Re-enable uninstall feature for ipa-kra-install

The underlying Dogtag issue (Dogtag ticket 1113) has been fixed.
We can therefore re-enable the uninstall option for ipa-kra-install.
Also, fixes an incorrect path in the ipa-pki-proxy.conf, and adds
a debug statement to provide status to the user when an uninstall
is done.  Also, re-added the no_host_dns option which is used when
unpacking a replica file.

Part of the work for: https://fedorahosted.org/freeipa/ticket/3872

Reviewed-By: Petr Viktorin <pviktori@redhat.com>

3 files changed, 10 insertions, 9 deletions

diff --git a/install/conf/ipa-pki-proxy.conf b/install/conf/ipa-pki-proxy.conf
index 57175390b..2370b4d7a 100644
--- a/install/conf/ipa-pki-proxy.conf
+++ b/install/conf/ipa-pki-proxy.conf
@@ -19,7 +19,7 @@ ProxyRequests Off
 </LocationMatch>
 
 # matches for agent port and eeca port
-<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/kra/rest/admin/kraconnector/remove">
+<LocationMatch "^/ca/agent/ca/displayBySerial|^/ca/agent/ca/doRevoke|^/ca/agent/ca/doUnrevoke|^/ca/agent/ca/updateDomainXML|^/ca/eeca/ca/profileSubmitSSLClient|^/kra/agent/kra/connector|^/kra/rest/agent/keyrequests|^/kra/rest/agent/keys|^/ca/rest/admin/kraconnector/remove">
     NSSOptions +StdEnvVars +ExportCertData +StrictRequire +OptRenegotiate
     NSSVerifyClient require
     ProxyPassMatch ajp://localhost:$DOGTAG_PORT
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index 1e4c5fa79..174b538aa 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -335,6 +335,10 @@ class DogtagInstance(service.Service):
     def stop_tracking_certificates(self, dogtag_constants, reqs=None):
         """Stop tracking our certificates. Called on uninstall.
         """
+        self.print_msg(
+            "Configuring certmonger to stop tracking system certificates "
+            "for %s" % self.subsystem)
+
         cmonger = services.knownservices.certmonger
         services.knownservices.messagebus.start()
         cmonger.start()
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 2c4f2dcaa..207b8c412 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -49,6 +49,11 @@ class KRAInstall(admintool.AdminTool):
         super(KRAInstall, cls).add_options(parser, debug_option=True)
 
         parser.add_option(
+            "--no-host-dns", dest="no_host_dns", action="store_true",
+            default=False,
+            help="Do not use DNS for hostname lookup during installation")
+
+        parser.add_option(
             "-p", "--password",
             dest="password", sensitive=True,
             help="Directory Manager (existing master) password")
@@ -115,14 +120,6 @@ class KRAUninstaller(KRAInstall):
         super(KRAUninstaller, self).run()
         dogtag_constants = dogtag.configured_constants()
 
-        # temporarily disable uninstall until Dogtag ticket:
-        # https://fedorahosted.org/pki/ticket/1113 is fixed
-        # TODO(alee) remove this once the above ticket is fixed
-        raise admintool.ScriptError(
-            "Uninstall is temporarily disabled.  To uninstall, please "
-            "use ipa-server-install --uninstall"
-        )
-
         kra_instance = krainstance.KRAInstance(
             api.env.realm, dogtag_constants=dogtag_constants)
         kra_instance.stop_tracking_certificates(dogtag_constants)