On 12.07.2016 16:45, Christian Heimes wrote:
Custodia's server.keys file contain the private RSA keys for encrypting
and signing Custodia messages. The file was created with permission 644
and is only secured by permission 700 of the directory
/etc/ipa/custodia. The installer and upgrader ensure that the file
has 600.
The server.keys file and all keys are now removed when during
uninstallation of a server, too.
https://bugzilla.redhat.com/show_bug.cgi?id=1353936
https://fedorahosted.org/freeipa/ticket/6015
https://fedorahosted.org/freeipa/ticket/6056
NACK
ipa-server-install --uninstall doesn't work
2016-07-19T15:00:34Z INFO Remove Custodia keys
2016-07-19T15:00:34Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 91, in _handle_exception
super(Continuous, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 446, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 394, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 362, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py",
line 359, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py",
line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/common.py",
line 71, in _uninstall
for nothing in self._uninstaller(self.parent):
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1367, in main
uninstall(self)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 265, in decorated
func(installer)
File
"/usr/lib/python2.7/site-packages/ipaserver/install/server/install.py",
line 1075, in uninstall
custodiainstance.CustodiaInstance().uninstall()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py",
line 88, in uninstall
self.__remove_keys()
File
"/usr/lib/python2.7/site-packages/ipaserver/install/custodiainstance.py",
line 74, in __remove_keys
keystore.remove_server_keys()
File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py",
line 224, in remove_server_keys
self.remove_keys('host')
File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py",
line 231, in remove_keys
ldapconn.remove_key(KEY_USAGE_SIG, principal)
File "/usr/lib/python2.7/site-packages/ipapython/secrets/kem.py",
line 145, in remove_key
conn = self.connect()
File "/usr/lib/python2.7/site-packages/ipapython/secrets/common.py",
line 38, in connect
conn.sasl_interactive_bind_s('', auth_tokens)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
244, in sasl_interactive_bind_s
return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
File "/usr/lib64/python2.7/site-packages/ldap/ldapobject.py", line
106, in _ldap_call
result = func(*args,**kwargs)
SERVER_DOWN: {'desc': "Can't contact LDAP server"}
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code