Add ipa-server-install --uninstall

Add a --uninstall option to ipa-server-install which tries to
restore the system to the way it was before ipa-server-install
was run using the state backed up through sysrestore.py.

Signed-off-by: Mark McLoughlin <markmc@redhat.com>

8 files changed, 148 insertions, 6 deletions

diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install
index bc4d8e27..7a8ebe25 100644
--- a/ipa-server/ipa-install/ipa-server-install
+++ b/ipa-server/ipa-install/ipa-server-install
@@ -74,15 +74,21 @@ def parse_options():
                       default=False, help="configure bind with our zone file")
     parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
                       default=False, help="unattended installation never prompts the user")
+    parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
+                      default=False, help="uninstall an existing installation")
 
     options, args = parser.parse_args()
 
-    if options.unattended and (not options.ds_user or
-                               not options.realm_name or
-                               not options.dm_password or
-                               not options.admin_password or
-                               not options.master_password):
-        parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -P options")
+    if options.uninstall:
+        if (options.ds_user or options.realm_name or
+            options.dm_password or options.admin_password or
+            options.master_password):
+            parser.error("error: In uninstall mode, -u, r, -p and -P options are not allowed")
+    elif options.unattended:
+        if (not options.ds_user or not options.realm_name or
+            not options.dm_password or not options.admin_password or
+            not options.master_password):
+            parser.error("error: In unattended mode you need to provide at least -u, -r, -p and -P options")
 
     return options
 
@@ -241,6 +247,17 @@ def read_admin_password():
     admin_password = read_password("IPA admin")
     return admin_password
 
+def uninstall():
+    ipaserver.ntpinstance.NTPInstance().uninstall()
+    ipaserver.bindinstance.BindInstance().uninstall()
+    ipaserver.webguiinstance.WebGuiInstance().uninstall()
+    ipaserver.httpinstance.HTTPInstance().uninstall()
+    ipaserver.krbinstance.KrbInstance().uninstall()
+    ipaserver.dsinstance.DsInstance().uninstall()
+    sysrestore.restore_file("/etc/hosts")
+    sysrestore.restore_file("/etc/ipa/ipa.conf")
+    return 0
+
 def main():
     global ds
     ds = None
@@ -256,6 +273,9 @@ def main():
 
     standard_logging_setup("ipaserver-install.log", options.debug)
 
+    if options.uninstall:
+        return uninstall()
+
     print "=============================================================================="
     print "This program will setup the FreeIPA Server."
     print ""
diff --git a/ipa-server/ipaserver/bindinstance.py b/ipa-server/ipaserver/bindinstance.py
index 770663c6..9e26925a 100644
--- a/ipa-server/ipaserver/bindinstance.py
+++ b/ipa-server/ipaserver/bindinstance.py
@@ -110,3 +110,18 @@ class BindInstance(service.Service):
         resolve_fd.write(resolve_txt)
         resolve_fd.close()
 
+    def uninstall(self):
+        running = self.restore_state("running")
+        domain = self.restore_state("domain")
+
+        if not running is None:
+            self.stop()
+
+        if not domain is None:
+            sysrestore.restore_file(os.path.join ("/var/named/", self.domain + ".zone.db"))
+
+        sysrestore.restore_file('/etc/named.conf')
+        sysrestore.restore_file('/etc/resolve.conf')
+
+        if not running is None and running:
+            self.start()
diff --git a/ipa-server/ipaserver/dsinstance.py b/ipa-server/ipaserver/dsinstance.py
index 78a84759..3a71634a 100644
--- a/ipa-server/ipaserver/dsinstance.py
+++ b/ipa-server/ipaserver/dsinstance.py
@@ -333,3 +333,28 @@ class DsInstance(service.Service):
             print "Unable to set admin password", e
             logging.debug("Unable to set admin password %s" % e)
 
