Re-enable uninstall feature for ipa-kra-install

The underlying Dogtag issue (Dogtag ticket 1113) has been fixed. We can therefore re-enable the uninstall option for ipa-kra-install. Also, fixes an incorrect path in the ipa-pki-proxy.conf, and adds a debug statement to provide status to the user when an uninstall is done. Also, re-added the no_host_dns option which is used when unpacking a replica file. Part of the work for: https://fedorahosted.org/freeipa/ticket/3872 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
2025-02-25 18:55:28 -06:00 · 2014-09-01 22:49:54 -04:00
parent 4fac4f4cf6
commit 9ca5a4e420
3 changed files with 10 additions and 9 deletions
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -19,7 +19,7 @@ ProxyRequests Off
 </LocationMatch>

 # matches for agent port and eeca port
-<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/kra/rest/admin/kraconnector/remove">
+<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/ca/rest/admin/kraconnector/remove">
    NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
    NSSVerifyClient require
    ProxyPassMatch ajp://localhost:$DOGTAG_PORT
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -335,6 +335,10 @@ class DogtagInstance(service.Service):
    def stop_tracking_certificates(self, dogtag_constants, reqs=None):
        """Stop tracking our certificates. Called on uninstall.
        """
+        self.print_msg(
+            "Configuring certmonger to stop tracking system certificates "
+            "for %s" % self.subsystem)
+
        cmonger = services.knownservices.certmonger
        services.knownservices.messagebus.start()
        cmonger.start()
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -48,6 +48,11 @@ class KRAInstall(admintool.AdminTool):
    def add_options(cls, parser, debug_option=True):
        super(KRAInstall, cls).add_options(parser, debug_option=True)

+        parser.add_option(
+            "--no-host-dns", dest="no_host_dns", action="store_true",
+            default=False,
+            help="Do not use DNS for hostname lookup during installation")
+
        parser.add_option(
            "-p", "--password",
            dest="password", sensitive=True,
@@ -115,14 +120,6 @@ class KRAUninstaller(KRAInstall):
        super(KRAUninstaller, self).run()
        dogtag_constants = dogtag.configured_constants()

-        # temporarily disable uninstall until Dogtag ticket:
-        # https://fedorahosted.org/pki/ticket/1113 is fixed
-        # TODO(alee) remove this once the above ticket is fixed
-        raise admintool.ScriptError(
-            "Uninstall is temporarily disabled.  To uninstall, please "
-            "use ipa-server-install --uninstall"
-        )
-
        kra_instance = krainstance.KRAInstance(
            api.env.realm, dogtag_constants=dogtag_constants)
        kra_instance.stop_tracking_certificates(dogtag_constants)