[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From 568ed7b4b0a6b0656ac8e3e0722d227d65a31ed1 Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 8 Mar 2017 16:38:12 +0100 Subject: [PATCH] Don't allow standalone KRA uninstalls KRA uninstallation is very likely to break the user's setup. Don't allow it at least till we can be safely sure we are able to remove it in a standalone manner without breaking anything. https://pagure.io/freeipa/issue/6538 --- install/tools/man/ipa-kra-install.1 | 5 +-- ipaplatform/base/paths.py | 1 - ipaserver/install/ipa_kra_install.py| 32 -- ipaserver/install/kra.py| 17 ++ ipaserver/install/server/install.py | 2 +- ipatests/test_integration/tasks.py | 2 -- ipatests/test_integration/test_vault.py | 58 - 7 files changed, 12 insertions(+), 105 deletions(-) diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1 index e3133ee..0aa9073 100644 --- a/install/tools/man/ipa-kra-install.1 +++ b/install/tools/man/ipa-kra-install.1 @@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates. -The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall. +KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall. .SH "OPTIONS" \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password @@ -39,9 +39,6 @@ Directory Manager (existing master) password \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .TP -\fB\-\-uninstall\fR -Uninstall the KRA from the local IPA server. -.TP \fB\-v\fR, \fB\-\-verbose\fR Enable debug output when more verbose output is needed .TP diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index f74dfa1..4fde6c6 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -309,7 +309,6 @@ class BasePathNamespace(object): IPARESTORE_LOG = "/var/log/iparestore.log" IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log" IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log" -IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log" IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log" IPAUPGRADE_LOG = "/var/log/ipaupgrade.log" KADMIND_LOG = "/var/log/kadmind.log" diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 99ff4a6..2576654 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -20,7 +20,9 @@ from __future__ import print_function +import sys import tempfile +from optparse import SUPPRESS_HELP from textwrap import dedent from ipalib import api @@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True): parser.add_option( "--uninstall", dest="uninstall", action="store_true", default=False, -help="uninstall an existing installation. The uninstall can " - "be run with --unattended option") +help=SUPPRESS_HELP) def validate_options(self, needs_root=True): super(KRAInstall, self).validate_options(needs_root=True) @@ -83,33 +84,14 @@ def validate_options(self, needs_root=True): @classmethod def get_command_class(cls, options, args): if options.uninstall: -return KRAUninstaller +sys.exit( +'ERROR: Standalone KRA uninstallation was removed in ' +'FreeIPA 4.5 as it had never worked properly and only caused ' +'issues.') else: return KRAInstaller -class KRAUninstaller(KRAInstall): -log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG - -def validate_options(self, needs_root=True): -super(KRAUninstaller, self).validate_options(needs_root=True) - -if self.args: -self.option_parser.error("Too many parameters provided.") - -_kra = krainstance.KRAInstance(api) -if not _kra.is_installed(): -self.option_parser.error( -"Cannot uninstall. There is no KRA installed on this system." -) - -def r
[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From afe70308d78c46e9fdae3731cf46f023e798d55b Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 8 Mar 2017 16:38:12 +0100 Subject: [PATCH] Don't allow standalone KRA uninstalls KRA uninstallation is very likely to break the user's setup. Don't allow it at least till we can be safely sure we are able to remove it in a standalone manner without breaking anything. https://pagure.io/freeipa/issue/6538 --- install/tools/man/ipa-kra-install.1 | 5 +-- ipaplatform/base/paths.py | 1 - ipaserver/install/ipa_kra_install.py| 32 -- ipaserver/install/kra.py| 17 ++ ipaserver/install/server/install.py | 2 +- ipatests/test_integration/tasks.py | 2 -- ipatests/test_integration/test_vault.py | 58 - 7 files changed, 12 insertions(+), 105 deletions(-) diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1 index e3133ee..0aa9073 100644 --- a/install/tools/man/ipa-kra-install.1 +++ b/install/tools/man/ipa-kra-install.1 @@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates. -The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall. +KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall. .SH "OPTIONS" \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password @@ -39,9 +39,6 @@ Directory Manager (existing master) password \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .TP -\fB\-\-uninstall\fR -Uninstall the