mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
Use 'remove-ds.pl' to remove DS instance
The patch adds a function which calls 'remove-ds.pl' during DS instance removal. This should allow for a more thorough removal of DS related data during server uninstallation (such as closing custom ports, cleaning up slapd-* entries etc.) This patch is related to https://fedorahosted.org/freeipa/ticket/4487. Reviewed-By: Martin Basti <mbasti@redhat.com>
This commit is contained in:
parent
c90286cbbc
commit
55b7eed77e
@ -414,7 +414,11 @@ def signal_handler(signum, frame):
|
||||
print "Removing configuration for %s instance" % ds.serverid
|
||||
ds.stop()
|
||||
if ds.serverid:
|
||||
dsinstance.erase_ds_instance_data (ds.serverid)
|
||||
try:
|
||||
dsinstance.remove_ds_instance(ds.serverid)
|
||||
except ipautil.CalledProcessError:
|
||||
root_logger.error("Failed to remove DS instance. You may "
|
||||
"need to remove instance data manually")
|
||||
sys.exit(1)
|
||||
|
||||
def read_cache(dm_password):
|
||||
|
@ -193,14 +193,12 @@ class BasePathNamespace(object):
|
||||
BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
|
||||
BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
|
||||
USR_LIB_DIRSRV = "/usr/lib/dirsrv"
|
||||
USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s"
|
||||
USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA"
|
||||
LIB_FIREFOX = "/usr/lib/firefox"
|
||||
LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
|
||||
LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
|
||||
BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
|
||||
USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
|
||||
USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s"
|
||||
SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA"
|
||||
LIB64_FIREFOX = "/usr/lib64/firefox"
|
||||
LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
|
||||
@ -224,6 +222,7 @@ class BasePathNamespace(object):
|
||||
NTPD = "/usr/sbin/ntpd"
|
||||
PKIDESTROY = "/usr/sbin/pkidestroy"
|
||||
PKISPAWN = "/usr/sbin/pkispawn"
|
||||
REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
|
||||
RESTORECON = "/usr/sbin/restorecon"
|
||||
SELINUXENABLED = "/usr/sbin/selinuxenabled"
|
||||
SETSEBOOL = "/usr/sbin/setsebool"
|
||||
@ -293,7 +292,6 @@ class BasePathNamespace(object):
|
||||
SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
|
||||
SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
|
||||
DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
|
||||
SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s"
|
||||
VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
|
||||
SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
|
||||
SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
|
||||
|
@ -308,13 +308,17 @@ class CADSInstance(service.Service):
|
||||
if not enabled is None and not enabled:
|
||||
services.knownservices.dirsrv.disable()
|
||||
|
||||
if not serverid is None:
|
||||
if serverid is not None:
|
||||
# drop the trailing / off the config_dirname so the directory
|
||||
# will match what is in certmonger
|
||||
dirname = dsinstance.config_dirname(serverid)[:-1]
|
||||
dsdb = certs.CertDB(self.realm, nssdir=dirname)
|
||||
dsdb.untrack_server_cert("Server-Cert")
|
||||
dsinstance.erase_ds_instance_data(serverid)
|
||||
try:
|
||||
dsinstance.remove_ds_instance(serverid)
|
||||
except ipautil.CalledProcessError:
|
||||
root_logger.error("Failed to remove CA DS instance. You may "
|
||||
"need to remove instance data manually")
|
||||
|
||||
self.restore_state("user_exists")
|
||||
|
||||
|
@ -64,6 +64,7 @@ IPA_SCHEMA_FILES = ("60kerberos.ldif",
|
||||
"15rfc4876.ldif")
|
||||
|
||||
ALL_SCHEMA_FILES = IPA_SCHEMA_FILES + ("05rfc2247.ldif", )
|
||||
DS_INSTANCE_PREFIX = 'slapd-'
|
||||
|
||||
|
||||
def find_server_root():
|
||||
@ -81,29 +82,29 @@ def config_dirname(serverid):
|
||||
def schema_dirname(serverid):
|
||||
return config_dirname(serverid) + "/schema/"
|
||||
|
||||
def erase_ds_instance_data(serverid):
|
||||
installutils.rmtree(paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid)
|
||||
|
||||
installutils.rmtree(paths.USR_LIB_SLAPD_INSTANCE_TEMPLATE % serverid)
|
||||
def remove_ds_instance(serverid, force=False):
|
||||
"""A wrapper around the 'remove-ds.pl' script used by
|
||||
389ds to remove a single directory server instance. In case of error
|
||||
additional call with the '-f' flag is performed (forced removal). If this
|
||||
also fails, then an exception is raised.
