[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556
Author: stlaz
Title: #556: Don't allow standalone KRA uninstalls
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/556/head:pr556
git checkout pr556
From 568ed7b4b0a6b0656ac8e3e0722d227d65a31ed1 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Wed, 8 Mar 2017 16:38:12 +0100
Subject: [PATCH] Don't allow standalone KRA uninstalls
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.
https://pagure.io/freeipa/issue/6538
---
install/tools/man/ipa-kra-install.1 | 5 +--
ipaplatform/base/paths.py | 1 -
ipaserver/install/ipa_kra_install.py| 32 --
ipaserver/install/kra.py| 17 ++
ipaserver/install/server/install.py | 2 +-
ipatests/test_integration/tasks.py | 2 --
ipatests/test_integration/test_vault.py | 58 -
7 files changed, 12 insertions(+), 105 deletions(-)
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1
index e3133ee..0aa9073 100644
--- a/install/tools/man/ipa-kra-install.1
+++ b/install/tools/man/ipa-kra-install.1
@@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins
The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
-The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall.
+KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall.
.SH "OPTIONS"
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
@@ -39,9 +39,6 @@ Directory Manager (existing master) password
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP
-\fB\-\-uninstall\fR
-Uninstall the KRA from the local IPA server.
-.TP
\fB\-v\fR, \fB\-\-verbose\fR
Enable debug output when more verbose output is needed
.TP
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index f74dfa1..4fde6c6 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -309,7 +309,6 @@ class BasePathNamespace(object):
IPARESTORE_LOG = "/var/log/iparestore.log"
IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
-IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 99ff4a6..2576654 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -20,7 +20,9 @@
from __future__ import print_function
+import sys
import tempfile
+from optparse import SUPPRESS_HELP
from textwrap import dedent
from ipalib import api
@@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True):
parser.add_option(
"--uninstall",
dest="uninstall", action="store_true", default=False,
-help="uninstall an existing installation. The uninstall can "
- "be run with --unattended option")
+help=SUPPRESS_HELP)
def validate_options(self, needs_root=True):
super(KRAInstall, self).validate_options(needs_root=True)
@@ -83,33 +84,14 @@ def validate_options(self, needs_root=True):
@classmethod
def get_command_class(cls, options, args):
if options.uninstall:
-return KRAUninstaller
+sys.exit(
+'ERROR: Standalone KRA uninstallation was removed in '
+'FreeIPA 4.5 as it had never worked properly and only caused '
+'issues.')
else:
return KRAInstaller
-class KRAUninstaller(KRAInstall):
-log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG
-
-def validate_options(self, needs_root=True):
-super(KRAUninstaller, self).validate_options(needs_root=True)
-
-if self.args:
-self.option_parser.error("Too many parameters provided.")
-
-_kra = krainstance.KRAInstance(api)
-if not _kra.is_installed():
-self.option_parser.error(
-"Cannot uninstall. There is no KRA installed on this system."
-)
-
-def r
[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556
Author: stlaz
Title: #556: Don't allow standalone KRA uninstalls
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/556/head:pr556
git checkout pr556
From afe70308d78c46e9fdae3731cf46f023e798d55b Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Wed, 8 Mar 2017 16:38:12 +0100
Subject: [PATCH] Don't allow standalone KRA uninstalls
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.
https://pagure.io/freeipa/issue/6538
---
install/tools/man/ipa-kra-install.1 | 5 +--
ipaplatform/base/paths.py | 1 -
ipaserver/install/ipa_kra_install.py| 32 --
ipaserver/install/kra.py| 17 ++
ipaserver/install/server/install.py | 2 +-
ipatests/test_integration/tasks.py | 2 --
ipatests/test_integration/test_vault.py | 58 -
7 files changed, 12 insertions(+), 105 deletions(-)
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1
index e3133ee..0aa9073 100644
--- a/install/tools/man/ipa-kra-install.1
+++ b/install/tools/man/ipa-kra-install.1
@@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins
The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
-The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall.
+KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall.
.SH "OPTIONS"
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
@@ -39,9 +39,6 @@ Directory Manager (existing master) password
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP
-\fB\-\-uninstall\fR
-Uninstall the KRA from the local IPA server.