KRA from the local IPA server. -.TP \fB\-v\fR, \fB\-\-verbose\fR Enable debug output when more verbose output is needed .TP diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index e4d4f2e..ac17280 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -310,7 +310,6 @@ class BasePathNamespace(object): IPARESTORE_LOG = "/var/log/iparestore.log" IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log" IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log" -IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log" IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log" IPAUPGRADE_LOG = "/var/log/ipaupgrade.log" KADMIND_LOG = "/var/log/kadmind.log" diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 99ff4a6..2576654 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -20,7 +20,9 @@ from __future__ import print_function +import sys import tempfile +from optparse import SUPPRESS_HELP from textwrap import dedent from ipalib import api @@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True): parser.add_option( "--uninstall", dest="uninstall", action="store_true", default=False, -help="uninstall an existing installation. The uninstall can " - "be run with --unattended option") +help=SUPPRESS_HELP) def validate_options(self, needs_root=True): super(KRAInstall, self).validate_options(needs_root=True) @@ -83,33 +84,14 @@ def validate_options(self, needs_root=True): @classmethod def get_command_class(cls, options, args): if options.uninstall: -return KRAUninstaller +sys.exit( +'ERROR: Standalone KRA uninstallation was removed in ' +'FreeIPA 4.5 as it had never worked properly and only caused ' +'issues.') else: return KRAInstaller -class KRAUninstaller(KRAInstall): -log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG - -def validate_options(self, needs_root=True): -super(KRAUninstaller, self).validate_options(needs_root=True) - -if self.args: -self.option_parser.error("Too many parameters provided.") - -_kra = krainstance.KRAInstance(api) -if not _kra.is_installed(): -self.option_parser.error( -"Cannot uninstall. There is no KRA installed on this system." -) - -def r
[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From 89c34852c6d3c245c18d15c385e8ee8810a5125d Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 8 Mar 2017 16:38:12 +0100 Subject: [PATCH] Don't allow standalone KRA uninstalls KRA uninstallation is very likely to break the user's setup. Don't allow it at least till we can be safely sure we are able to remove it in a standalone manner without breaking anything. https://pagure.io/freeipa/issue/6538 --- install/tools/man/ipa-kra-install.1 | 5 +-- ipaplatform/base/paths.py | 1 - ipaserver/install/ipa_kra_install.py| 32 -- ipaserver/install/kra.py| 17 ++ ipaserver/install/server/install.py | 2 +- ipatests/test_integration/tasks.py | 2 -- ipatests/test_integration/test_vault.py | 58 - 7 files changed, 12 insertions(+), 105 deletions(-) diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1 index e3133ee..0aa9073 100644 --- a/install/tools/man/ipa-kra-install.1 +++ b/install/tools/man/ipa-kra-install.1 @@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates. -The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall. +KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall. .SH "OPTIONS" \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password @@ -39,9 +39,6 @@ Directory Manager (existing master) password \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .TP -\fB\-\-uninstall\fR -Uninstall the KRA from the local IPA server. -.TP \fB\-v\fR, \fB\-\-verbose\fR Enable debug output when more verbose output is needed .TP diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index e4d4f2e..ac17280 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -310,7 +310,6 @@ class BasePathNamespace(object): IPARESTORE_LOG = "/var/log/iparestore.log" IPASERVER_INSTALL_LOG = "/var/log/ipaserver-install.log" IPASERVER_KRA_INSTALL_LOG = "/var/log/ipaserver-kra-install.log" -IPASERVER_KRA_UNINSTALL_LOG = "/var/log/ipaserver-kra-uninstall.log" IPASERVER_UNINSTALL_LOG = "/var/log/ipaserver-uninstall.log" IPAUPGRADE_LOG = "/var/log/ipaupgrade.log" KADMIND_LOG = "/var/log/kadmind.log" diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 99ff4a6..510144f 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -20,7 +20,9 @@ from __future__ import print_function +import sys import tempfile +from optparse import SUPPRESS_HELP from textwrap import dedent from ipalib import api @@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True): parser.add_option( "--uninstall", dest="uninstall", action="store_true", default=False, -help="uninstall an existing installation. The uninstall can " - "be run with --unattended option") +help=SUPPRESS_HELP) def validate_options(self, needs_root=True): super(KRAInstall, self).validate_options(needs_root=True) @@ -83,33 +84,14 @@ def