|
 |
e0ab38 |
From 7398819200c9a3a32effa52793240a054bc4b10f Mon Sep 17 00:00:00 2001
|
|
|
e0ab38 |
From: Petr Spacek <pspacek@redhat.com>
|
|
|
e0ab38 |
Date: Tue, 15 Dec 2015 14:16:52 +0100
|
|
|
e0ab38 |
Subject: [PATCH] DNSSEC: logging improvements in ipa-ods-exporter
|
|
|
e0ab38 |
|
|
|
e0ab38 |
https://fedorahosted.org/freeipa/ticket/5348
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
e0ab38 |
Reviewed-By: Martin Basti <mbasti@redhat.com>
|
|
|
e0ab38 |
---
|
|
|
e0ab38 |
daemons/dnssec/ipa-ods-exporter | 17 +++++++++++------
|
|
|
e0ab38 |
1 file changed, 11 insertions(+), 6 deletions(-)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
diff --git a/daemons/dnssec/ipa-ods-exporter b/daemons/dnssec/ipa-ods-exporter
|
|
|
e0ab38 |
index 6ed7588847042e742abeef724940eec31f23ca8f..051fa53a950f7afbea5e9b1e541a9435aa02bc17 100755
|
|
|
e0ab38 |
--- a/daemons/dnssec/ipa-ods-exporter
|
|
|
e0ab38 |
+++ b/daemons/dnssec/ipa-ods-exporter
|
|
|
e0ab38 |
@@ -491,6 +491,11 @@ def cmd2ods_zone_name(cmd):
|
|
|
e0ab38 |
return zone_name
|
|
|
e0ab38 |
|
|
|
e0ab38 |
def sync_zone(log, ldap, dns_dn, zone_name):
|
|
|
e0ab38 |
+ """synchronize metadata about zone keys for single DNS zone
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
+ Key material has to be synchronized elsewhere.
|
|
|
e0ab38 |
+ Keep in mind that keys could be shared among multiple zones!"""
|
|
|
e0ab38 |
+ log.getChild("%s.%s" % (__name__, zone_name))
|
|
|
e0ab38 |
log.debug('synchronizing zone "%s"', zone_name)
|
|
|
e0ab38 |
ods_keys = get_ods_keys(zone_name)
|
|
|
e0ab38 |
ods_keys_id = set(ods_keys.keys())
|
|
|
e0ab38 |
@@ -523,30 +528,30 @@ def sync_zone(log, ldap, dns_dn, zone_name):
|
|
|
e0ab38 |
ldap_keys_id = set(ldap_keys.keys())
|
|
|
e0ab38 |
|
|
|
e0ab38 |
new_keys_id = ods_keys_id - ldap_keys_id
|
|
|
e0ab38 |
- log.info('new keys from ODS: %s', new_keys_id)
|
|
|
e0ab38 |
+ log.info('new key metadata from ODS: %s', new_keys_id)
|
|
|
e0ab38 |
for key_id in new_keys_id:
|
|
|
e0ab38 |
cn = "cn=%s" % key_id
|
|
|
e0ab38 |
key_dn = DN(cn, keys_dn)
|
|
|
e0ab38 |
- log.debug('adding key "%s" to LDAP', key_dn)
|
|
|
e0ab38 |
+ log.debug('adding key metadata "%s" to LDAP', key_dn)
|
|
|
e0ab38 |
ldap_key = ldap.make_entry(key_dn,
|
|
|
e0ab38 |
objectClass=['idnsSecKey'],
|
|
|
e0ab38 |
**ods_keys[key_id])
|
|
|
e0ab38 |
ldap.add_entry(ldap_key)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
deleted_keys_id = ldap_keys_id - ods_keys_id
|
|
|
e0ab38 |
- log.info('deleted keys in LDAP: %s', deleted_keys_id)
|
|
|
e0ab38 |
+ log.info('deleted key metadata in LDAP: %s', deleted_keys_id)
|
|
|
e0ab38 |
for key_id in deleted_keys_id:
|
|
|
e0ab38 |
cn = "cn=%s" % key_id
|
|
|
e0ab38 |
key_dn = DN(cn, keys_dn)
|
|
|
e0ab38 |
- log.debug('deleting key "%s" from LDAP', key_dn)
|
|
|
e0ab38 |
+ log.debug('deleting key metadata "%s" from LDAP', key_dn)
|
|
|
e0ab38 |
ldap.delete_entry(key_dn)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
update_keys_id = ldap_keys_id.intersection(ods_keys_id)
|
|
|
e0ab38 |
- log.info('keys in LDAP & ODS: %s', update_keys_id)
|
|
|
e0ab38 |
+ log.info('key metadata in LDAP & ODS: %s', update_keys_id)
|
|
|
e0ab38 |
for key_id in update_keys_id:
|
|
|
e0ab38 |
ldap_key = ldap_keys[key_id]
|
|
|
e0ab38 |
ods_key = ods_keys[key_id]
|
|
|
e0ab38 |
- log.debug('updating key "%s" in LDAP', ldap_key.dn)
|
|
|
e0ab38 |
+ log.debug('updating key metadata "%s" in LDAP', ldap_key.dn)
|
|
|
e0ab38 |
ldap_key.update(ods_key)
|
|
|
e0ab38 |
try:
|
|
|
e0ab38 |
ldap.update_entry(ldap_key)
|
|
|
e0ab38 |
--
|
|
|
e0ab38 |
2.4.3
|
|
|
e0ab38 |
|