diff options
-rwxr-xr-x | install/tools/ipa-server-install | 5 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 38 |
2 files changed, 26 insertions, 17 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 3e5d9a9d4..35b65f662 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -482,11 +482,12 @@ def uninstall(): print "ipa-client-install returned: " + str(e) ntpinstance.NTPInstance(fstore).uninstall() - if not dogtag.install_constants.SHARED_DB: + if not dogtag_constants.SHARED_DB: cads_instance = cainstance.CADSInstance( dogtag_constants=dogtag_constants) if cads_instance.is_configured(): cads_instance.uninstall() + cainstance.stop_tracking_certificates(dogtag_constants) ca_instance = cainstance.CAInstance( api.env.realm, certs.NSS_DIR, dogtag_constants=dogtag_constants) if ca_instance.is_configured(): @@ -534,7 +535,7 @@ def uninstall(): # Note that this name will be wrong after the first uninstall. dirname = dsinstance.config_dirname(dsinstance.realm_to_serverid(api.env.realm)) - dirs = [dirname, dogtag.configured_constants().ALIAS_DIR, certs.NSS_DIR] + dirs = [dirname, dogtag_constants.ALIAS_DIR, certs.NSS_DIR] ids = certmonger.check_state(dirs) if ids: root_logger.error('Some certificates may still be tracked by certmonger.\nThis will cause re-installation to fail.\nStart the certmonger service and list the certificates being tracked\n # getcert list\nThese may be untracked by executing\n # getcert stop-tracking -i <request_id>\nfor each id in: %s' % ', '.join(ids)) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 2e4375b84..418267f6c 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -437,25 +437,33 @@ class CADSInstance(service.Service): # At one time we removed this user on uninstall. That can potentially # orphan files, or worse, if another useradd runs in the intermim, # cause files to have a new owner. - cmonger = ipaservices.knownservices.certmonger - ipaservices.knownservices.messagebus.start() - cmonger.start() - for nickname in ['Server-Cert cert-pki-ca', - 'auditSigningCert cert-pki-ca', - 'ocspSigningCert cert-pki-ca', - 'subsystemCert cert-pki-ca']: - try: - certmonger.stop_tracking( - self.dogtag_constants.ALIAS_DIR, nickname=nickname) - except (ipautil.CalledProcessError, RuntimeError), e: - root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e)) +def stop_tracking_certificates(dogtag_constants): + """Stop tracking our certificates. Called on uninstall. + """ + cmonger = ipaservices.knownservices.certmonger + ipaservices.knownservices.messagebus.start() + cmonger.start() + + for nickname in ['Server-Cert cert-pki-ca', + 'auditSigningCert cert-pki-ca', + 'ocspSigningCert cert-pki-ca', + 'subsystemCert cert-pki-ca']: try: - certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert') + certmonger.stop_tracking( + dogtag_constants.ALIAS_DIR, nickname=nickname) except (ipautil.CalledProcessError, RuntimeError), e: - root_logger.error("certmonger failed to stop tracking certificate: %s" % str(e)) - cmonger.stop() + root_logger.error( + "certmonger failed to stop tracking certificate: %s" % str(e)) + + try: + certmonger.stop_tracking('/etc/httpd/alias', nickname='ipaCert') + except (ipautil.CalledProcessError, RuntimeError), e: + root_logger.error( + "certmonger failed to stop tracking certificate: %s" % str(e)) + cmonger.stop() + class CAInstance(service.Service): """ |