validate_options(self, needs_root=True): @classmethod def get_command_class(cls, options, args): if options.uninstall: -return KRAUninstaller +sys.exit( +'ERROR: Standalone KRA uninstallation was removed in ' +'FreeIPA 4.5 as it had never worker properly and only caused ' +'issues.') else: return KRAInstaller -class KRAUninstaller(KRAInstall): -log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG - -def validate_options(self, needs_root=True): -super(KRAUninstaller, self).validate_options(needs_root=True) - -if self.args: -self.option_parser.error("Too many parameters provided.") - -_kra = krainstance.KRAInstance(api) -if not _kra.is_installed(): -self.option_parser.error( -"Cannot uninstall. There is no KRA installed on this system." -) - -def r
[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From a810189cf08d310974c6bd150c442fe33d601c3a Mon Sep 17 00:00:00 2001 From: Stanislav Laznicka Date: Wed, 8 Mar 2017 16:38:12 +0100 Subject: [PATCH] Don't allow standalone KRA uninstalls KRA uninstallation is very likely to break the user's setup. Don't allow it at least till we can be safely sure we are able to remove it in a standalone manner without breaking anything. https://pagure.io/freeipa/issue/6538 --- install/tools/man/ipa-kra-install.1 | 5 +-- ipaserver/install/ipa_kra_install.py| 32 -- ipaserver/install/kra.py| 17 ++ ipaserver/install/server/install.py | 2 +- ipatests/test_integration/tasks.py | 2 -- ipatests/test_integration/test_vault.py | 58 - 6 files changed, 12 insertions(+), 104 deletions(-) diff --git a/install/tools/man/ipa-kra-install.1 b/install/tools/man/ipa-kra-install.1 index e3133ee..0aa9073 100644 --- a/install/tools/man/ipa-kra-install.1 +++ b/install/tools/man/ipa-kra-install.1 @@ -31,7 +31,7 @@ ipa\-kra\-install will contact the CA to determine if a KRA has already been ins The replica_file is created using the ipa\-replica\-prepare utility. A new replica_file should be generated on the master IPA server after the KRA has been installed and configured, so that the replica_file will contain the master KRA configuration and system certificates. -The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other replicas are not affected. The KRA will also be removed if the entire server is removed using ipa\-server\-install \-\-uninstall. +KRA can only be removed along with the entire server using ipa\-server\-install \-\-uninstall. .SH "OPTIONS" \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password @@ -39,9 +39,6 @@ Directory Manager (existing master) password \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .TP -\fB\-\-uninstall\fR -Uninstall the KRA from the local IPA server. -.TP \fB\-v\fR, \fB\-\-verbose\fR Enable debug output when more verbose output is needed .TP diff --git a/ipaserver/install/ipa_kra_install.py b/ipaserver/install/ipa_kra_install.py index 99ff4a6..510144f 100644 --- a/ipaserver/install/ipa_kra_install.py +++ b/ipaserver/install/ipa_kra_install.py @@ -20,7 +20,9 @@ from __future__ import print_function +import sys import tempfile +from optparse import SUPPRESS_HELP from textwrap import dedent from ipalib import api @@ -69,8 +71,7 @@ def add_options(cls, parser, debug_option=True): parser.add_option( "--uninstall", dest="uninstall", action="store_true", default=False, -help="uninstall an existing installation. The uninstall can " - "be run with --unattended option") +help=SUPPRESS_HELP) def validate_options(self, needs_root=True): super(KRAInstall, self).validate_options(needs_root=True) @@ -83,33 +84,14 @@ def validate_options(self, needs_root=True): @classmethod def get_command_class(cls, options, args): if options.uninstall: -return KRAUninstaller +sys.exit( +'ERROR: Standalone KRA uninstallation was removed in ' +'FreeIPA 4.5 as it had never worker properly and only caused ' +'issues.') else: return KRAInstaller -class KRAUninstaller(KRAInstall): -log_file_name = paths.IPASERVER_KRA_UNINSTALL_LOG - -def validate_options(self, needs_root=True): -super(KRAUninstaller, self).validate_options(needs_root=True) - -if self.args: -self.option_parser.error("Too many parameters provided.") - -_kra = krainstance.KRAInstance(api) -if not _kra.is_installed(): -self.option_parser.error( -"Cannot uninstall. There is no KRA installed on this system." -) - -def run(self): -super(KRAUninstaller, self).run() -api.Backend.ldap2.connect() -kra.uninstall(True) -api.Backend.ldap2.disconnect() - - class KRAInstaller(KRAInstall): log_file_name = paths.IPASERVER_KRA_INSTALL_LOG diff --git a/ipaserver/install/kra.py b/ipaserver/install/kra.py index 5a7a6ef..c39472a 100644 --- a/ipaserver/install/kra.py +++ b/ipaserver/install/kra.py @@ -9,12 +9,11 @@ import os import shutil -from ipalib import api, errors +from ipalib import api from ipaplatform import services from ipaplatform.paths import paths from ipapython import certdb from ipapython import ipautil -from ipapython.dn import DN