cainstance: do not configure renewal guard

Do not configure renewal guard for dogtag-ipa-renew-agent, as it is not
used in IPA anymore.

https://fedorahosted.org/freeipa/ticket/5959

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>

ipaserver/install/cainstance.py

@@ -32,8 +32,6 @@ import sys
 import syslog
 import time
 import tempfile
-import shlex
-import pipes
 
 # pylint: disable=import-error
 from six.moves.configparser import ConfigParser, RawConfigParser
@@ -950,16 +948,6 @@ class CAInstance(DogtagInstance):
         if path:
             iface.remove_known_ca(path)
 
-        helper = self.restore_state('certmonger_dogtag_helper')
-        if helper:
-            path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent')
-            if path:
-                ca_obj = bus.get_object('org.fedorahosted.certmonger', path)
-                ca_iface = dbus.Interface(ca_obj,
-                                          'org.freedesktop.DBus.Properties')
-                ca_iface.Set('org.fedorahosted.certmonger.ca',
-                             'external-helper', helper)
-
         cmonger.stop()
 
         # remove CRL files
@@ -990,35 +978,23 @@ class CAInstance(DogtagInstance):
         fd.close()
         os.chmod(location, 0o444)
 
-
-    def configure_certmonger_renewal(self):
-        super(CAInstance, self).configure_certmonger_renewal()
-
-        self.configure_certmonger_renewal_guard()
-
-    def configure_certmonger_renewal_guard(self):
+    def unconfigure_certmonger_renewal_guard(self):
         if not self.is_configured():
             return
 
-        bus = dbus.SystemBus()
-        obj = bus.get_object('org.fedorahosted.certmonger',
-                             '/org/fedorahosted/certmonger')
-        iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')
-        path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent')
-        if path:
-            ca_obj = bus.get_object('org.fedorahosted.certmonger', path)
-            ca_iface = dbus.Interface(ca_obj,
-                                      'org.freedesktop.DBus.Properties')
-            helper = ca_iface.Get('org.fedorahosted.certmonger.ca',
-                                  'external-helper')
-            if helper:
-                args = shlex.split(helper)
-                if args[0] != paths.IPA_SERVER_GUARD:
-                    self.backup_state('certmonger_dogtag_helper', helper)
-                    args = [paths.IPA_SERVER_GUARD] + args
-                    helper = ' '.join(pipes.quote(a) for a in args)
-                    ca_iface.Set('org.fedorahosted.certmonger.ca',
-                                 'external-helper', helper)
+        helper = self.restore_state('certmonger_dogtag_helper')
+        if helper:
+            bus = dbus.SystemBus()
+            obj = bus.get_object('org.fedorahosted.certmonger',
+                                 '/org/fedorahosted/certmonger')
+            iface = dbus.Interface(obj, 'org.fedorahosted.certmonger')
+            path = iface.find_ca_by_nickname('dogtag-ipa-renew-agent')
+            if path:
+                ca_obj = bus.get_object('org.fedorahosted.certmonger', path)
+                ca_iface = dbus.Interface(ca_obj,
+                                          'org.freedesktop.DBus.Properties')
+                ca_iface.Set('org.fedorahosted.certmonger.ca',
+                             'external-helper', helper)
 
     def configure_agent_renewal(self):
         try:

ipaserver/install/server/upgrade.py

@@ -1613,7 +1613,7 @@ def upgrade_configuration():
     if ca.is_configured() and not certmonger_service.is_running():
         certmonger_service.start()
 
-    ca.configure_certmonger_renewal_guard()
+    ca.unconfigure_certmonger_renewal_guard()
 
     update_dbmodules(api.env.realm)
     uninstall_ipa_kpasswd()