diff options
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 112 | ||||
-rw-r--r-- | ipapython/sysrestore.py | 15 |
2 files changed, 110 insertions, 17 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index a9408eed7..aca6e3912 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -185,6 +185,37 @@ def nssldap_exists(): return (retval, files_found) +# helper function for uninstall +# deletes IPA domain from sssd.conf +def delete_ipa_domain(): + sssd = ipaservices.service('sssd') + try: + sssdconfig = SSSDConfig.SSSDConfig() + sssdconfig.import_config() + domains = sssdconfig.list_active_domains() + + ipa_domain_name = None + + for name in domains: + domain = sssdconfig.get_domain(name) + try: + provider = domain.get_option('id_provider') + if provider == "ipa": + ipa_domain_name = name + break + except SSSDConfig.NoOptionError: + continue + + if ipa_domain_name is not None: + sssdconfig.delete_domain(ipa_domain_name) + sssdconfig.write() + else: + root_logger.warning("IPA domain could not be found in " + "/etc/sssd/sssd.conf and therefore not deleted") + except IOError: + root_logger.warning("IPA domain could not be deleted. " + "No access to the /etc/sssd/sssd.conf file.") + def uninstall(options, env): if not fstore.has_files(): @@ -214,7 +245,12 @@ def uninstall(options, env): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() domains = sssdconfig.list_active_domains() - if len(domains) > 1: + all_domains = sssdconfig.list_domains() + + # we consider all the domains, because handling sssd.conf + # during uninstall is dependant on was_sssd_configured flag + # so the user does not lose info about inactive domains + if len(all_domains) > 1: # There was more than IPA domain configured was_sssd_configured = True for name in domains: @@ -351,6 +387,66 @@ def uninstall(options, env): "Failed to remove krb5/LDAP configuration: %s", str(e)) return CLIENT_INSTALL_ERROR + # Next if-elif-elif construction deals with sssd.conf file. + # Old pre-IPA domains are preserved due merging the old sssd.conf + # during the installation of ipa-client but any new domains are + # only present in sssd.conf now, so we don't want to delete them + # by rewriting sssd.conf file. IPA domain is removed gracefully. + + # SSSD was installed before our installation and other non-IPA domains + # found, restore backed up sssd.conf to sssd.conf.bkp and remove IPA + # domain from the current sssd.conf + if was_sssd_installed and was_sssd_configured: + root_logger.info( + "The original configuration of SSSD included other domains than " + + "the IPA-based one.") + + delete_ipa_domain() + + + restored = False + try: + restored = fstore.restore_file("/etc/sssd/sssd.conf","/etc/sssd/sssd.conf.bkp") + except OSError: + root_logger.debug("Error while restoring pre-IPA /etc/sssd/sssd.conf.") + + if restored: + root_logger.info("Original pre-IPA SSSD configuration file was " + "restored to /etc/sssd/sssd.conf.bkp.") + + root_logger.info("IPA domain removed from current one, " + + "restarting SSSD service") + sssd = ipaservices.service('sssd') + try: + sssd.restart() + except CalledProcessError: + root_logger.warning("SSSD service restart was unsuccessful.") + + # SSSD was not installed before our installation, but other domains found, + # delete IPA domain, but leave other domains intact + elif not was_sssd_installed and was_sssd_configured: + delete_ipa_domain() + root_logger.info("Other domains than IPA domain found, " + + "IPA domain was removed from /etc/sssd/sssd.conf.") + + sssd = ipaservices.service('sssd') + try: + sssd.restart() + except CalledProcessError: + root_logger.warning("SSSD service restart was unsuccessful.") + + # SSSD was not installed before our installation, and no other domains + # than IPA are configured in sssd.conf - make sure config file is removed + elif not was_sssd_installed and not was_sssd_configured: + try: + os.rename("/etc/sssd/sssd.conf","/etc/sssd/sssd.conf.deleted") + except OSError: + root_logger.debug("Error while moving /etc/sssd/sssd.conf to " + "/etc/sssd/sssd.conf.deleted") + + root_logger.info("Redundant SSSD configuration file " + + "/etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted") + if fstore.has_files(): root_logger.info("Restoring client configuration files") fstore.restore_all_files() @@ -430,20 +526,6 @@ def uninstall(options, env): if was_sshd_configured and ipaservices.knownservices.sshd.is_running(): ipaservices.knownservices.sshd.restart() - if was_sssd_installed and was_sssd_configured: - # SSSD was installed before our installation, config now is restored, restart it - root_logger.info( - "The original configuration of SSSD included other domains than " + - "the IPA-based one.") - root_logger.info( - "Original configuration file was restored, restarting SSSD " + - "service.") - sssd = ipaservices.service('sssd') - try: - sssd.restart() - except CalledProcessError: - root_logger.warning("SSSD service restart was unsuccessful.") - if not options.unattended: root_logger.info( "The original nsswitch.conf configuration has been restored.") diff --git a/ipapython/sysrestore.py b/ipapython/sysrestore.py index 7720fd6e3..2c4741f3d 100644 --- a/ipapython/sysrestore.py +++ b/ipapython/sysrestore.py @@ -143,18 +143,26 @@ class FileStore: break return result - def restore_file(self, path): + def restore_file(self, path, new_path = None): """Restore the copy of a file at @path to its original location and delete the copy. + Takes optional parameter @new_path which specifies the + location where the file is to be restored. + Returns #True if the file was restored, #False if there was no backup file to restore """ - root_logger.debug("Restoring system configuration file '%s'", path) + if new_path is None: + root_logger.debug("Restoring system configuration file '%s'", path) + else: + root_logger.debug("Restoring system configuration file '%s' to '%s'", path, new_path) if not os.path.isabs(path): raise ValueError("Absolute path required") + if new_path is not None and not os.path.isabs(new_path): + raise ValueError("Absolute new path required") mode = None uid = None @@ -175,6 +183,9 @@ class FileStore: root_logger.debug(" -> Not restoring - '%s' doesn't exist", backup_path) return False + if new_path is not None: + path = new_path + shutil.move(backup_path, path) os.chown(path, int(uid), int(gid)) os.chmod(path, int(mode)) |