mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
DNSSEC: uninstallation
Tickets: https://fedorahosted.org/freeipa/ticket/3801 https://fedorahosted.org/freeipa/ticket/4417 Design: https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC Reviewed-By: Jan Cholasta <jcholast@redhat.com> Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
parent
e798bad646
commit
21aef21fb5
@ -29,6 +29,7 @@ import socket
|
||||
from ipapython import ipautil
|
||||
from ipaserver.install import replication, dsinstance, installutils
|
||||
from ipaserver.install import bindinstance, cainstance, certs
|
||||
from ipaserver.install import opendnssecinstance, dnskeysyncinstance
|
||||
from ipaserver.plugins import ldap2
|
||||
from ipapython import version, ipaldap
|
||||
from ipalib import api, errors, util
|
||||
@ -687,11 +688,21 @@ def del_master(realm, hostname, options):
|
||||
print "Deleting this server is not allowed as it would leave your installation without a CA."
|
||||
sys.exit(1)
|
||||
|
||||
other_dns = True
|
||||
if 'DNS' in this_services and not any(['DNS' in o for o in other_services]):
|
||||
other_dns = False
|
||||
print "Deleting this server will leave your installation without a DNS."
|
||||
if not options.force and not ipautil.user_input("Continue to delete?", False):
|
||||
sys.exit("Deletion aborted")
|
||||
|
||||
# test if replica is not DNSSEC master
|
||||
# allow to delete it if is last DNS server
|
||||
if 'DNS' in this_services and other_dns and not options.force:
|
||||
dnssec_masters = opendnssecinstance.get_dnssec_key_masters(delrepl.conn)
|
||||
if hostname in dnssec_masters:
|
||||
print "Replica is active DNSSEC key master. Uninstall could break your DNS system."
|
||||
sys.exit("Deletion aborted")
|
||||
|
||||
# Pick CA renewal master
|
||||
ca = cainstance.CAInstance(api.env.realm, certs.NSS_DIR)
|
||||
if ca.is_renewal_master(hostname):
|
||||
@ -746,6 +757,9 @@ def del_master(realm, hostname, options):
|
||||
bind.remove_master_dns_records(hostname, realm, realm.lower())
|
||||
bind.remove_ipa_ca_dns_records(hostname, realm.lower())
|
||||
bind.remove_server_ns_records(hostname)
|
||||
|
||||
keysyncd = dnskeysyncinstance.DNSKeySyncInstance()
|
||||
keysyncd.remove_replica_public_keys(hostname)
|
||||
except Exception, e:
|
||||
print "Failed to cleanup %s DNS entries: %s" % (hostname, e)
|
||||
print "You may need to manually remove them from the tree"
|
||||
|
@ -585,7 +585,16 @@ def uninstall():
|
||||
if ca_instance.is_configured():
|
||||
ca_instance.uninstall()
|
||||
|
||||
ods = opendnssecinstance.OpenDNSSECInstance(fstore)
|
||||
if ods.is_configured():
|
||||
ods.uninstall()
|
||||
|
||||
ods_exporter = odsexporterinstance.ODSExporterInstance(fstore)
|
||||
if ods_exporter.is_configured():
|
||||
ods_exporter.uninstall()
|
||||
|
||||
bindinstance.BindInstance(fstore).uninstall()
|
||||
dnskeysyncinstance.DNSKeySyncInstance(fstore).uninstall()
|
||||
httpinstance.HTTPInstance(fstore).uninstall()
|
||||
krbinstance.KrbInstance(fstore).uninstall()
|
||||
dsinstance.DsInstance(fstore=fstore).uninstall()
|
||||
@ -743,6 +752,20 @@ def main():
|
||||
"agreements.\n\n")
|
||||
print textwrap.fill(msg, width=80, replace_whitespace=False)
|
||||
else:
|
||||
|
||||
# test if server is DNSSEC key master
|
||||
masters = opendnssecinstance.get_dnssec_key_masters(conn)
|
||||
if api.env.host in masters:
|
||||
print "This server is active DNSSEC key master. Uninstall could break your DNS system."
|
||||
if not (options.unattended or user_input("Are you sure you "
|
||||
"want to continue "
|
||||
"with the uninstall "
|
||||
"procedure?",
|
||||
False)):
|
||||
print ""
|
||||
print "Aborting uninstall operation."
|
||||
sys.exit(1)
|
||||
|
||||
rm = replication.ReplicationManager(
|
||||
realm=api.env.realm,
|
||||
hostname=api.env.host,
|
||||
|
Loading…
Reference in New Issue
Block a user