|
||||
"""
|
||||
instance_name = ''.join([DS_INSTANCE_PREFIX, serverid])
|
||||
args = [paths.REMOVE_DS_PL, '-i', instance_name]
|
||||
if force:
|
||||
args.append('-f')
|
||||
root_logger.debug("Forcing instance removal")
|
||||
|
||||
installutils.rmtree(paths.USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE % serverid)
|
||||
try:
|
||||
ipautil.run(args)
|
||||
except ipautil.CalledProcessError:
|
||||
if force:
|
||||
root_logger.error("Instance removal failed.")
|
||||
raise
|
||||
root_logger.debug("'%s' failed. "
|
||||
"Attempting to force removal" % paths.REMOVE_DS_PL)
|
||||
remove_ds_instance(serverid, force=True)
|
||||
|
||||
installutils.rmtree(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % serverid)
|
||||
|
||||
installutils.rmtree(paths.SLAPD_INSTANCE_LOCK_TEMPLATE % serverid)
|
||||
|
||||
installutils.remove_file(paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % serverid)
|
||||
|
||||
installutils.rmtree(paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid)
|
||||
|
||||
installutils.remove_file(paths.DS_KEYTAB)
|
||||
|
||||
installutils.remove_file(paths.SYSCONFIG_DIRSRV_INSTANCE % serverid)
|
||||
|
||||
# try:
|
||||
# shutil.rmtree(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % serverid)
|
||||
# except:
|
||||
# pass
|
||||
|
||||
def get_ds_instances():
|
||||
'''
|
||||
@ -113,8 +114,7 @@ def get_ds_instances():
|
||||
matches 389ds behavior.
|
||||
'''
|
||||
|
||||
dirsrv_instance_dir=paths.ETC_DIRSRV
|
||||
instance_prefix = 'slapd-'
|
||||
dirsrv_instance_dir = paths.ETC_DIRSRV
|
||||
|
||||
instances = []
|
||||
|
||||
@ -123,9 +123,10 @@ def get_ds_instances():
|
||||
# Must be a directory
|
||||
if os.path.isdir(pathname):
|
||||
# Must start with prefix and not end with .removed
|
||||
if basename.startswith(instance_prefix) and not basename.endswith('.removed'):
|
||||
if (basename.startswith(DS_INSTANCE_PREFIX) and
|
||||
not basename.endswith('.removed')):
|
||||
# Strip off prefix
|
||||
instance = basename[len(instance_prefix):]
|
||||
instance = basename[len(DS_INSTANCE_PREFIX):]
|
||||
# Must be non-empty
|
||||
if instance:
|
||||
instances.append(instance)
|
||||
@ -774,9 +775,16 @@ class DsInstance(service.Service):
|
||||
self.disable()
|
||||
|
||||
serverid = self.restore_state("serverid")
|
||||
if not serverid is None:
|
||||
if serverid is not None:
|
||||
self.stop_tracking_certificates(serverid)
|
||||
erase_ds_instance_data(serverid)
|
||||
root_logger.debug("Removing DS instance %s" % serverid)
|
||||
try:
|
||||
remove_ds_instance(serverid)
|
||||
root_logger.debug("Removing DS keytab")
|
||||
installutils.remove_file(paths.DS_KEYTAB)
|
||||
except ipautil.CalledProcessError:
|
||||
root_logger.error("Failed to remove DS instance. You may "
|
||||
"need to remove instance data manually")
|
||||
|
||||
# At one time we removed this user on uninstall. That can potentially
|
||||
# orphan files, or worse, if another useradd runs in the intermim,
|
||||
|
Loading…
Reference in New Issue
Block a user