From e151492560db25fa13c2a3edf5e2139dc6629047 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Wed, 13 May 2015 14:45:32 +0200 Subject: DNSSEC: allow to disable/replace DNSSEC key master This commit allows to replace or disable DNSSEC key master Replacing DNSSEC master requires to copy kasp.db file manually by user ipa-dns-install: --disable-dnssec-master DNSSEC master will be disabled --dnssec-master --kasp-db=FILE This configure new DNSSEC master server, kasp.db from old server is required for sucessful replacement --force Skip checks https://fedorahosted.org/freeipa/ticket/4657 Reviewed-By: Petr Spacek --- ipaplatform/base/paths.py | 2 ++ 1 file changed, 2 insertions(+) (limited to 'ipaplatform/base') diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index ff80eab98..9fef3e7a1 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -90,6 +90,7 @@ class BasePathNamespace(object): ETC_OPENDNSSEC_DIR = "/etc/opendnssec" OPENDNSSEC_CONF_FILE = "/etc/opendnssec/conf.xml" OPENDNSSEC_KASP_FILE = "/etc/opendnssec/kasp.xml" + OPENDNSSEC_ZONELIST_FILE = "/etc/opendnssec/zonelist.xml" OPENLDAP_LDAP_CONF = "/etc/openldap/ldap.conf" PAM_LDAP_CONF = "/etc/pam_ldap.conf" PASSWD = "/etc/passwd" @@ -276,6 +277,7 @@ class BasePathNamespace(object): SYSRESTORE_INDEX = "/var/lib/ipa-client/sysrestore/sysrestore.index" IPA_BACKUP_DIR = "/var/lib/ipa/backup" IPA_DNSSEC_DIR = "/var/lib/ipa/dnssec" + IPA_KASP_DB_BACKUP = "/var/lib/ipa/ipa-kasp.db.backup" DNSSEC_TOKENS_DIR = "/var/lib/ipa/dnssec/tokens" DNSSEC_SOFTHSM_PIN = "/var/lib/ipa/dnssec/softhsm_pin" IPA_CA_CSR = "/var/lib/ipa/ca.csr" -- cgit