diff options
| author | Thorsten Scherf <tscherf@redhat.com> | 2017-12-11 11:04:17 +0100 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2018-01-17 12:15:43 +0000 |
| commit | 4562b41f0d9dcfc07e7fc0ab3b0b253d609a459f (patch) | |
| tree | 7f413b155bcbbda51e8e1dc987e1dcc9d021619e | |
| parent | 37c6601ddbc5ab6559a8420ce8f630d00086b1e1 (diff) | |
| download | sos-4562b41f0d9dcfc07e7fc0ab3b0b253d609a459f.tar.gz | |
[ipa] use correct PKI directories for tomcat version
The PKI subsystem uses different folders in IPA v3 and v4 for the NSS DB and
the configuration files. The plugin needs to take this into account.
Closes: #1163
Signed-off-by: Thorsten Scherf <tscherf@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| -rw-r--r-- | sos/plugins/ipa.py | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py index 683f8254..fe6ddf08 100644 --- a/sos/plugins/ipa.py +++ b/sos/plugins/ipa.py @@ -83,6 +83,9 @@ class Ipa(Plugin, RedHatPlugin): self.pki_tomcat_dir_v4 = "/var/lib/pki/pki-tomcat" self.pki_tomcat_dir_v3 = "/var/lib/pki-ca" + self.pki_tomcat_conf_dir_v4 = "/etc/pki/pki-tomcat/ca" + self.pki_tomcat_conf_dir_v3 = "/etc/pki-ca" + if self.ipa_server_installed(): self._log_debug("IPA server install detected") @@ -111,7 +114,6 @@ class Ipa(Plugin, RedHatPlugin): "/etc/dirsrv/slapd-*/schema/99user.ldif", "/etc/hosts", "/etc/named.*", - "/etc/pki-ca/CS.cfg", "/etc/ipa/ca.crt", "/etc/ipa/default.conf", "/var/lib/certmonger/requests/[0-9]*", @@ -119,22 +121,33 @@ class Ipa(Plugin, RedHatPlugin): ]) self.add_forbidden_path("/etc/pki/nssdb/key*") - self.add_forbidden_path("/etc/pki-ca/flatfile.txt") - self.add_forbidden_path("/etc/pki-ca/password.conf") - self.add_forbidden_path("/var/lib/pki-ca/alias/key*") self.add_forbidden_path("/etc/dirsrv/slapd-*/key*") self.add_forbidden_path("/etc/dirsrv/slapd-*/pin.txt") self.add_forbidden_path("/etc/dirsrv/slapd-*/pwdfile.txt") self.add_forbidden_path("/etc/named.keytab") + # Make sure to use the right PKI config and NSS DB folders + if ipa_version == "v4": + self.pki_tomcat_dir = self.pki_tomcat_dir_v4 + self.pki_tomcat_conf_dir = self.pki_tomcat_conf_dir_v4 + else: + self.pki_tomcat_dir = self.pki_tomcat_dir_v3 + self.pki_tomcat_conf_dir = self.pki_tomcat_conf_dir_v3 + + self.add_cmd_output("certutil -L -d %s/alias" % self.pki_tomcat_dir) + self.add_copy_spec("%s/CS.cfg" % self.pki_tomcat_conf_dir) + self.add_forbidden_path("%s/alias/key*" % self.pki_tomcat_dir) + self.add_forbidden_path("%s/flatfile.txt" % self.pki_tomcat_conf_dir) + self.add_forbidden_path("%s/password.conf" % self.pki_tomcat_conf_dir) + self.add_cmd_output([ "ls -la /etc/dirsrv/slapd-*/schema/", "getcert list", - "certutil -L -d /var/lib/pki-ca/alias", "certutil -L -d /etc/httpd/alias/", "klist -ket /etc/dirsrv/ds.keytab", "klist -ket /etc/httpd/conf/ipa.keytab" ]) + for certdb_directory in glob("/etc/dirsrv/slapd-*/"): self.add_cmd_output(["certutil -L -d %s" % certdb_directory]) return |