Improves sssd.conf handling during ipa-client uninstall

The sssd.conf file is no longer left behind in case sssd was not configured before the installation. However, the patch goes behind the scope of this ticked and improves the handling of sssd.conf during the ipa-client-install --uninstall in general. The current behaviour (well documented in source code) is as follows: - In general, the IPA domain is simply removed from the sssd.conf file, instead of sssd.conf being rewritten from the backup. This preserves any domains added after installation. - If sssd.conf existed before the installation, it is restored to sssd.conf.bkp. However, any IPA domains from pre-installation sssd.conf should have been merged during the installation. - If sssd.conf did not exist before the installation, and no other domains than IPA domain exist in it, the patch makes sure that sssd.conf is moved to sssd.conf.deleted so user experiences no crash during any next installation due to its existence. https://fedorahosted.org/freeipa/ticket/2740
author: Tomas Babej <tbabej@redhat.com> 2012-08-17 08:56:45 -0400
committer: Martin Kosek <mkosek@redhat.com> 2012-09-20 16:57:13 +0200
commit: dd72ed62125a1de5af88c443a8b0e4621b269e16 (patch)
tree: a9658b2d3b1225e2b1d2540ea6443a9e53c08c8f /ipa-client
parent: 26baae1fe925ca6aaaeba08b4efba06f7260e169 (diff)
download: freeipa-dd72ed62125a1de5af88c443a8b0e4621b269e16.tar.gz
freeipa-dd72ed62125a1de5af88c443a8b0e4621b269e16.tar.xz
freeipa-dd72ed62125a1de5af88c443a8b0e4621b269e16.zip
1 files changed, 97 insertions, 15 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index a9408eed7..aca6e3912 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -185,6 +185,37 @@ def nssldap_exists():
 
     return (retval, files_found)
 
+# helper function for uninstall
+# deletes IPA domain from sssd.conf
+def delete_ipa_domain():
+    sssd = ipaservices.service('sssd')
+    try:
+        sssdconfig = SSSDConfig.SSSDConfig()
+        sssdconfig.import_config()
+        domains = sssdconfig.list_active_domains()
+
+        ipa_domain_name = None
+
+        for name in domains:
+            domain = sssdconfig.get_domain(name)
+            try:
+                provider = domain.get_option('id_provider')
+                if provider == "ipa":
+                    ipa_domain_name = name
+                    break
+            except SSSDConfig.NoOptionError:
+                continue
+
+        if ipa_domain_name is not None:
+            sssdconfig.delete_domain(ipa_domain_name)
+            sssdconfig.write()
+        else:
+            root_logger.warning("IPA domain could not be found in "
+                "/etc/sssd/sssd.conf and therefore not deleted")
+    except IOError:
+        root_logger.warning("IPA domain could not be deleted. "
+            "No access to the /etc/sssd/sssd.conf file.")
+
 def uninstall(options, env):
 
     if not fstore.has_files():
@@ -214,7 +245,12 @@ def uninstall(options, env):
         sssdconfig = SSSDConfig.SSSDConfig()
         sssdconfig.import_config()
         domains = sssdconfig.list_active_domains()
-        if len(domains) > 1:
+        all_domains = sssdconfig.list_domains()
+
+        # we consider all the domains, because handling sssd.conf
+        # during uninstall is dependant on was_sssd_configured flag
+        # so the user does not lose info about inactive domains
+        if len(all_domains) > 1:
             # There was more than IPA domain configured
             was_sssd_configured = True
         for name in domains:
@@ -351,6 +387,66 @@ def uninstall(options, env):
             "Failed to remove krb5/LDAP configuration: %s", str(e))
         return CLIENT_INSTALL_ERROR
 
