diff options
-rwxr-xr-x | install/tools/ipa-server-install | 6 | ||||
-rw-r--r-- | ipaplatform/base/paths.py | 4 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 8 | ||||
-rw-r--r-- | ipaserver/install/dsinstance.py | 62 |
4 files changed, 47 insertions, 33 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 11055aee3..8b2b8a3c2 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -414,7 +414,11 @@ def signal_handler(signum, frame): print "Removing configuration for %s instance" % ds.serverid ds.stop() if ds.serverid: - dsinstance.erase_ds_instance_data (ds.serverid) + try: + dsinstance.remove_ds_instance(ds.serverid) + except ipautil.CalledProcessError: + root_logger.error("Failed to remove DS instance. You may " + "need to remove instance data manually") sys.exit(1) def read_cache(dm_password): diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index 5c52714ab..7922e3bbc 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -193,14 +193,12 @@ class BasePathNamespace(object): BIND_LDAP_DNS_IPA_WORKDIR = "/var/named/dyndb-ldap/ipa/" BIND_LDAP_DNS_ZONE_WORKDIR = "/var/named/dyndb-ldap/ipa/master/" USR_LIB_DIRSRV = "/usr/lib/dirsrv" - USR_LIB_SLAPD_INSTANCE_TEMPLATE = "/usr/lib/dirsrv/slapd-%s" USR_LIB_SLAPD_PKI_IPA_DIR = "/usr/lib/dirsrv/slapd-PKI-IPA" LIB_FIREFOX = "/usr/lib/firefox" LIBSOFTHSM2_SO = "/usr/lib/pkcs11/libsofthsm2.so" LIB_SYSTEMD_SYSTEMD_DIR = "/usr/lib/systemd/system/" BIND_LDAP_SO_64 = "/usr/lib64/bind/ldap.so" USR_LIB_DIRSRV_64 = "/usr/lib64/dirsrv" - USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE = "/usr/lib64/dirsrv/slapd-%s" SLAPD_PKI_IPA = "/usr/lib64/dirsrv/slapd-PKI-IPA" LIB64_FIREFOX = "/usr/lib64/firefox" LIBSOFTHSM2_SO_64 = "/usr/lib64/pkcs11/libsofthsm2.so" @@ -224,6 +222,7 @@ class BasePathNamespace(object): NTPD = "/usr/sbin/ntpd" PKIDESTROY = "/usr/sbin/pkidestroy" PKISPAWN = "/usr/sbin/pkispawn" + REMOVE_DS_PL = "/usr/sbin/remove-ds.pl" RESTORECON = "/usr/sbin/restorecon" SELINUXENABLED = "/usr/sbin/selinuxenabled" SETSEBOOL = "/usr/sbin/setsebool" @@ -293,7 +292,6 @@ class BasePathNamespace(object): SSSD_PUBCONF_KNOWN_HOSTS = "/var/lib/sss/pubconf/known_hosts" SSSD_PUBCONF_KRB5_INCLUDE_D_DIR = "/var/lib/sss/pubconf/krb5.include.d/" DIRSRV_LOCK_DIR = "/var/lock/dirsrv" - SLAPD_INSTANCE_LOCK_TEMPLATE = "/var/lock/dirsrv/slapd-%s" VAR_LOG_DIRSRV_INSTANCE_TEMPLATE = "/var/log/dirsrv/slapd-%s" SLAPD_INSTANCE_ACCESS_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/access" SLAPD_INSTANCE_ERROR_LOG_TEMPLATE = "/var/log/dirsrv/slapd-%s/errors" diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 2c6933be1..a61534d50 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -308,13 +308,17 @@ class CADSInstance(service.Service): if not enabled is None and not enabled: services.knownservices.dirsrv.disable() - if not serverid is None: + if serverid is not None: # drop the trailing / off the config_dirname so the directory # will match what is in certmonger dirname = dsinstance.config_dirname(serverid)[:-1] dsdb = certs.CertDB(self.realm, nssdir=dirname) dsdb.untrack_server_cert("Server-Cert") - dsinstance.erase_ds_instance_data(serverid) + try: + dsinstance.remove_ds_instance(serverid) + except ipautil.CalledProcessError: + root_logger.error("Failed to remove CA DS instance. You may " + "need to remove instance data manually") self.restore_state("user_exists") diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 