def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected()) try: self.fstore.restore_file(paths.NAMED_CONF) except ValueError as error: logger.debug('%s', error) try: tasks.unconfigure_dns_resolver(fstore=self.fstore) except Exception: logger.exception("Failed to unconfigure DNS resolver") ipautil.rmtree(paths.BIND_LDAP_DNS_IPA_WORKDIR) self.disable() self.stop() self.named_conflict.unmask() ipautil.remove_file(paths.NAMED_CONF_BAK) ipautil.remove_file(paths.NAMED_CUSTOM_CONF) ipautil.remove_file(paths.NAMED_CUSTOM_OPTIONS_CONF) ipautil.remove_keytab(self.keytab) ipautil.remove_ccache(run_as=self.service_user)
def uninstall(self): if not self.is_configured(): return self.print_msg("Unconfiguring %s" % self.service_name) # just eat states self.restore_state("running") self.restore_state("enabled") # stop and disable service (IPA service, we do not need it anymore) self.disable() self.stop() # restore state of dnssec default signer daemon signerd_enabled = self.restore_state("singerd_enabled") signerd_running = self.restore_state("singerd_running") signerd_service = services.knownservices.ods_signerd signerd_service.unmask() # service was stopped and disabled by setup if signerd_enabled: signerd_service.enable() if signerd_running: signerd_service.start() ipautil.remove_keytab(self.keytab) ipautil.remove_ccache(ccache_path=paths.IPA_ODS_EXPORTER_CCACHE)
def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) # Call restore_state so that we do not leave mess in the statestore # Otherwise this does nothing self.restore_state("running") self.restore_state("enabled") winbind = services.service("winbind", api) # Always try to stop and disable smb service, since we do not leave # working configuration after uninstall try: self.stop() self.disable() winbind.stop() winbind.disable() except Exception: pass # Since we do not guarantee restoring back to working samba state, # we should not restore smb.conf # Restore the state of affected selinux booleans boolean_states = { name: self.restore_state(name) for name in constants.SELINUX_BOOLEAN_ADTRUST } try: tasks.set_selinux_booleans(boolean_states) except ipapython.errors.SetseboolError as e: self.print_msg('WARNING: ' + str(e)) # Remove samba's credentials cache ipautil.remove_ccache(ccache_path=paths.KRB5CC_SAMBA) # Remove samba's configuration file ipautil.remove_file(self.smb_conf) # Remove samba's persistent and temporary tdb files # in /var/lib/samba and /var/lib/samba/private for smbpath in (paths.SAMBA_DIR, os.path.join(paths.SAMBA_DIR, "private"), os.path.join(paths.SAMBA_DIR, "lock")): if os.path.isdir(smbpath): tdb_files = [ os.path.join(smbpath, tdb_file) for tdb_file in os.listdir(smbpath) if tdb_file.endswith(".tdb") ] for tdb_file in tdb_files: ipautil.remove_file(tdb_file) # Remove our keys from samba's keytab self.clean_samba_keytab()
def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) running = self.restore_state("running") enabled = self.restore_state("enabled") named_regular_running = self.restore_state("named-regular-running") named_regular_enabled = self.restore_state("named-regular-enabled") self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected()) try: self.fstore.restore_file(paths.NAMED_CONF) except ValueError as error: logger.debug('%s', error) try: tasks.unconfigure_dns_resolver(fstore=self.fstore) except Exception: logger.exception("Failed to unconfigure DNS resolver") ipautil.rmtree(paths.BIND_LDAP_DNS_IPA_WORKDIR) # disabled by default, by ldap_configure() if enabled: self.enable() else: self.disable() if running: self.restart() else: self.stop() self.named_regular.unmask() if named_regular_enabled: self.named_regular.enable() if named_regular_running: self.named_regular.start() ipautil.remove_file(paths.NAMED_CONF_BAK) ipautil.remove_file(paths.NAMED_CUSTOM_CONF) ipautil.remove_file(paths.NAMED_CUSTOM_OPTIONS_CONF) ipautil.remove_keytab(self.keytab) ipautil.remove_ccache(run_as=self.service_user)
def remove_ccache(ccache_path=None, run_as=None): """ remove Kerberos credential cache, essentially a wrapper around kdestroy. :param ccache_path: path to the ccache file :param run_as: run kdestroy as this user """ warnings.warn("Use 'ipapython.ipautil.remove_ccache'", DeprecationWarning, stacklevel=2) return ipautil.remove_ccache(ccache_path=ccache_path, run_as=run_as)
def uninstall(fstore, statestore, options): # Shut down Samba services and disable them smb = services.service("smb", api) winbind = services.service("winbind", api) for svc in (smb, winbind): if svc.is_running(): svc.stop() svc.disable() # Restore the state of affected selinux booleans boolean_states = {} for usecase in constants.SELINUX_BOOLEAN_SMBSERVICE: for name in usecase: boolean_states[name] = statestore.restore_state("selinux", name) if boolean_states: set_selinux_booleans(boolean_states, statestore, backup=False) # Remove samba's credentials cache ipautil.remove_ccache(ccache_path=paths.KRB5CC_SAMBA) # Remove samba's configuration file if fstore.has_file(paths.SMB_CONF): ipautil.remove_file(paths.SMB_CONF) fstore.restore_file(paths.SMB_CONF) # Remove samba's persistent and temporary tdb files # in /var/lib/samba and /var/lib/samba/private for smbpath in (paths.SAMBA_DIR, os.path.join(paths.SAMBA_DIR, "private"), os.path.join(paths.SAMBA_DIR, "lock")): tdb_files = [ os.path.join(smbpath, tdb_file) for tdb_file in os.listdir(smbpath) if tdb_file.endswith(".tdb") ] for tdb_file in tdb_files: ipautil.remove_file(tdb_file) # Remove our keys from samba's keytab if os.path.exists(paths.SAMBA_KEYTAB): try: ipautil.run([ paths.IPA_RMKEYTAB, "--principal", api.env.smb_princ, "-k", paths.SAMBA_KEYTAB, ]) except ipautil.CalledProcessError as e: if e.returncode != 5: logger.critical("Failed to remove old key for %s", api.env.smb_princ) with use_api_as_principal(api.env.host_princ, paths.KRB5_KEYTAB): try: api.Command.service_del(api.env.smb_princ) except errors.VersionError as e: print("This client is incompatible: " + str(e)) except errors.NotFound: logger.debug("No SMB service principal exists, OK to proceed") except errors.PublicError as e: logger.error( "Cannot connect to the server due to " "a generic error: %s", e, )
def clean_previous_keytab(self, keytab=None): """ Purge old CIFS keys from samba and clean up samba ccache """ self.clean_samba_keytab() ipautil.remove_ccache(paths.KRB5CC_SAMBA)