From 4a162f6fc8d53d959dd23e1138059dd239ff5124 Mon Sep 17 00:00:00 2001 From: Mark McLoughlin Date: Fri, 11 Jan 2008 11:57:36 +0000 Subject: Add ipa-server-install --uninstall Add a --uninstall option to ipa-server-install which tries to restore the system to the way it was before ipa-server-install was run using the state backed up through sysrestore.py. Signed-off-by: Mark McLoughlin --- ipa-server/ipa-install/ipa-server-install | 32 ++++++++++++++++++++++++------ ipa-server/ipaserver/bindinstance.py | 15 ++++++++++++++ ipa-server/ipaserver/dsinstance.py | 25 +++++++++++++++++++++++ ipa-server/ipaserver/httpinstance.py | 23 +++++++++++++++++++++ ipa-server/ipaserver/krbinstance.py | 33 +++++++++++++++++++++++++++++++ ipa-server/ipaserver/ntpinstance.py | 14 +++++++++++++ ipa-server/ipaserver/service.py | 3 +++ ipa-server/ipaserver/webguiinstance.py | 9 +++++++++ 8 files changed, 148 insertions(+), 6 deletions(-) (limited to 'ipa-server') diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index bc4d8e27a..7a8ebe259 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -74,15 +74,21 @@ def parse_options(): default=False, help="configure bind with our zone file") parser.add_option("-U", "--unattended", dest="unattended", action="store_true", default=False, help="unattended installation never prompts the user") + parser.add_option("", "--uninstall", dest="uninstall", action="store_true", + default=False, help="uninstall an existing installation") options, args = parser.parse_args() - if options.unattended and (not options.ds_user or - not options.realm_name or - not options.dm_password or - not options.admin_password or - not options.master_password): - parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -P options") + if options.uninstall: + if (options.ds_user or options.realm_name or + options.dm_password or options.admin_password or + options.master_password): + parser.error("error: In uninstall mode, -u, r, -p and -P options are not allowed") + elif options.unattended: + if (not options.ds_user or not options.realm_name or + not options.dm_password or not options.admin_password or + not options.master_password): + parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -P options") return options @@ -241,6 +247,17 @@ def read_admin_password(): admin_password = read_password("IPA admin") return admin_password +def uninstall(): + ipaserver.ntpinstance.NTPInstance().uninstall() + ipaserver.bindinstance.BindInstance().uninstall() + ipaserver.webguiinstance.WebGuiInstance().uninstall() + ipaserver.httpinstance.HTTPInstance().uninstall() + ipaserver.krbinstance.KrbInstance().uninstall() + ipaserver.dsinstance.DsInstance().uninstall() + sysrestore.restore_file("/etc/hosts") + sysrestore.restore_file("/etc/ipa/ipa.conf") + return 0 + def main(): global ds ds = None @@ -256,6 +273,9 @@ def main(): standard_logging_setup("ipaserver-install.log", options.debug) + if options.uninstall: + return uninstall() + print "==============================================================================" print "This program will setup the FreeIPA Server." print "" diff --git a/ipa-server/ipaserver/bindinstance.py b/ipa-server/ipaserver/bindinstance.py index 770663c67..9e26925ad 100644 --- a/ipa-server/ipaserver/bindinstance.py +++ b/ipa-server/ipaserver/bindinstance.py @@ -110,3 +110,18 @@ class BindInstance(service.Service): resolve_fd.write(resolve_txt) resolve_fd.close() + def uninstall(self): + running = self.restore_state("running") + domain = self.restore_state("domain") + + if not running is None: + self.stop() + + if not domain is None: + sysrestore.restore_file(os.path.join ("/var/named/", self.domain + ".zone.db")) + + sysrestore.restore_file('/etc/named.conf') + sysrestore.restore_file('/etc/resolve.conf') + + if not running is None and running: + self.start() diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py index 78a847597..3a71634a4 100644 --- a/ipa-server/ipaserver/dsinstance.py +++ b/ipa-server/ipaserver/dsinstance.py @@ -333,3 +333,28 @@ class DsInstance(service.Service): print "Unable to set admin password", e logging.debug("Unable to set admin password %s" % e) + def uninstall(self): + running = self.restore_state("running") + enabled = self.restore_state("enabled") + + if not running is None: + self.stop() + + if not enabled is None and not enabled: + self.chkconfig_off() + + serverid = self.restore_state("serverid") + if