URL: https://github.com/freeipa/freeipa/pull/1776
Author: tiran
 Title: #1776: Provide ldap_uri in Custodia uninstaller
Action: opened

PR body:
"""
Without ldap_uri, IPAKEMKeys parses /etc/ipa/default.conf. During
uninstallation, the file may no longer contain ldap_uri. This workaround
is required for test case
test_replica_promotion.py::TestReplicaPromotionLevel0::test_promotion_disabled

Fixes: https://pagure.io/freeipa/issue/7474
Co-authored-by: Felipe Barreto <fbarr...@redhat.com>
Signed-off-by: Christian Heimes <chei...@redhat.com>

Alternative solution for #1772
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1776/head:pr1776
git checkout pr1776
From 0fdae20d9e422e8ec699c2080303a7615432624f Mon Sep 17 00:00:00 2001
From: Christian Heimes <chei...@redhat.com>
Date: Wed, 4 Apr 2018 17:10:27 +0200
Subject: [PATCH] Provide ldap_uri in Custodia uninstaller

Without ldap_uri, IPAKEMKeys parses /etc/ipa/default.conf. During
uninstallation, the file may no longer contain ldap_uri. This workaround
is required for test case
test_replica_promotion.py::TestReplicaPromotionLevel0::test_promotion_disabled

Fixes: https://pagure.io/freeipa/issue/7474
Co-authored-by: Felipe Barreto <fbarr...@redhat.com>
Signed-off-by: Christian Heimes <chei...@redhat.com>
---
 .freeipa-pr-ci.yaml                   | 11 +++++++++++
 ipaserver/install/custodiainstance.py | 14 ++------------
 ipaserver/install/server/install.py   |  4 +++-
 3 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/.freeipa-pr-ci.yaml b/.freeipa-pr-ci.yaml
index 1c261141f0..4927bb4b2a 100644
--- a/.freeipa-pr-ci.yaml
+++ b/.freeipa-pr-ci.yaml
@@ -195,3 +195,14 @@ jobs:
         timeout: 10800
         topology: *master_1repl
 
+  fedora-27/test_replica_promotion_TestReplicaPromotionLevel0:
+    requires: [fedora-27/build]
+    priority: 50
+    job:
+      class: RunPytest
+      args:
+        build_url: '{fedora-27/build_url}'
+        test_suite: test_integration/test_replica_promotion.py::TestReplicaPromotionLevel0
+        template: *ci-master-f27
+        timeout: 8000
+        topology: *master_1repl
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
index d1d6506b10..159976f552 100644
--- a/ipaserver/install/custodiainstance.py
+++ b/ipaserver/install/custodiainstance.py
@@ -16,7 +16,6 @@
 from ipaserver.install import sysupgrade
 from base64 import b64decode
 from jwcrypto.common import json_decode
-import ldap
 import shutil
 import os
 import stat
@@ -28,11 +27,11 @@
 
 
 class CustodiaInstance(SimpleServiceInstance):
-    def __init__(self, host_name=None, realm=None):
+    def __init__(self, host_name=None, realm=None, ldap_uri=None):
         super(CustodiaInstance, self).__init__("ipa-custodia")
         self.config_file = paths.IPA_CUSTODIA_CONF
         self.server_keys = paths.IPA_CUSTODIA_KEYS
-        self.ldap_uri = None
+        self.ldap_uri = ldap_uri
         self.fqdn = host_name
         self.realm = realm
 
@@ -71,16 +70,7 @@ def uninstall(self):
             'server_keys': self.server_keys,
             'ldap_uri': self.ldap_uri
         })
-        # Call remove_server_keys_file explicitly to ensure that the key
-        # file is always removed.
         keystore.remove_server_keys_file()
-        try:
-            keystore.remove_server_keys()
-        except (ldap.CONNECT_ERROR, ldap.SERVER_DOWN):
-            logger.debug(
-                "Cannot remove custodia keys now, server_del takes care of "
-                "them later."
-            )
         installutils.remove_file(self.config_file)
         sysupgrade.set_upgrade_state('custodia', 'installed', False)
 
diff --git a/ipaserver/install/server/install.py b/ipaserver/install/server/install.py
index 8a009db7da..2487834778 100644
--- a/ipaserver/install/server/install.py
+++ b/ipaserver/install/server/install.py
@@ -1104,7 +1104,9 @@ def uninstall(installer):
     dsinstance.DsInstance(fstore=fstore).uninstall()
     if _server_trust_ad_installed:
         adtrustinstance.ADTRUSTInstance(fstore).uninstall()
-    custodiainstance.CustodiaInstance().uninstall()
+    # ldap_uri isn't used, but IPAKEMKeys parses /etc/ipa/default.conf
+    # otherwise, see https://pagure.io/freeipa/issue/7474 .
+    custodiainstance.CustodiaInstance(ldap_uri=api.env.ldap_uri).uninstall()
     otpdinstance.OtpdInstance().uninstall()
     tasks.restore_hostname(fstore, sstore)
     fstore.restore_all_files()
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to