ipa-backup: Add mechanism to store empty directory structure

Certain subcomponents of IPA, such as Dogtag, cannot function if non-critical directories (such as log directories) have not been stored in the backup. This patch implements storage of selected empty directories, while preserving attributes and SELinux context. https://fedorahosted.org/freeipa/ticket/5297 Reviewed-By: Martin Basti <mbasti@redhat.com>
author: Tomas Babej <tbabej@redhat.com> 2015-09-17 17:09:33 +0200
committer: Martin Basti <mbasti@redhat.com> 2015-09-22 13:17:25 +0200
commit: cfeea91828ad47e1d321947d04f5f6de0e3d1c8c (patch)
tree: 762e0650600c085838739e2dbe6f65df6cb17f55
parent: 86edd6abeb9749e159a529b83cfce6443fff4ba5 (diff)
download: freeipa-cfeea91828ad47e1d321947d04f5f6de0e3d1c8c.tar.gz
freeipa-cfeea91828ad47e1d321947d04f5f6de0e3d1c8c.tar.xz
freeipa-cfeea91828ad47e1d321947d04f5f6de0e3d1c8c.zip
3 files changed, 51 insertions, 3 deletions
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 64e8155b9..ab8af302a 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -160,6 +160,7 @@ Requires: softhsm >= 2.0.0rc1-1
 Requires: p11-kit
 Requires: systemd-python
 Requires: %{etc_systemd_dir}
+Requires: gzip
 
 Conflicts: %{alt_name}-server
 Obsoletes: %{alt_name}-server < %{version}
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 3930c93fc..97c330c31 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -328,6 +328,9 @@ class BasePathNamespace(object):
     TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"
     TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"
     TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"
+    TOMCAT_KRA_DIR = "/var/log/pki/pki-tomcat/kra"
+    TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"
+    TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"
     LOG_SECURE = "/var/log/secure"
     NAMED_RUN = "/var/named/data/named.run"
     VAR_OPENDNSSEC_DIR = "/var/opendnssec"
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index ce5cf9d4f..f9e3a700a 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -202,6 +202,16 @@ class Backup(admintool.AdminTool):
       paths.NAMED_RUN,
     )
 
+    required_dirs=(
+      paths.TOMCAT_TOPLEVEL_DIR,
+      paths.TOMCAT_CA_DIR,
+      paths.TOMCAT_SIGNEDAUDIT_DIR,
+      paths.TOMCAT_CA_ARCHIVE_DIR,
+      paths.TOMCAT_KRA_DIR,
+      paths.TOMCAT_KRA_SIGNEDAUDIT_DIR,
+      paths.TOMCAT_KRA_ARCHIVE_DIR,
+    )
+
     def __init__(self, options, args):
         super(Backup, self).__init__(options, args)
         self._conn = None
@@ -486,13 +496,15 @@ class Backup(admintool.AdminTool):
         def verify_directories(dirs):
             return [s for s in dirs if os.path.exists(s)]
 
+        tarfile = os.path.join(self.dir, 'files.tar')
+
         self.log.info("Backing up files")
         args = ['tar',
                 '--exclude=/var/lib/ipa/backup',
                 '--xattrs',
                 '--selinux',
-                '-czf',
-                os.path.join(self.dir, 'files.tar')
+                '-cf',
+                tarfile
                ]
 
         args.extend(verify_directories(self.dirs))
@@ -503,7 +515,39 @@ class Backup(admintool.AdminTool):
 
         (stdout, stderr, rc) = run(args, raiseonerr=False)
         if rc != 0:
-            raise admintool.ScriptError('tar returned non-zero %d: %s' % (rc, stdout))
+            raise admintool.ScriptError('tar returned non-zero code '
+                '%d: %s' % (rc, stderr))
+
+        # Backup the necessary directory structure. This is a separate
+        # call since we are using the '--no-recursion' flag to store
+        # the directory structure only, no files.
+        missing_directories = verify_directories(self.required_dirs)
+
+        if missing_directories:
+            args = ['tar',
+                    '--exclude=/var/lib/ipa/backup',
+                    '--xattrs',
+                    '--selinux',
+                    '--no-recursion',
+                    '-rf',  # -r appends to an existing archive
+                    tarfile,
+                   ]
+            args.extend(missing_directories)
+
+            (stdout, stderr, rc) = run(args, raiseonerr=False)
+            if rc != 0:
+                raise admintool.ScriptError('tar returned non-zero %d when adding '
+                    'directory structure: %s' % (rc, stderr))
+
+        # Compress the archive. This is done separately, since 'tar' cannot
+        # append to a compressed archive.
+        (stdout, stderr, rc) = run(['gzip', tarfile], raiseonerr=False)
+        if rc != 0:
+            raise admintool.ScriptError('gzip returned non-zero %d when '
+                'compressing the backup: %s' % (rc, stderr))
+
+        # Rename the archive back to files.tar to preserve compatibility
+        os.rename(os.path.join(self.dir, 'files.tar.gz'), tarfile)
 
 
     def create_header(self, data_only):
author	Tomas Babej <tbabej@redhat.com>	2015-09-17 17:09:33 +0200
committer	Martin Basti <mbasti@redhat.com>	2015-09-22 13:17:25 +0200
commit	cfeea91828ad47e1d321947d04f5f6de0e3d1c8c (patch)
tree	762e0650600c085838739e2dbe6f65df6cb17f55
parent	86edd6abeb9749e159a529b83cfce6443fff4ba5 (diff)
download	freeipa-cfeea91828ad47e1d321947d04f5f6de0e3d1c8c.tar.gz freeipa-cfeea91828ad47e1d321947d04f5f6de0e3d1c8c.tar.xz freeipa-cfeea91828ad47e1d321947d04f5f6de0e3d1c8c.zip