-.TP
\fB\-v\fR, \fB\-\-verbose\fR
Enable debug output when more verbose output is needed
.TP
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index e4d4f2e..ac17280 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -310,7 +310,6 @@ class BasePathNamespace(object):
IPARESTORE_LOG = "/var/log/iparestore.log"
IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
-IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 99ff4a6..2576654 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -20,7 +20,9 @@
from __future__ import print_function
+import sys
import tempfile
+from optparse import SUPPRESS_HELP
from textwrap import dedent
from ipalib import api
@@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True):
parser.add_option(
"--uninstall",
dest="uninstall", action="store_true", default=False,
-help="uninstall an existing installation. The uninstall can "
- "be run with --unattended option")
+help=SUPPRESS_HELP)
def validate_options(self, needs_root=True):
super(KRAInstall, self).validate_options(needs_root=True)
@@ -83,33 +84,14 @@ def validate_options(self, needs_root=True):
@classmethod
def get_command_class(cls, options, args):
if options.uninstall:
-return KRAUninstaller
+sys.exit(
+'ERROR: Standalone KRA uninstallation was removed in '
+'FreeIPA 4.5 as it had never worked properly and only caused '
+'issues.')
else:
return KRAInstaller
-class KRAUninstaller(KRAInstall):
-log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG
-
-def validate_options(self, needs_root=True):
-super(KRAUninstaller, self).validate_options(needs_root=True)
-
-if self.args:
-self.option_parser.error("Too many parameters provided.")
-
-_kra = krainstance.KRAInstance(api)
-if not _kra.is_installed():
-self.option_parser.error(
-"Cannot uninstall. There is no KRA installed on this system."
-)
-
-def r
[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556
Author: stlaz
Title: #556: Don't allow standalone KRA uninstalls
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/556/head:pr556
git checkout pr556
From 89c34852c6d3c245c18d15c385e8ee8810a5125d Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Wed, 8 Mar 2017 16:38:12 +0100
Subject: [PATCH] Don't allow standalone KRA uninstalls
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.
https://pagure.io/freeipa/issue/6538
---
install/tools/man/ipa-kra-install.1 | 5 +--
ipaplatform/base/paths.py | 1 -
ipaserver/install/ipa_kra_install.py| 32 --
ipaserver/install/kra.py| 17 ++
ipaserver/install/server/install.py | 2 +-
ipatests/test_integration/tasks.py | 2 --
ipatests/test_integration/test_vault.py | 58 -
7 files changed, 12 insertions(+), 105 deletions(-)
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1
index e3133ee..0aa9073 100644
--- a/install/tools/man/ipa-kra-install.1
+++ b/install/tools/man/ipa-kra-install.1
@@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins
The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
-The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall.
+KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall.
.SH "OPTIONS"
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
@@ -39,9 +39,6 @@ Directory Manager (existing master) password
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP
-\fB\-\-uninstall\fR
-Uninstall the KRA from the local IPA server.
-.TP
\fB\-v\fR, \fB\-\-verbose\fR
Enable debug output when more verbose output is needed
.TP
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index e4d4f2e..ac17280 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -310,7 +310,6 @@ class BasePathNamespace(object):
IPARESTORE_LOG = "/var/log/iparestore.log"
IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log"
IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log"
-IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log"
IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log"
IPAUPGRADE_LOG = "/var/log/ipaupgrade.log"
KADMIND_LOG = "/var/log/kadmind.log"
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 99ff4a6..510144f 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -20,7 +20,9 @@
from __future__ import print_function
+import sys
import tempfile
+from optparse import SUPPRESS_HELP
from textwrap import dedent
from ipalib import api
@@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True):
parser.add_option(
"--uninstall",
dest="uninstall", action="store_true", default=False,
-help="uninstall an existing installation. The uninstall can "
- "be run with --unattended option")
+help=SUPPRESS_HELP)
def validate_options(self, needs_root=True):
super(KRAInstall, self).validate_options(needs_root=True)
@@ -83,33 +84,14 @@ def validate_options(self, needs_root=True):
@classmethod
def get_command_class(cls, options, args):
if options.uninstall:
-return KRAUninstaller
+sys.exit(
+'ERROR: Standalone KRA uninstallation was removed in '
+'FreeIPA 4.5 as it had never worker properly and only caused '
+'issues.')
else:
return KRAInstaller
-class KRAUninstaller(KRAInstall):
-log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG
-
-def validate_options(self, needs_root=True):
-super(KRAUninstaller, self).validate_options(needs_root=True)
-
-if self.args:
-self.option_parser.error("Too many parameters provided.")
