def uninstall(self): if not self.is_configured(): return self.print_msg("Unconfiguring %s" % self.service_name) # just eat states self.restore_state("running") self.restore_state("enabled") # stop and disable service (IPA service, we do not need it anymore) self.disable() self.stop() # restore state of dnssec default signer daemon signerd_enabled = self.restore_state("singerd_enabled") signerd_running = self.restore_state("singerd_running") signerd_service = services.knownservices.ods_signerd signerd_service.unmask() # service was stopped and disabled by setup if signerd_enabled: signerd_service.enable() if signerd_running: signerd_service.start() ipautil.remove_keytab(self.keytab) ipautil.remove_ccache(ccache_path=paths.IPA_ODS_EXPORTER_CCACHE)
def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected()) try: self.fstore.restore_file(paths.NAMED_CONF) except ValueError as error: logger.debug('%s', error) try: tasks.unconfigure_dns_resolver(fstore=self.fstore) except Exception: logger.exception("Failed to unconfigure DNS resolver") ipautil.rmtree(paths.BIND_LDAP_DNS_IPA_WORKDIR) self.disable() self.stop() self.named_conflict.unmask() ipautil.remove_file(paths.NAMED_CONF_BAK) ipautil.remove_file(paths.NAMED_CUSTOM_CONF) ipautil.remove_file(paths.NAMED_CUSTOM_OPTIONS_CONF) ipautil.remove_keytab(self.keytab) ipautil.remove_ccache(run_as=self.service_user)
def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) # Just eat states self.restore_state("running") self.restore_state("enabled") self.restore_state("configured") # stop and disable service (IPA service, we do not need it anymore) self.stop() self.disable() for f in [paths.SYSCONFIG_NAMED]: try: self.fstore.restore_file(f) except ValueError as error: logger.debug('%s', error) # remove softhsm pin, to make sure new installation will generate # new token database # do not delete *so pin*, user can need it to get token data ipautil.remove_file(paths.DNSSEC_SOFTHSM_PIN) ipautil.remove_file(paths.DNSSEC_SOFTHSM2_CONF) try: shutil.rmtree(paths.DNSSEC_TOKENS_DIR) except OSError as e: if e.errno != errno.ENOENT: logger.exception("Failed to remove %s", paths.DNSSEC_TOKENS_DIR) ipautil.remove_keytab(self.keytab)
def __setup_principal(self): assert self.ods_gid is not None ipautil.remove_keytab(self.keytab) installutils.kadmin_addprinc(self.principal) # Store the keytab on disk installutils.create_keytab(self.keytab, self.principal) p = self.move_service(self.principal) if p is None: # the service has already been moved, perhaps we're doing a DNS reinstall dnssynckey_principal_dn = DN(('krbprincipalname', self.principal), ('cn', 'services'), ('cn', 'accounts'), self.suffix) else: dnssynckey_principal_dn = p # Make sure access is strictly reserved to the named user os.chown(self.keytab, 0, self.ods_gid) os.chmod(self.keytab, 0o440) dns_group = DN(('cn', 'DNS Servers'), ('cn', 'privileges'), ('cn', 'pbac'), self.suffix) mod = [(ldap.MOD_ADD, 'member', dnssynckey_principal_dn)] try: api.Backend.ldap2.modify_s(dns_group, mod) except ldap.TYPE_OR_VALUE_EXISTS: pass except Exception as e: logger.critical("Could not modify principal's %s entry: %s", dnssynckey_principal_dn, str(e)) raise # bind-dyndb-ldap persistent search feature requires both size and time # limit-free connection mod = [(ldap.MOD_REPLACE, 'nsTimeLimit', '-1'), (ldap.MOD_REPLACE, 'nsSizeLimit', '-1'), (ldap.MOD_REPLACE, 'nsIdleTimeout', '-1'), (ldap.MOD_REPLACE, 'nsLookThroughLimit', '-1')] try: api.Backend.ldap2.modify_s(dnssynckey_principal_dn, mod) except Exception as e: logger.critical("Could not set principal's %s LDAP limits: %s", dnssynckey_principal_dn, str(e)) raise
