DNSSEC: Remove service containers from LDAP after uninstalling

The service containers are no needed there after uninstall anymore. Removing these service also allows to detect if DNSSEC master is installed on any replica for any user. https://fedorahosted.org/freeipa/ticket/5290 Reviewed-By: Petr Spacek <pspacek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-10-13 14:08:35 +02:00 · 2015-10-13 14:08:35 +02:00 · 179d86b5f6
commit 179d86b5f6
parent 2b01f71bef
2 changed files with 16 additions and 0 deletions
--- a/ipaserver/install/dns.py
+++ b/ipaserver/install/dns.py
@ -72,10 +72,13 @@ def _disable_dnssec():

    ods.ldap_connect()
    ods.ldap_disable('DNSSEC', api.env.host, api.env.basedn)
+    ods.ldap_remove_service_container('DNSSEC', api.env.host, api.env.basedn)

    ods_exporter.ldap_connect()
    ods_exporter.ldap_disable('DNSKeyExporter', api.env.host, api.env.basedn)
    ods_exporter.remove_service()
+    ods_exporter.ldap_remove_service_container('DNSKeyExporter', api.env.host,
+                                               api.env.basedn)

    ods.ldap_disconnect()
    ods_exporter.ldap_disconnect()
--- a/ipaserver/install/service.py
+++ b/ipaserver/install/service.py
@ -547,6 +547,19 @@ class Service(object):

        root_logger.debug("service %s startup entry disabled", name)

+    def ldap_remove_service_container(self, name, fqdn, ldap_suffix):
+        if not self.admin_conn:
+            self.ldap_connect()
+
+        entry_dn = DN(('cn', name), ('cn', fqdn), ('cn', 'masters'),
+                        ('cn', 'ipa'), ('cn', 'etc'), ldap_suffix)
+        try:
+            self.admin_conn.delete_entry(entry_dn)
+        except errors.NotFound:
+            root_logger.debug("service %s container already removed", name)
+        else:
+            root_logger.debug("service %s container sucessfully removed", name)
+

 class SimpleServiceInstance(Service):
    def create_instance(self, gensvc_name=None, fqdn=None, dm_password=None, ldap_suffix=None, realm=None):