4 files changed, 47 insertions, 33 deletions

diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 11055aee3..8b2b8a3c2 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -414,7 +414,11 @@ def signal_handler(signum, frame):
         print "Removing configuration for %s instance" % ds.serverid
         ds.stop()
         if ds.serverid:
-            dsinstance.erase_ds_instance_data (ds.serverid)
+            try:
+                dsinstance.remove_ds_instance(ds.serverid)
+            except ipautil.CalledProcessError:
+                root_logger.error("Failed to remove DS instance. You may "
+                                  "need to remove instance data manually")
     sys.exit(1)
 
 def read_cache(dm_password):
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 5c52714ab..7922e3bbc 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -193,14 +193,12 @@ class BasePathNamespace(object):
     BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/"
     BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/"
     USR_LIB_DIRSRV = "/usr/lib/dirsrv"
-    USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s"
     USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA"
     LIB_FIREFOX = "/usr/lib/firefox"
     LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so"
     LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/"
     BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so"
     USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv"
-    USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s"
     SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA"
     LIB64_FIREFOX = "/usr/lib64/firefox"
     LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so"
@@ -224,6 +222,7 @@ class BasePathNamespace(object):
     NTPD = "/usr/sbin/ntpd"
     PKIDESTROY = "/usr/sbin/pkidestroy"
     PKISPAWN = "/usr/sbin/pkispawn"
+    REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
     RESTORECON = "/usr/sbin/restorecon"
     SELINUXENABLED = "/usr/sbin/selinuxenabled"
     SETSEBOOL = "/usr/sbin/setsebool"
@@ -293,7 +292,6 @@ class BasePathNamespace(object):
     SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts"
     SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/"
     DIRSRV_LOCK_DIR = "/var/lock/dirsrv"
-    SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s"
     VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s"
     SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access"
     SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors"
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 2c6933be1..a61534d50 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -308,13 +308,17 @@ class CADSInstance(service.Service):
         if not enabled is None and not enabled:
             services.knownservices.dirsrv.disable()
 
-        if not serverid is None:
+        if serverid is not None:
             # drop the trailing / off the config_dirname so the directory
             # will match what is in certmonger
             dirname = dsinstance.config_dirname(serverid)[:-1]
             dsdb = certs.CertDB(self.realm, nssdir=dirname)
             dsdb.untrack_server_cert("Server-Cert")
-            dsinstance.erase_ds_instance_data(serverid)
+            try:
+                dsinstance.remove_ds_instance(serverid)
+            except ipautil.CalledProcessError:
+                root_logger.error("Failed to remove CA DS instance. You may "
+                                  "need to remove instance data manually")
 
         self.restore_state("user_exists")
 
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 66267f4cd..1e07c6d0d 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -64,6 +64,7 @@ IPA_SCHEMA_FILES = ("60kerberos.ldif",
                     "15rfc4876.ldif")
 
 ALL_SCHEMA_FILES = IPA_SCHEMA_FILES + ("05rfc2247.ldif", )
+DS_INSTANCE_PREFIX = 'slapd-'
 
 
 def find_server_root():
@@ -81,29 +82,29 @@ def config_dirname(serverid):
 def schema_dirname(serverid):
     return config_dirname(serverid) + "/schema/"
 
-def erase_ds_instance_data(serverid):
-    installutils.rmtree(paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid)
 
-    installutils.rmtree(paths.USR_LIB_SLAPD_INSTANCE_TEMPLATE % serverid)
-
-    installutils.rmtree(paths.USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE % serverid)
-
-    installutils.rmtree(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % serverid)
-
-    installutils.rmtree(paths.SLAPD_INSTANCE_LOCK_TEMPLATE % serverid)
-
-    installutils.remove_file(paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % serverid)
-
-    installutils.rmtree(paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid)
-
-    installutils.remove_file(paths.DS_KEYTAB)
-
-    installutils.remove_file(paths.SYSCONFIG_DIRSRV_INSTANCE % serverid)
+def remove_ds_instance(serverid, force=False):
+    """A wrapper around the 'remove-ds.pl' script used by
+    389ds to remove a single directory server instance. In case of error
+    additional call with the '-f' flag is performed (forced removal). If this
+    also fails, then an exception is raised.
+    """
+    instance_name = ''.join([DS_INSTANCE_PREFIX, serverid])
+    args = [paths.REMOVE_DS_PL, '-i', instance_name]
+    if force:
+        args.append('-f')
+        root_logger.debug("Forcing instance removal")
+
+    try:
+        ipautil.run(args)
+    except ipautil.CalledProcessError:
+        if force:
+            root_logger.error("Instance removal failed.")
+            raise
+        root_logger.debug("'%s' failed. "
+                          "Attempting to force removal" % paths.REMOVE_DS_PL)
+        remove_ds_instance(serverid, force=True)
 
-#    try:
-#        shutil.rmtree(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % serverid)
-#    except:
-#        pass
 
 def get_ds_instances():
     '''
@@ -113,8 +114,7 @@ def get_ds_instances():
     matches 389ds behavior.
     '''
 
-    dirsrv_instance_dir=paths.ETC_DIRSRV
-    instance_prefix = 'slapd-'
+    dirsrv_instance_dir = paths.ETC_DIRSRV
 
     instances = []
 
@@ -123,9 +123,10 @@ def get_ds_instances():
         # Must be a directory
         if os.path.isdir(pathname):
             # Must start with prefix and not end with .removed
-            if basename.startswith(instance_prefix) and not basename.endswith('.removed'):
+            if (basename.startswith(DS_INSTANCE_PREFIX) and
+                    not basename.endswith('.removed')):
                 # Strip off prefix
-                instance = basename[len(instance_prefix):]
+                instance = basename[len(DS_INSTANCE_PREFIX):]
                 # Must be non-empty
                 if instance:
                     instances.append(instance)
@@ -774,9 +775,16 @@ class DsInstance(service.Service):
             self.disable()
 
         serverid = self.restore_state("serverid")
-        if not serverid is None:
+        if serverid is not None:
             self.stop_tracking_certificates(serverid)
-            erase_ds_instance_data(serverid)
+            root_logger.debug("Removing DS instance %s" % serverid)
+            try:
+                remove_ds_instance(serverid)
+                root_logger.debug("Removing DS keytab")
+                installutils.remove_file(paths.DS_KEYTAB)
+            except ipautil.CalledProcessError:
+                root_logger.error("Failed to remove DS instance. You may "
+                                  "need to remove instance data manually")
 
         # At one time we removed this user on uninstall. That can potentially
         # orphan files, or worse, if another useradd runs in the intermim,