Properly stop tracking certificates on uninstall

Stopping certificate tracking was done as part of the PKI DS uninstall.
Since with the merged DB, thePKI DS is not used any more, this step
was skipped.
Move certificate untracking to a separate step and call it separately.

Also, the post-uninstall check for tracked certificates used the wrong
set of Dogtag constants. Fix the issue.
This commit is contained in:
Petr Viktorin 2012-11-12 09:49:46 -05:00 committed by Martin Kosek
parent 5fa3455764
commit 17f91dac55
2 changed files with 26 additions and 17 deletions

View File

@ -482,11 +482,12 @@ def uninstall():
print "ipa-client-install returned: " + str(e)
ntpinstance.NTPInstance(fstore).uninstall()
if not dogtag.install_constants.SHARED_DB:
if not dogtag_constants.SHARED_DB:
cads_instance = cainstance.CADSInstance(
dogtag_constants=dogtag_constants)
if cads_instance.is_configured():
cads_instance.uninstall()
cainstance.stop_tracking_certificates(dogtag_constants)
ca_instance = cainstance.CAInstance(
api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants)
if ca_instance.is_configured():
@ -534,7 +535,7 @@ def uninstall():
# Note that this name will be wrong after the first uninstall.
dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm))
dirs = [dirname, dogtag.configured_constants().ALIAS_DIR, certs.NSS_DIR]
dirs = [dirname, dogtag_constants.ALIAS_DIR, certs.NSS_DIR]
ids = certmonger.check_state(dirs)
if ids:
root_logger.error('Some certificates may still be tracked by certmonger.\nThis will cause re-installation to fail.\nStart the certmonger service and list the certificates being tracked\n # getcert list\nThese may be untracked by executing\n # getcert stop-tracking -i <request_id>\nfor each id in: %s' % ', '.join(ids))

View File

@ -437,25 +437,33 @@ class CADSInstance(service.Service):
# At one time we removed this user on uninstall. That can potentially
# orphan files, or worse, if another useradd runs in the intermim,
# cause files to have a new owner.
cmonger = ipaservices.knownservices.certmonger
ipaservices.knownservices.messagebus.start()
cmonger.start()
for nickname in ['Server-Cert cert-pki-ca',
'auditSigningCert cert-pki-ca',
'ocspSigningCert cert-pki-ca',
'subsystemCert cert-pki-ca']:
try:
certmonger.stop_tracking(
self.dogtag_constants.ALIAS_DIR, nickname=nickname)
except (ipautil.CalledProcessError, RuntimeError), e:
root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e))
def stop_tracking_certificates(dogtag_constants):
"""Stop tracking our certificates. Called on uninstall.
"""
cmonger = ipaservices.knownservices.certmonger
ipaservices.knownservices.messagebus.start()
cmonger.start()
for nickname in ['Server-Cert cert-pki-ca',
'auditSigningCert cert-pki-ca',
'ocspSigningCert cert-pki-ca',
'subsystemCert cert-pki-ca']:
try:
certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert')
certmonger.stop_tracking(
dogtag_constants.ALIAS_DIR, nickname=nickname)
except (ipautil.CalledProcessError, RuntimeError), e:
root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e))
cmonger.stop()
root_logger.error(
"certmonger failed to stop tracking certificate: %s" % str(e))
try:
certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert')
except (ipautil.CalledProcessError, RuntimeError), e:
root_logger.error(
"certmonger failed to stop tracking certificate: %s" % str(e))
cmonger.stop()
class CAInstance(service.Service):
"""