def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring %s" % self.service_name) running = self.restore_state("running") enabled = self.restore_state("enabled") named_regular_running = self.restore_state("named-regular-running") named_regular_enabled = self.restore_state("named-regular-enabled") self.dns_backup.clear_records(self.api.Backend.ldap2.isconnected()) try: self.fstore.restore_file(paths.NAMED_CONF) except ValueError as error: logger.debug('%s', error) try: tasks.unconfigure_dns_resolver(fstore=self.fstore) except Exception: logger.exception("Failed to unconfigure DNS resolver") ipautil.rmtree(paths.BIND_LDAP_DNS_IPA_WORKDIR) # disabled by default, by ldap_configure() if enabled: self.enable() else: self.disable() if running: self.restart() else: self.stop() self.named_regular.unmask() if named_regular_enabled: self.named_regular.enable() if named_regular_running: self.named_regular.start() ipautil.remove_file(paths.NAMED_CONF_BAK) ipautil.remove_file(paths.NAMED_CUSTOM_CONF) ipautil.remove_file(paths.NAMED_CUSTOM_OPTIONS_CONF) ipautil.remove_keytab(self.keytab) ipautil.remove_ccache(run_as=self.service_user)
def remove_keytab(keytab_path): """ Remove Kerberos keytab and issue a warning if the procedure fails :param keytab_path: path to the keytab file """ warnings.warn("Use 'ipapython.ipautil.remove_keytab'", DeprecationWarning, stacklevel=2) return ipautil.remove_keytab(keytab_path)
def uninstall(self): if self.is_configured(): self.print_msg("Unconfiguring web server") running = self.restore_state("running") enabled = self.restore_state("enabled") # Restore oddjobd to its original state oddjobd = services.service('oddjobd', api) if not self.sstore.restore_state('oddjobd', 'running'): try: oddjobd.stop() except Exception: pass if not self.sstore.restore_state('oddjobd', 'enabled'): try: oddjobd.disable() except Exception: pass self.stop_tracking_certificates() helper = self.restore_state('certmonger_ipa_helper') if helper: bus = dbus.SystemBus() obj = bus.get_object('org.fedorahosted.certmonger', '/org/fedorahosted/certmonger') iface = dbus.Interface(obj, 'org.fedorahosted.certmonger') path = iface.find_ca_by_nickname('IPA') if path: ca_obj = bus.get_object('org.fedorahosted.certmonger', path) ca_iface = dbus.Interface(ca_obj, 'org.freedesktop.DBus.Properties') ca_iface.Set('org.fedorahosted.certmonger.ca', 'external-helper', helper) for f in [ paths.HTTPD_IPA_CONF, paths.HTTPD_SSL_CONF, paths.HTTPD_SSL_SITE_CONF, paths.HTTPD_NSS_CONF ]: try: self.fstore.restore_file(f) except ValueError as error: logger.debug("%s", error) # Remove the configuration files we create ipautil.remove_keytab(self.keytab) remove_files = [ paths.HTTP_CCACHE, paths.HTTPD_CERT_FILE, paths.HTTPD_KEY_FILE, paths.HTTPD_PASSWD_FILE_FMT.format(host=api.env.host), paths.HTTPD_IPA_REWRITE_CONF, paths.HTTPD_IPA_CONF, paths.HTTPD_IPA_PKI_PROXY_CONF, paths.HTTPD_IPA_KDCPROXY_CONF_SYMLINK, paths.HTTPD_IPA_KDCPROXY_CONF, paths.GSSPROXY_CONF, paths.GSSAPI_SESSION_KEY, paths.HTTPD_PASSWORD_CONF, paths.SYSTEMD_SYSTEM_HTTPD_IPA_CONF, ] # NSS DB backups remove_files.extend( glob.glob(os.path.join(paths.HTTPD_ALIAS_DIR, '*.ipasave'))) if paths.HTTPD_IPA_WSGI_MODULES_CONF is not None: remove_files.append(paths.HTTPD_IPA_WSGI_MODULES_CONF) for filename in remove_files: ipautil.remove_file(filename) try: os.rmdir(paths.SYSTEMD_SYSTEM_HTTPD_D_DIR) except OSError as e: if e.errno not in {errno.ENOENT, errno.ENOTEMPTY}: logger.error("Failed to remove directory %s", paths.SYSTEMD_SYSTEM_HTTPD_D_DIR) # Restore SELinux boolean states boolean_states = { name: self.restore_state(name) for name in constants.SELINUX_BOOLEAN_HTTPD } try: tasks.set_selinux_booleans(boolean_states) except ipapython.errors.SetseboolError as e: self.print_msg('WARNING: ' + str(e)) if running: self.restart() # disabled by default, by ldap_configure() if enabled: self.enable()