On 01/22/2015 11:04 AM, Martin Babinsky wrote:
The attached patch addresses https://fedorahosted.org/freeipa/ticket/4487.

Using 'remove-ds.pl' script from 389-ds during server/replica
uninstallation should allow for cleaner removal of DS instance with no
leftovers (opened ports etc).

Martin^3


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Thanks to Martin^2 for explaining the rules governing the placement of new attributes into BasePathNamespace class.

Attaching updated patch.

Martin^3
From e89896f1dc4b04f34e19dd5e563209dde2771f2e Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 21 Jan 2015 13:40:36 +0100
Subject: [PATCH] Use 'remove-ds.pl' to remove DS instance

The patch adds a function which calls 'remove-ds.pl' during DS instance
removal. This should allow for a more thorough removal of DS related data
during server uninstallation (such as closing custom ports, cleaning up
slapd-* entries etc.)

This patch is related to https://fedorahosted.org/freeipa/ticket/4487.
---
 ipaplatform/base/paths.py       |  1 +
 ipaserver/install/dsinstance.py | 35 +++++++++++++++++++++++++++++++++--
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 5c52714abaf7c5bddbeb80c68bd7cd6e0cac4459..22a3b9bb90d8b75278cb853d9b15de606db0602b 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -224,6 +224,7 @@ class BasePathNamespace(object):
     NTPD = "/usr/sbin/ntpd"
     PKIDESTROY = "/usr/sbin/pkidestroy"
     PKISPAWN = "/usr/sbin/pkispawn"
+    REMOVE_DS_PL = "/usr/sbin/remove-ds.pl"
     RESTORECON = "/usr/sbin/restorecon"
     SELINUXENABLED = "/usr/sbin/selinuxenabled"
     SETSEBOOL = "/usr/sbin/setsebool"
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 66267f4cdde548266b15594e3640bf8247c64859..3a466f5e91d9d303de05d0e0ce55d9e05ce0d20e 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -105,6 +105,31 @@ def erase_ds_instance_data(serverid):
 #    except:
 #        pass
 
+
+def remove_ds_instance(serverid, force=False):
+    """A wrapper around the 'remove-ds.pl' script used by
+    389ds to remove a single directory server instance. In case of error
+    additional call with the '-f' flag is performed (forced removal). If this
+    also fails, then an exception is raised.
+    """
+    instance_name = '-'.join(['slapd', serverid])
+    args = [paths.REMOVE_DS_PL, '-i', instance_name]
+    if force:
+        args.append('-f')
+        root_logger.debug("Forcing instance removal")
+
+    try:
+        ipautil.run(args)
+    except ipautil.CalledProcessError:
+        if force:
+            root_logger.debug(("Instance removal failed. "
+                               "Manual cleanup required"))
+            raise
+        root_logger.debug(("'%s' failed. "
+                           "Attempting to force removal" % paths.REMOVE_DS_PL))
+        remove_ds_instance(serverid, force=True)
+
+
 def get_ds_instances():
     '''
     Return a sorted list of all 389ds instances.
@@ -774,9 +799,15 @@ class DsInstance(service.Service):
             self.disable()
 
         serverid = self.restore_state("serverid")
-        if not serverid is None:
+        if serverid is not None:
             self.stop_tracking_certificates(serverid)
-            erase_ds_instance_data(serverid)
+            root_logger.debug("Removing DS instance %s" % serverid)
+            try:
+                remove_ds_instance(serverid)
+            except ipautil.CalledProcessError:
+                root_logger.error("Failed to remove DS instance.")
+                root_logger.debug("Cleaning up instance data manually.")
+                erase_ds_instance_data(serverid)
 
         # At one time we removed this user on uninstall. That can potentially
         # orphan files, or worse, if another useradd runs in the intermim,
-- 
2.1.0

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to