DNSSEC: allow to disable/replace DNSSEC key master

This commit allows to replace or disable DNSSEC key master Replacing DNSSEC master requires to copy kasp.db file manually by user ipa-dns-install: --disable-dnssec-master DNSSEC master will be disabled --dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement --force Skip checks https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek <pspacek@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-05-13 14:45:32 +0200
committer: Tomas Babej <tbabej@redhat.com> 2015-07-07 08:37:15 +0200
commit: e151492560db25fa13c2a3edf5e2139dc6629047 (patch)
tree: 1cfb5a1a48dd522e265d425695122858a9366288 /ipaserver/install/server/install.py
parent: b258bcee8337063259aa38b4387b9bb5721fb380 (diff)
download: freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.gz
freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.xz
freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.zip
1 files changed, 22 insertions, 1 deletions
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 72376357b..b9bf3f34b 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1326,6 +1326,25 @@ class ServerDNS(common.Installable, core.Group, core.Composite):
         description="Setup server to be DNSSEC key master",
     )
 
+    disable_dnssec_master = Knob(
+        bool, False,
+        initializable=False,
+        description="Disable the DNSSEC master on this server",
+    )
+
+    kasp_db_file = Knob(
+        str, None,
+        initializable=False,
+        description="Copy OpenDNSSEC metadata from the specified file (will "
+                    "not create a new kasp.db file)",
+    )
+
+    force = Knob(
+        bool, False,
+        initializable=False,
+        description="Force install",
+    )
+
     zonemgr = Knob(
         str, None,
         description=("DNS zone manager e-mail address. Defaults to "
@@ -1614,7 +1633,6 @@ class Server(common.Installable, common.Interactive, core.Composite):
         self.ca_cert_files = self.ca.ca_cert_files
         self.subject = self.ca.subject
         self.ca_signing_algorithm = self.ca.ca_signing_algorithm
-
         self.setup_dns = self.dns.setup_dns
         self.forwarders = self.dns.forwarders
         self.no_forwarders = self.dns.no_forwarders
@@ -1622,6 +1640,9 @@ class Server(common.Installable, common.Interactive, core.Composite):
         self.no_reverse = self.dns.no_reverse
         self.no_dnssec_validation = self.dns.no_dnssec_validation
         self.dnssec_master = self.dns.dnssec_master
+        self.disable_dnssec_master = self.dns.disable_dnssec_master
+        self.kasp_db_file = self.dns.kasp_db_file
+        self.force = self.dns.force
         self.zonemgr = self.dns.zonemgr
         self.no_host_dns = self.dns.no_host_dns
         self.no_dns_sshfp = self.dns.no_dns_sshfp
author	Martin Basti <mbasti@redhat.com>	2015-05-13 14:45:32 +0200
committer	Tomas Babej <tbabej@redhat.com>	2015-07-07 08:37:15 +0200
commit	e151492560db25fa13c2a3edf5e2139dc6629047 (patch)
tree	1cfb5a1a48dd522e265d425695122858a9366288 /ipaserver/install/server/install.py
parent	b258bcee8337063259aa38b4387b9bb5721fb380 (diff)
download	freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.gz freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.tar.xz freeipa-e151492560db25fa13c2a3edf5e2139dc6629047.zip