-
-_kra = krainstance.KRAInstance(api)
-if not _kra.is_installed():
-self.option_parser.error(
-"Cannot uninstall. There is no KRA installed on this system."
-)
-
-def r
[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556
Author: stlaz
Title: #556: Don't allow standalone KRA uninstalls
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/556/head:pr556
git checkout pr556
From a810189cf08d310974c6bd150c442fe33d601c3a Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Wed, 8 Mar 2017 16:38:12 +0100
Subject: [PATCH] Don't allow standalone KRA uninstalls
KRA uninstallation is very likely to break the user's setup. Don't
allow it at least till we can be safely sure we are able to remove
it in a standalone manner without breaking anything.
https://pagure.io/freeipa/issue/6538
---
install/tools/man/ipa-kra-install.1 | 5 +--
ipaserver/install/ipa_kra_install.py| 32 --
ipaserver/install/kra.py| 17 ++
ipaserver/install/server/install.py | 2 +-
ipatests/test_integration/tasks.py | 2 --
ipatests/test_integration/test_vault.py | 58 -
6 files changed, 12 insertions(+), 104 deletions(-)
diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1
index e3133ee..0aa9073 100644
--- a/install/tools/man/ipa-kra-install.1
+++ b/install/tools/man/ipa-kra-install.1
@@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins
The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates.
-The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall.
+KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall.
.SH "OPTIONS"
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
Directory Manager (existing master) password
@@ -39,9 +39,6 @@ Directory Manager (existing master) password
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP
-\fB\-\-uninstall\fR
-Uninstall the KRA from the local IPA server.
-.TP
\fB\-v\fR, \fB\-\-verbose\fR
Enable debug output when more verbose output is needed
.TP
diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py
index 99ff4a6..510144f 100644
--- a/ipaserver/install/ipa_kra_install.py
+++ b/ipaserver/install/ipa_kra_install.py
@@ -20,7 +20,9 @@
from __future__ import print_function
+import sys
import tempfile
+from optparse import SUPPRESS_HELP
from textwrap import dedent
from ipalib import api
@@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True):
parser.add_option(
"--uninstall",
dest="uninstall", action="store_true", default=False,
-help="uninstall an existing installation. The uninstall can "
- "be run with --unattended option")
+help=SUPPRESS_HELP)
def validate_options(self, needs_root=True):
super(KRAInstall, self).validate_options(needs_root=True)
@@ -83,33 +84,14 @@ def validate_options(self, needs_root=True):
@classmethod
def get_command_class(cls, options, args):
if options.uninstall:
-return KRAUninstaller
+sys.exit(
+'ERROR: Standalone KRA uninstallation was removed in '
+'FreeIPA 4.5 as it had never worker properly and only caused '
+'issues.')
else:
return KRAInstaller
-class KRAUninstaller(KRAInstall):
-log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG
-
-def validate_options(self, needs_root=True):
-super(KRAUninstaller, self).validate_options(needs_root=True)
-
-if self.args:
-self.option_parser.error("Too many parameters provided.")
-
-_kra = krainstance.KRAInstance(api)
-if not _kra.is_installed():
-self.option_parser.error(
-"Cannot uninstall. There is no KRA installed on this system."
-)
-
-def run(self):
-super(KRAUninstaller, self).run()
-api.Backend.ldap2.connect()
-kra.uninstall(True)
-api.Backend.ldap2.disconnect()
-
-
class KRAInstaller(KRAInstall):
log_file_name = paths.IPASERVER_KRA_INSTALL_LOG
diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py
index 5a7a6ef..c39472a 100644
--- a/ipaserver/install/kra.py
+++ b/ipaserver/install/kra.py
@@ -9,12 +9,11 @@
import os
import shutil
-from ipalib import api, errors
+from ipalib import api
from ipaplatform import services
from ipaplatform.paths import paths
from ipapython import certdb
from ipapython import ipautil
-from ipapython.dn import DN