+    # Next if-elif-elif construction deals with sssd.conf file.
+    # Old pre-IPA domains are preserved due merging the old sssd.conf
+    # during the installation of ipa-client but any new domains are
+    # only present in sssd.conf now, so we don't want to delete them
+    # by rewriting sssd.conf file. IPA domain is removed gracefully.
+
+    # SSSD was installed before our installation and other non-IPA domains
+    # found, restore backed up sssd.conf to sssd.conf.bkp and remove IPA
+    # domain from the current sssd.conf
+    if was_sssd_installed and was_sssd_configured:
+        root_logger.info(
+            "The original configuration of SSSD included other domains than " +
+            "the IPA-based one.")
+
+        delete_ipa_domain()
+
+
+        restored = False
+        try:
+            restored = fstore.restore_file("/etc/sssd/sssd.conf","/etc/sssd/sssd.conf.bkp")
+        except OSError:
+            root_logger.debug("Error while restoring pre-IPA /etc/sssd/sssd.conf.")
+
+        if restored:
+            root_logger.info("Original pre-IPA SSSD configuration file was "
+                "restored to /etc/sssd/sssd.conf.bkp.")
+
+        root_logger.info("IPA domain removed from current one, " +
+                         "restarting SSSD service")
+        sssd = ipaservices.service('sssd')
+        try:
+            sssd.restart()
+        except CalledProcessError:
+            root_logger.warning("SSSD service restart was unsuccessful.")
+
+    # SSSD was not installed before our installation, but other domains found,
+    # delete IPA domain, but leave other domains intact
+    elif not was_sssd_installed and was_sssd_configured:
+        delete_ipa_domain()
+        root_logger.info("Other domains than IPA domain found, " +
+                         "IPA domain was removed from /etc/sssd/sssd.conf.")
+
+        sssd = ipaservices.service('sssd')
+        try:
+            sssd.restart()
+        except CalledProcessError:
+            root_logger.warning("SSSD service restart was unsuccessful.")
+
+    # SSSD was not installed before our installation, and no other domains
+    # than IPA are configured in sssd.conf - make sure config file is removed
+    elif not was_sssd_installed and not was_sssd_configured:
+        try:
+            os.rename("/etc/sssd/sssd.conf","/etc/sssd/sssd.conf.deleted")
+        except OSError:
+            root_logger.debug("Error while moving /etc/sssd/sssd.conf to "
+                "/etc/sssd/sssd.conf.deleted")
+
+        root_logger.info("Redundant SSSD configuration file " +
+            "/etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted")
+
     if fstore.has_files():
         root_logger.info("Restoring client configuration files")
         fstore.restore_all_files()
@@ -430,20 +526,6 @@ def uninstall(options, env):
     if was_sshd_configured and ipaservices.knownservices.sshd.is_running():
         ipaservices.knownservices.sshd.restart()
 
-    if was_sssd_installed and was_sssd_configured:
-        # SSSD was installed before our installation, config now is restored, restart it
-        root_logger.info(
-            "The original configuration of SSSD included other domains than " +
-            "the IPA-based one.")
-        root_logger.info(
-            "Original configuration file was restored, restarting SSSD " +
-            "service.")
-        sssd = ipaservices.service('sssd')
-        try:
-            sssd.restart()
-        except CalledProcessError:
-            root_logger.warning("SSSD service restart was unsuccessful.")
-
     if not options.unattended:
         root_logger.info(
             "The original nsswitch.conf configuration has been restored.")
author	Tomas Babej <tbabej@redhat.com>	2012-08-17 08:56:45 -0400
committer	Martin Kosek <mkosek@redhat.com>	2012-09-20 16:57:13 +0200
commit	dd72ed62125a1de5af88c443a8b0e4621b269e16 (patch)
tree	a9658b2d3b1225e2b1d2540ea6443a9e53c08c8f /ipa-client
parent	26baae1fe925ca6aaaeba08b4efba06f7260e169 (diff)
download	freeipa-dd72ed62125a1de5af88c443a8b0e4621b269e16.tar.gz freeipa-dd72ed62125a1de5af88c443a8b0e4621b269e16.tar.xz freeipa-dd72ed62125a1de5af88c443a8b0e4621b269e16.zip