def uninstall(self):
if self.is_configured():
self.print_msg("Unconfiguring %s" % self.service_name)
self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected())
try:
self.fstore.restore_file(paths.NAMED_CONF)
except ValueError as error:
logger.debug('%s', error)
try:
tasks.unconfigure_dns_resolver(fstore=self.fstore)
except Exception:
logger.exception("Failed to unconfigure DNS resolver")
ipautil.rmtree(paths.BIND_LDAP_DNS_IPA_WORKDIR)
self.disable()
self.stop()
self.named_conflict.unmask()
ipautil.remove_file(paths.NAMED_CONF_BAK)
ipautil.remove_file(paths.NAMED_CUSTOM_CONF)
ipautil.remove_file(paths.NAMED_CUSTOM_OPTIONS_CONF)
ipautil.remove_keytab(self.keytab)
ipautil.remove_ccache(run_as=self.service_user)
def uninstall(self):
if not self.is_configured():
return
self.print_msg("Unconfiguring %s" % self.service_name)
# just eat states
self.restore_state("running")
self.restore_state("enabled")
# stop and disable service (IPA service, we do not need it anymore)
self.disable()
self.stop()
# restore state of dnssec default signer daemon
signerd_enabled = self.restore_state("singerd_enabled")
signerd_running = self.restore_state("singerd_running")
signerd_service = services.knownservices.ods_signerd
signerd_service.unmask()
# service was stopped and disabled by setup
if signerd_enabled:
signerd_service.enable()
if signerd_running:
signerd_service.start()
ipautil.remove_keytab(self.keytab)
ipautil.remove_ccache(ccache_path=paths.IPA_ODS_EXPORTER_CCACHE)
def uninstall(self):
if self.is_configured():
self.print_msg("Unconfiguring %s" % self.service_name)
# Call restore_state so that we do not leave mess in the statestore
# Otherwise this does nothing
self.restore_state("running")
self.restore_state("enabled")
winbind = services.service("winbind", api)
# Always try to stop and disable smb service, since we do not leave
# working configuration after uninstall
try:
self.stop()
self.disable()
winbind.stop()
winbind.disable()
except Exception:
pass
# Since we do not guarantee restoring back to working samba state,
# we should not restore smb.conf
# Restore the state of affected selinux booleans
boolean_states = {
name: self.restore_state(name)
for name in constants.SELINUX_BOOLEAN_ADTRUST
}
try:
tasks.set_selinux_booleans(boolean_states)
except ipapython.errors.SetseboolError as e:
self.print_msg('WARNING: ' + str(e))
# Remove samba's credentials cache
ipautil.remove_ccache(ccache_path=paths.KRB5CC_SAMBA)
# Remove samba's configuration file
ipautil.remove_file(self.smb_conf)
# Remove samba's persistent and temporary tdb files
# in /var/lib/samba and /var/lib/samba/private
for smbpath in (paths.SAMBA_DIR,
os.path.join(paths.SAMBA_DIR, "private"),
os.path.join(paths.SAMBA_DIR, "lock")):
if os.path.isdir(smbpath):
tdb_files = [
os.path.join(smbpath, tdb_file)
for tdb_file in os.listdir(smbpath)
if tdb_file.endswith(".tdb")
]
for tdb_file in tdb_files:
ipautil.remove_file(tdb_file)
# Remove our keys from samba's keytab
self.clean_samba_keytab()
def uninstall(self):
if self.is_configured():
self.print_msg("Unconfiguring %s" % self.service_name)
running = self.restore_state("running")
enabled = self.restore_state("enabled")
named_regular_running = self.restore_state("named-regular-running")
named_regular_enabled = self.restore_state("named-regular-enabled")
self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected())
try:
self.fstore.restore_file(paths.NAMED_CONF)
except ValueError as error:
logger.debug('%s', error)
try:
tasks.unconfigure_dns_resolver(fstore=self.fstore)
except Exception:
logger.exception("Failed to unconfigure DNS resolver")
ipautil.rmtree(paths.BIND_LDAP_DNS_IPA_WORKDIR)
# disabled by default, by ldap_configure()
if enabled:
self.enable()
else:
self.disable()
if running:
self.restart()
else:
self.stop()
self.named_regular.unmask()
if named_regular_enabled:
self.named_regular.enable()
if named_regular_running:
self.named_regular.start()
ipautil.remove_file(paths.NAMED_CONF_BAK)
ipautil.remove_file(paths.NAMED_CUSTOM_CONF)
ipautil.remove_file(paths.NAMED_CUSTOM_OPTIONS_CONF)
ipautil.remove_keytab(self.keytab)
ipautil.remove_ccache(run_as=self.service_user)
def remove_ccache(ccache_path=None, run_as=None):
"""
remove Kerberos credential cache, essentially a wrapper around kdestroy.
:param ccache_path: path to the ccache file
:param run_as: run kdestroy as this user
"""
warnings.warn("Use 'ipapython.ipautil.remove_ccache'",
DeprecationWarning,
stacklevel=2)
return ipautil.remove_ccache(ccache_path=ccache_path, run_as=run_as)
def uninstall(fstore, statestore, options):
# Shut down Samba services and disable them
smb = services.service("smb", api)
winbind = services.service("winbind", api)
for svc in (smb, winbind):
if svc.is_running():
svc.stop()
svc.disable()
# Restore the state of affected selinux booleans
boolean_states = {}
for usecase in constants.SELINUX_BOOLEAN_SMBSERVICE:
for name in usecase:
boolean_states[name] = statestore.restore_state("selinux", name)
if boolean_states:
set_selinux_booleans(boolean_states, statestore, backup=False)
# Remove samba's credentials cache
ipautil.remove_ccache(ccache_path=paths.KRB5CC_SAMBA)
# Remove samba's configuration file
if fstore.has_file(paths.SMB_CONF):
ipautil.remove_file(paths.SMB_CONF)
fstore.restore_file(paths.SMB_CONF)
# Remove samba's persistent and temporary tdb files
# in /var/lib/samba and /var/lib/samba/private
for smbpath in (paths.SAMBA_DIR, os.path.join(paths.SAMBA_DIR, "private"),
os.path.join(paths.SAMBA_DIR, "lock")):
tdb_files = [
os.path.join(smbpath, tdb_file) for tdb_file in os.listdir(smbpath)
if tdb_file.endswith(".tdb")
]
for tdb_file in tdb_files:
ipautil.remove_file(tdb_file)
# Remove our keys from samba's keytab
if os.path.exists(paths.SAMBA_KEYTAB):
try:
ipautil.run([
paths.IPA_RMKEYTAB,
"--principal",
api.env.smb_princ,
"-k",
paths.SAMBA_KEYTAB,
])
except ipautil.CalledProcessError as e:
if e.returncode != 5:
logger.critical("Failed to remove old key for %s",
api.env.smb_princ)
with use_api_as_principal(api.env.host_princ, paths.KRB5_KEYTAB):
try:
api.Command.service_del(api.env.smb_princ)
except errors.VersionError as e:
print("This client is incompatible: " + str(e))
except errors.NotFound:
logger.debug("No SMB service principal exists, OK to proceed")
except errors.PublicError as e:
logger.error(
"Cannot connect to the server due to "
"a generic error: %s",
e,
)
def clean_previous_keytab(self, keytab=None):
"""
Purge old CIFS keys from samba and clean up samba ccache
"""
self.clean_samba_keytab()
ipautil.remove_ccache(paths.KRB5CC_SAMBA)
