From 9b2593e54f12e28a8f1dc502ddb44cf237f0ddec Mon Sep 17 00:00:00 2001

From: Tomas Babej <tbabej@redhat.com>

Date: Thu, 17 Sep 2015 17:09:33 +0200

Subject: [PATCH] ipa-backup: Add mechanism to store empty directory structure

Certain subcomponents of IPA, such as Dogtag, cannot function if

non-critical directories (such as log directories) have not been

stored in the backup.

This patch implements storage of selected empty directories,

while preserving attributes and SELinux context.

https://fedorahosted.org/freeipa/ticket/5297

Reviewed-By: Martin Basti <mbasti@redhat.com>

---

 freeipa.spec.in                 |  1 +

 ipaplatform/base/paths.py       |  3 +++

 ipaserver/install/ipa_backup.py | 50 ++++++++++++++++++++++++++++++++++++++---

 3 files changed, 51 insertions(+), 3 deletions(-)

diff --git a/freeipa.spec.in b/freeipa.spec.in

index d8e24a5af47fbfca89ccb9c3d07dcfca5a8073d9..a8515487757556f337a4bbfc1cc14e8fb4707ccd 100644

--- a/freeipa.spec.in

+++ b/freeipa.spec.in

@@ -162,6 +162,7 @@ Requires: softhsm >= 2.0.0rc1-1

 Requires: p11-kit

 Requires: systemd-python

 Requires: %{etc_systemd_dir}

+Requires: gzip

 Conflicts: %{alt_name}-server

 Obsoletes: %{alt_name}-server < %{version}

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py

index 3930c93fcba06959dd34507ecc29f92e33637775..97c330c31844fcf19bec2e96bf2b23cba5f7f3f0 100644

--- a/ipaplatform/base/paths.py

+++ b/ipaplatform/base/paths.py

@@ -328,6 +328,9 @@ class BasePathNamespace(object):

     TOMCAT_CA_DIR = "/var/log/pki/pki-tomcat/ca"

     TOMCAT_CA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/ca/archive"

     TOMCAT_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/ca/signedAudit"

+    TOMCAT_KRA_DIR = "/var/log/pki/pki-tomcat/kra"

+    TOMCAT_KRA_ARCHIVE_DIR = "/var/log/pki/pki-tomcat/kra/archive"

+    TOMCAT_KRA_SIGNEDAUDIT_DIR = "/var/log/pki/pki-tomcat/kra/signedAudit"

     LOG_SECURE = "/var/log/secure"

     NAMED_RUN = "/var/named/data/named.run"

     VAR_OPENDNSSEC_DIR = "/var/opendnssec"

diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py

index 8df1005a222220a0ece95a3691766ed3cd00a0d9..3bd2ef0203c1b5b596e092987acd894491ecae26 100644

--- a/ipaserver/install/ipa_backup.py

+++ b/ipaserver/install/ipa_backup.py

@@ -202,6 +202,16 @@ class Backup(admintool.AdminTool):

       paths.NAMED_RUN,

     )

+    required_dirs=(

+      paths.TOMCAT_TOPLEVEL_DIR,

+      paths.TOMCAT_CA_DIR,

+      paths.TOMCAT_SIGNEDAUDIT_DIR,

+      paths.TOMCAT_CA_ARCHIVE_DIR,

+      paths.TOMCAT_KRA_DIR,

+      paths.TOMCAT_KRA_SIGNEDAUDIT_DIR,

+      paths.TOMCAT_KRA_ARCHIVE_DIR,

+    )

+

     def __init__(self, options, args):

         super(Backup, self).__init__(options, args)

         self._conn = None

@@ -486,13 +496,15 @@ class Backup(admintool.AdminTool):

         def verify_directories(dirs):

             return [s for s in dirs if os.path.exists(s)]

+        tarfile = os.path.join(self.dir, 'files.tar')

+

         self.log.info("Backing up files")

         args = ['tar',

                 '--exclude=/var/lib/ipa/backup',

                 '--xattrs',

                 '--selinux',

-                '-czf',

-                os.path.join(self.dir, 'files.tar')

+                '-cf',

+                tarfile

                ]

         args.extend(verify_directories(self.dirs))

@@ -503,7 +515,39 @@ class Backup(admintool.AdminTool):

         (stdout, stderr, rc) = run(args, raiseonerr=False)

         if rc != 0:

-            raise admintool.ScriptError('tar returned non-zero %d: %s' % (rc, stdout))

+            raise admintool.ScriptError('tar returned non-zero code '

+                '%d: %s' % (rc, stderr))

+

+        # Backup the necessary directory structure. This is a separate

+        # call since we are using the '--no-recursion' flag to store

+        # the directory structure only, no files.

+        missing_directories = verify_directories(self.required_dirs)

+

+        if missing_directories:

+            args = ['tar',

+                    '--exclude=/var/lib/ipa/backup',

+                    '--xattrs',

+                    '--selinux',

+                    '--no-recursion',

+                    '-rf',  # -r appends to an existing archive

+                    tarfile,

+                   ]

+            args.extend(missing_directories)

+

+            (stdout, stderr, rc) = run(args, raiseonerr=False)

+            if rc != 0:

+                raise admintool.ScriptError('tar returned non-zero %d when adding '

+                    'directory structure: %s' % (rc, stderr))

+

+        # Compress the archive. This is done separately, since 'tar' cannot

+        # append to a compressed archive.

+        (stdout, stderr, rc) = run(['gzip', tarfile], raiseonerr=False)

+        if rc != 0:

+            raise admintool.ScriptError('gzip returned non-zero %d when '

+                'compressing the backup: %s' % (rc, stderr))

+

+        # Rename the archive back to files.tar to preserve compatibility

+        os.rename(os.path.join(self.dir, 'files.tar.gz'), tarfile)

     def create_header(self, data_only):

-- 

2.4.3