Hi, During the promote_check phase, the subsequent checks after the machine is enrolled may cause the installation to abort, hence leaving it enrolled even though it might not have been prior to the execution of the ipa-replica-install command.
Make sure that ipa-client-install --uninstall is called on the machine that has not been enrolled before in case of failure during the promote_check phase. https://fedorahosted.org/freeipa/ticket/5529
From 183cea1e3a7efd8574d6b74b9181485e6cf7d19b Mon Sep 17 00:00:00 2001 From: Tomas Babej <[email protected]> Date: Thu, 10 Dec 2015 14:10:18 +0100 Subject: [PATCH] replicainstall: Make sure the enrollment state is preserved During the promote_check phase, the subsequent checks after the machine is enrolled may cause the installation to abort, hence leaving it enrolled even though it might not have been prior to the execution of the ipa-replica-install command. Make sure that ipa-client-install --uninstall is called on the machine that has not been enrolled before in case of failure during the promote_check phase. https://fedorahosted.org/freeipa/ticket/5529 --- ipaserver/install/server/replicainstall.py | 32 ++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/ipaserver/install/server/replicainstall.py b/ipaserver/install/server/replicainstall.py index 4443bfd437f5b291182f65dd2a1ad2afe0ff89bc..70f3351618207e8bc8351690a0cf2571072d30bf 100644 --- a/ipaserver/install/server/replicainstall.py +++ b/ipaserver/install/server/replicainstall.py @@ -385,6 +385,34 @@ def common_cleanup(func): return decorated +def preserve_enrollment_state(func): + """ + Makes sure the machine is unenrollled if the decorated function + failed. + """ + def decorated(installer): + try: + func(installer) + except BaseException: + if installer._enrollment_performed: + uninstall_client(installer) + raise + + return decorated + + +def uninstall_client(installer): + """ + Attempts to unenroll the IPA client using the ipa-client-install utility. + + An unsuccessful attempt to uninstall is ignored (no exception raised). + """ + + print("Removing client side components") + ipautil.run([paths.IPA_CLIENT_INSTALL, "--unattended", "--uninstall"], + raiseonerr=False) + + def promote_sssd(host_name): sssdconfig = SSSDConfig.SSSDConfig() sssdconfig.import_config() @@ -786,6 +814,8 @@ def ensure_enrolled(installer): # Call client install script service.print_msg("Configuring client side components") try: + installer._enrollment_performed = True + args = [paths.IPA_CLIENT_INSTALL, "--unattended"] if installer.domain_name: args.extend(["--domain", installer.domain_name]) @@ -821,9 +851,11 @@ def ensure_enrolled(installer): "ipa-client-install returned: " + str(e)) @common_cleanup +@preserve_enrollment_state def promote_check(installer): options = installer + installer._enrollment_performed = False installer._top_dir = tempfile.mkdtemp("ipa") tasks.check_selinux_status() -- 2.5.0
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