66267f4cd..1e07c6d0d 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -64,6 +64,7 @@ IPA_SCHEMA_FILES = ("60kerberos.ldif", "15rfc4876.ldif") ALL_SCHEMA_FILES = IPA_SCHEMA_FILES + ("05rfc2247.ldif", ) +DS_INSTANCE_PREFIX = 'slapd-' def find_server_root(): @@ -81,29 +82,29 @@ def config_dirname(serverid): def schema_dirname(serverid): return config_dirname(serverid) + "/schema/" -def erase_ds_instance_data(serverid): - installutils.rmtree(paths.ETC_DIRSRV_SLAPD_INSTANCE_TEMPLATE % serverid) - installutils.rmtree(paths.USR_LIB_SLAPD_INSTANCE_TEMPLATE % serverid) - - installutils.rmtree(paths.USR_LIB_DIRSRV_SLAPD_INSTANCE_DIR_TEMPLATE % serverid) - - installutils.rmtree(paths.VAR_LIB_SLAPD_INSTANCE_DIR_TEMPLATE % serverid) - - installutils.rmtree(paths.SLAPD_INSTANCE_LOCK_TEMPLATE % serverid) - - installutils.remove_file(paths.SLAPD_INSTANCE_SOCKET_TEMPLATE % serverid) - - installutils.rmtree(paths.VAR_LIB_DIRSRV_INSTANCE_SCRIPTS_TEMPLATE % serverid) - - installutils.remove_file(paths.DS_KEYTAB) - - installutils.remove_file(paths.SYSCONFIG_DIRSRV_INSTANCE % serverid) +def remove_ds_instance(serverid, force=False): + """A wrapper around the 'remove-ds.pl' script used by + 389ds to remove a single directory server instance. In case of error + additional call with the '-f' flag is performed (forced removal). If this + also fails, then an exception is raised. + """ + instance_name = ''.join([DS_INSTANCE_PREFIX, serverid]) + args = [paths.REMOVE_DS_PL, '-i', instance_name] + if force: + args.append('-f') + root_logger.debug("Forcing instance removal") + + try: + ipautil.run(args) + except ipautil.CalledProcessError: + if force: + root_logger.error("Instance removal failed.") + raise + root_logger.debug("'%s' failed. " + "Attempting to force removal" % paths.REMOVE_DS_PL) + remove_ds_instance(serverid, force=True) -# try: -# shutil.rmtree(paths.VAR_LOG_DIRSRV_INSTANCE_TEMPLATE % serverid) -# except: -# pass def get_ds_instances(): ''' @@ -113,8 +114,7 @@ def get_ds_instances(): matches 389ds behavior. ''' - dirsrv_instance_dir=paths.ETC_DIRSRV - instance_prefix = 'slapd-' + dirsrv_instance_dir = paths.ETC_DIRSRV instances = [] @@ -123,9 +123,10 @@ def get_ds_instances(): # Must be a directory if os.path.isdir(pathname): # Must start with prefix and not end with .removed - if basename.startswith(instance_prefix) and not basename.endswith('.removed'): + if (basename.startswith(DS_INSTANCE_PREFIX) and + not basename.endswith('.removed')): # Strip off prefix - instance = basename[len(instance_prefix):] + instance = basename[len(DS_INSTANCE_PREFIX):] # Must be non-empty if instance: instances.append(instance) @@ -774,9 +775,16 @@ class DsInstance(service.Service): self.disable() serverid = self.restore_state("serverid") - if not serverid is None: + if serverid is not None: self.stop_tracking_certificates(serverid) - erase_ds_instance_data(serverid) + root_logger.debug("Removing DS instance %s" % serverid) + try: + remove_ds_instance(serverid) + root_logger.debug("Removing DS keytab") + installutils.remove_file(paths.DS_KEYTAB) + except ipautil.CalledProcessError: + root_logger.error("Failed to remove DS instance. You may " + "need to remove instance data manually") # At one time we removed this user on uninstall. That can potentially # orphan files, or worse, if another useradd runs in the intermim, |