diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-09-03 15:04:35 +0200 |
---|---|---|
committer | Petr Viktorin <pviktori@dhcp-31-13.brq.redhat.com> | 2014-09-05 16:11:23 +0200 |
commit | 8292b228b89e056316a11590a263176a9c595f14 (patch) | |
tree | 84e23b9ab394b1561c2c7280513d908b747d15bb /ipaserver/install/cainstance.py | |
parent | b5870edb403572b19ffc91b1f3e504277b4c82a2 (diff) | |
download | freeipa-8292b228b89e056316a11590a263176a9c595f14.tar.gz freeipa-8292b228b89e056316a11590a263176a9c595f14.tar.xz freeipa-8292b228b89e056316a11590a263176a9c595f14.zip |
Backup CS.cfg before modifying it
https://fedorahosted.org/freeipa/ticket/4166
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipaserver/install/cainstance.py')
-rw-r--r-- | ipaserver/install/cainstance.py | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 245d8d239..209c9eb15 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -449,6 +449,7 @@ class CAInstance(service.Service): self.step("creating pki-ca instance", self.create_instance) self.step("configuring certificate server instance", self.__configure_instance) self.step("stopping certificate server instance to update CS.cfg", self.__stop) + self.step("backing up CS.cfg", self.backup_config) self.step("disabling nonces", self.__disable_nonce) self.step("set up CRL publishing", self.__enable_crl_publish) self.step("starting certificate server instance", self.__start) @@ -811,6 +812,12 @@ class CAInstance(service.Service): root_logger.debug(traceback.format_exc()) root_logger.critical("Failed to restart the certificate server. See the installation log for details.") + def backup_config(self): + try: + backup_config(self.dogtag_constants) + except Exception, e: + root_logger.warning("Failed to backup CS.cfg: %s", e) + def __disable_nonce(self): # Turn off Nonces update_result = installutils.update_file( @@ -1803,6 +1810,16 @@ def install_replica_ca(config, postinstall=False): return ca +def backup_config(dogtag_constants=None): + """ + Create a backup copy of CS.cfg + """ + if dogtag_constants is None: + dogtag_constants = dogtag.configured_constants() + + shutil.copy(dogtag_constants.CS_CFG_PATH, + dogtag_constants.CS_CFG_PATH + '.ipabkp') + def update_cert_config(nickname, cert, dogtag_constants=None): """ When renewing a CA subsystem certificate the configuration file @@ -1824,6 +1841,10 @@ def update_cert_config(nickname, cert, dogtag_constants=None): with stopped_service(dogtag_constants.SERVICE_NAME, instance_name=dogtag_constants.PKI_INSTANCE_NAME): + try: + backup_config(dogtag_constants) + except Exception, e: + syslog.syslog(syslog.LOG_ERR, "Failed to backup CS.cfg: %s" % e) installutils.set_directive(dogtag.configured_constants().CS_CFG_PATH, directives[nickname], |