server uninstall fails to remove krb principals

This patch fixes the 3rd issue of ticket 6012:
ipa-server-install --uninstall -U
complains while removing Kerberos service principals from /etc/krb5.keytab
----
Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r DOM-221.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM' returned non-zero exit status 5
----

This happens because the uninstaller performs the following sequence:
1/ restore pre-install files, including /etc/krb5.keytab
At this point /etc/krb5.keytab does not contain any principal for
IPA domain
2/ call ipa-client-install --uninstall, which in turns runs
ipa-rmkeytab -k /etc/krb5.keytab -r <domain>
to remove the principals.

The fix ignores ipa-rmkeytab's exit code 5 (Principal name or realm not
found in keytab)

https://fedorahosted.org/freeipa/ticket/6012

Reviewed-By: Martin Basti <mbasti@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/client/ipa-client-install b/client/ipa-client-install
index 3c323173c..05b6b6e0d 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -614,6 +614,13 @@ def uninstall(options, env):
             fp.close()
             realm = parser.get('global', 'realm')
             run([paths.IPA_RMKEYTAB, "-k", paths.KRB5_KEYTAB, "-r", realm])
+        except CalledProcessError as err:
+            if err.returncode != 5:
+                # 5 means Principal name or realm not found in keytab
+                # and can be ignored
+                root_logger.error(
+                    "Failed to remove Kerberos service principals: %s",
+                    str(err))
         except Exception as e:
             root_logger.error(
                 "Failed to remove Kerberos service principals: %s", str(e))