders = self.dns.forwarders self.no_forwarders = self.dns.no_forwarders @@ -1622,6 +1640,9 @@ class Server(common.Installable, common.Interactive, core.Composite): self.no_reverse = self.dns.no_reverse self.no_dnssec_validation = self.dns.no_dnssec_validation self.dnssec_master = self.dns.dnssec_master + self.disable_dnssec_master = self.dns.disable_dnssec_master + self.kasp_db_file = self.dns.kasp_db_file + self.force = self.dns.force self.zonemgr = self.dns.zonemgr self.no_host_dns = self.dns.no_host_dns self.no_dns_sshfp = self.dns.no_dns_sshfp |