+    def uninstall(self):
+        running = self.restore_state("running")
+        enabled = self.restore_state("enabled")
+
+        if not running is None:
+            self.stop()
+
+        if not enabled is None and not enabled:
+            self.chkconfig_off()
+
+        serverid = self.restore_state("serverid")
+        if not serverid is None:
+            erase_ds_instance_data(serverid)
+
+        ds_user = self.restore_state("user")
+        user_exists = self.restore_state("user_exists")
+
+        if not ds_user is None and not user_exists is None and not user_exists:
+            try:
+                ipautil.run(["/usr/sbin/userdel", ds_user])
+            except ipautil.CalledProcessError, e:
+                logging.critical("failed to delete user %s" % e)
+
+        if self.restore_state("running"):
+            self.start()
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py
index 76e314df..1fa3eb7c 100644
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -158,3 +158,26 @@ class HTTPInstance(service.Service):
                          "-e", ".html",
                          tmpdir])
         shutil.rmtree(tmpdir)
+
+    def uninstall(self):
+        running = self.restore_state("running")
+        enabled = self.restore_state("enabled")
+
+        if not running is None:
+            self.stop()
+
+        if not enabled is None and not enabled:
+            self.chkconfig_off()
+
+        for f in ["/etc/httpd/conf.d/ipa.conf", SSL_CONF, NSS_CONF]:
+            sysrestore.restore_file(f)
+
+        sebool_state = self.restore_state("httpd_can_network_connect")
+        if not sebool_state is None:
+            try:
+                ipautil.run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", sebool_state])
+            except:
+                self.print_msg(selinux_warning)
+
+        if not running is None and running:
+            self.start()
diff --git a/ipa-server/ipaserver/krbinstance.py b/ipa-server/ipaserver/krbinstance.py
index 10dab364..28233f24 100644
--- a/ipa-server/ipaserver/krbinstance.py
+++ b/ipa-server/ipaserver/krbinstance.py
@@ -379,4 +379,37 @@ class KrbInstance(service.Service):
         pent = pwd.getpwnam(self.ds_user)
         os.chown("/var/kerberos/krb5kdc/kpasswd.keytab", pent.pw_uid, pent.pw_gid)
 
+    def uninstall(self):
+        running = self.restore_state("running")
+        enabled = self.restore_state("enabled")
 
+        kpasswd_running = sysrestore.restore_state("ipa-kpasswd", "running")
+        kpasswd_enabled = sysrestore.restore_state("ipa-kpasswd", "enabled")
+
+        if not running is None:
+            self.stop()
+        if not kpasswd_running is None:
+            service.stop("ipa-kpasswd")
+
+        if not enabled is None and not enabled:
+            self.chkconfig_off()
+        if not kpasswd_enabled is None and not kpasswd_enabled:
+            service.chkconfig_off("ipa-kpasswd")
+
+        for f in ["/var/kerberos/krb5kdc/ldappwd",
+                  "/var/kerberos/krb5kdc/kdc.conf",
+                  "/etc/krb5.conf",
+                  "/usr/share/ipa/html/krb5.ini",
+                  "/usr/share/ipa/html/krb.con",
+                  "/usr/share/ipa/html/krbrealm.con",
+                  "/etc/dirsrv/ds.keytab",
+                  "/etc/sysconfig/dirsrv",
+                  "/etc/krb5.keytab",
+                  "/var/kerberos/krb5kdc/kpasswd.keytab",
+                  "/etc/sysconfig/ipa-kpasswd"]:
+            sysrestore.restore_file(f)
+
+        if not running is None and running:
+            self.start()
+        if not kpasswd_running is None and kpasswd_running:
+            service.start("ipa-kpasswd")
diff --git a/ipa-server/ipaserver/ntpinstance.py b/ipa-server/ipaserver/ntpinstance.py
index c40b12b0..a4f1e183 100644
--- a/ipa-server/ipaserver/ntpinstance.py
+++ b/ipa-server/ipaserver/ntpinstance.py
@@ -70,3 +70,17 @@ class NTPInstance(service.Service):
         self.step("configuring ntpd to start on boot", self.__enable)
 
         self.start_creation("Configuring ntpd")
+
+    def uninstall(self):
+        running = self.restore_state("running")
+        enabled = self.restore_state("enabled")
+
+        if not running is None:
+            self.stop()
+        if not enabled is None and not enabled:
+            self.chkconfig_off()
+
+        sysrestore.restore_file("/etc/ntp.conf")
+
+        if not running is None and running:
+            self.start()
diff --git a/ipa-server/ipaserver/service.py b/ipa-server/ipaserver/service.py
index 0ea3f661..e960c43d 100644
--- a/ipa-server/ipaserver/service.py
+++ b/ipa-server/ipaserver/service.py
@@ -104,6 +104,9 @@ class Service:
     def backup_state(self, key, value):
         sysrestore.backup_state(self.service_name, key, value)
 
+    def restore_state(self, key):
+        return sysrestore.restore_state(self.service_name, key)
+
     def print_msg(self, message):
         print_msg(message, self.output_fd)
 
diff --git a/ipa-server/ipaserver/webguiinstance.py b/ipa-server/ipaserver/webguiinstance.py
index f3900245..10b80ec3 100644
--- a/ipa-server/ipaserver/webguiinstance.py
+++ b/ipa-server/ipaserver/webguiinstance.py
@@ -35,3 +35,12 @@ class WebGuiInstance(service.Service):
     def __enable(self):
         self.backup_state("enabled", self.is_enabled())
         self.chkconfig_on()
+
+    def uninstall(self):
+        running = self.restore_state("running")
+        enabled = not self.restore_state("enabled")
+
+        if not running is None and not running:
+            self.stop()
+        if not enabled is None and not enabled:
+            self.chkconfig_off()