not serverid is None: + erase_ds_instance_data(serverid) + + ds_user = self.restore_state("user") + user_exists = self.restore_state("user_exists") + + if not ds_user is None and not user_exists is None and not user_exists: + try: + ipautil.run(["/usr/sbin/userdel", ds_user]) + except ipautil.CalledProcessError, e: + logging.critical("failed to delete user %s" % e) + + if self.restore_state("running"): + self.start() diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index 76e314dfa..1fa3eb7cc 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -158,3 +158,26 @@ class HTTPInstance(service.Service): "-e", ".html", tmpdir]) shutil.rmtree(tmpdir) + + def uninstall(self): + running = self.restore_state("running") + enabled = self.restore_state("enabled") + + if not running is None: + self.stop() + + if not enabled is None and not enabled: + self.chkconfig_off() + + for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]: + sysrestore.restore_file(f) + + sebool_state = self.restore_state("httpd_can_network_connect") + if not sebool_state is None: + try: + ipautil.run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", sebool_state]) + except: + self.print_msg(selinux_warning) + + if not running is None and running: + self.start() diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py index 10dab364e..28233f24b 100644 --- a/ipa-server/ipaserver/krbinstance.py +++ b/ipa-server/ipaserver/krbinstance.py @@ -379,4 +379,37 @@ class KrbInstance(service.Service): pent = pwd.getpwnam(self.ds_user) os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid) + def uninstall(self): + running = self.restore_state("running") + enabled = self.restore_state("enabled") + kpasswd_running = sysrestore.restore_state("ipa-kpasswd", "running") + kpasswd_enabled = sysrestore.restore_state("ipa-kpasswd", "enabled") + + if not running is None: + self.stop() + if not kpasswd_running is None: + service.stop("ipa-kpasswd") + + if not enabled is None and not enabled: + self.chkconfig_off() + if not kpasswd_enabled is None and not kpasswd_enabled: + service.chkconfig_off("ipa-kpasswd") + + for f in ["/var/kerberos/krb5kdc/ldappwd", + "/var/kerberos/krb5kdc/kdc.conf", + "/etc/krb5.conf", + "/usr/share/ipa/html/krb5.ini", + "/usr/share/ipa/html/krb.con", + "/usr/share/ipa/html/krbrealm.con", + "/etc/dirsrv/ds.keytab", + "/etc/sysconfig/dirsrv", + "/etc/krb5.keytab", + "/var/kerberos/krb5kdc/kpasswd.keytab", + "/etc/sysconfig/ipa-kpasswd"]: + sysrestore.restore_file(f) + + if not running is None and running: + self.start() + if not kpasswd_running is None and kpasswd_running: + service.start("ipa-kpasswd") diff --git a/ipa-server/ipaserver/ntpinstance.py b/ipa-server/ipaserver/ntpinstance.py index c40b12b08..a4f1e1831 100644 --- a/ipa-server/ipaserver/ntpinstance.py +++ b/ipa-server/ipaserver/ntpinstance.py @@ -70,3 +70,17 @@ class NTPInstance(service.Service): self.step("configuring ntpd to start on boot", self.__enable) self.start_creation("Configuring ntpd") + + def uninstall(self): + running = self.restore_state("running") + enabled = self.restore_state("enabled") + + if not running is None: + self.stop() + if not enabled is None and not enabled: + self.chkconfig_off() + + sysrestore.restore_file("/etc/ntp.conf") + + if not running is None and running: + self.start() diff --git a/ipa-server/ipaserver/service.py b/ipa-server/ipaserver/service.py index 0ea3f6618..e960c43d7 100644 --- a/ipa-server/ipaserver/service.py +++ b/ipa-server/ipaserver/service.py @@ -104,6 +104,9 @@ class Service: def backup_state(self, key, value): sysrestore.backup_state(self.service_name, key, value) + def restore_state(self, key): + return sysrestore.restore_state(self.service_name, key) + def print_msg(self, message): print_msg(message, self.output_fd) diff --git a/ipa-server/ipaserver/webguiinstance.py b/ipa-server/ipaserver/webguiinstance.py index f39002450..10b80ec37 100644 --- a/ipa-server/ipaserver/webguiinstance.py +++ b/ipa-server/ipaserver/webguiinstance.py @@ -35,3 +35,12 @@ class WebGuiInstance(service.Service): def __enable(self): self.backup_state("enabled", self.is_enabled()) self.chkconfig_on() + + def uninstall(self): + running = self.restore_state("running") + enabled = not self.restore_state("enabled") + + if not running is None and not running: + self.stop() + if not enabled is None and not enabled: + self.chkconfig_off() -- cgit