diff options
author | Petr Spacek <pspacek@redhat.com> | 2015-12-15 14:16:52 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-01-07 14:13:23 +0100 |
commit | 6bdc18d0c538c658ae6022b127bf5776436f68e7 (patch) | |
tree | e9d0e35fe24f6fb2e32b48a95e516f1d9875b8f6 /daemons/dnssec | |
parent | 3c9c37cec1180fb6adcb8d59e367cf022d73aef1 (diff) | |
download | freeipa-6bdc18d0c538c658ae6022b127bf5776436f68e7.tar.gz freeipa-6bdc18d0c538c658ae6022b127bf5776436f68e7.tar.xz freeipa-6bdc18d0c538c658ae6022b127bf5776436f68e7.zip |
DNSSEC: logging improvements in ipa-ods-exporter
https://fedorahosted.org/freeipa/ticket/5348
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'daemons/dnssec')
-rwxr-xr-x | daemons/dnssec/ipa-ods-exporter | 17 |
1 files changed, 11 insertions, 6 deletions
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter index fc0f34afd..758b0d9a7 100755 --- a/daemons/dnssec/ipa-ods-exporter +++ b/daemons/dnssec/ipa-ods-exporter @@ -487,6 +487,11 @@ def cmd2ods_zone_name(cmd): return zone_name def sync_zone(log, ldap, dns_dn, zone_name): + """synchronize metadata about zone keys for single DNS zone + + Key material has to be synchronized elsewhere. + Keep in mind that keys could be shared among multiple zones!""" + log.getChild("%s.%s" % (__name__, zone_name)) log.debug('synchronizing zone "%s"', zone_name) ods_keys = get_ods_keys(zone_name) ods_keys_id = set(ods_keys.keys()) @@ -519,30 +524,30 @@ def sync_zone(log, ldap, dns_dn, zone_name): ldap_keys_id = set(ldap_keys.keys()) new_keys_id = ods_keys_id - ldap_keys_id - log.info('new keys from ODS: %s', new_keys_id) + log.info('new key metadata from ODS: %s', new_keys_id) for key_id in new_keys_id: cn = "cn=%s" % key_id key_dn = DN(cn, keys_dn) - log.debug('adding key "%s" to LDAP', key_dn) + log.debug('adding key metadata "%s" to LDAP', key_dn) ldap_key = ldap.make_entry(key_dn, objectClass=['idnsSecKey'], **ods_keys[key_id]) ldap.add_entry(ldap_key) deleted_keys_id = ldap_keys_id - ods_keys_id - log.info('deleted keys in LDAP: %s', deleted_keys_id) + log.info('deleted key metadata in LDAP: %s', deleted_keys_id) for key_id in deleted_keys_id: cn = "cn=%s" % key_id key_dn = DN(cn, keys_dn) - log.debug('deleting key "%s" from LDAP', key_dn) + log.debug('deleting key metadata "%s" from LDAP', key_dn) ldap.delete_entry(key_dn) update_keys_id = ldap_keys_id.intersection(ods_keys_id) - log.info('keys in LDAP & ODS: %s', update_keys_id) + log.info('key metadata in LDAP & ODS: %s', update_keys_id) for key_id in update_keys_id: ldap_key = ldap_keys[key_id] ods_key = ods_keys[key_id] - log.debug('updating key "%s" in LDAP', ldap_key.dn) + log.debug('updating key metadata "%s" in LDAP', ldap_key.dn) ldap_key.update(ods_key) try: ldap.update_entry(ldap_key) |