Re: [Freeipa-devel] [PATCH] 0011 server uninstall fails to remove krb principals

2016-07-20 Thread Martin Basti 



On 19.07.2016 12:56, Petr Vobornik wrote:

On 07/11/2016 09:52 AM, Florence Blanc-Renaud wrote:

Hi,

please find a patch for the 3rd issue of ticket 6012.

https://fedorahosted.org/freeipa/ticket/6012



bump for review


ACK

Pushed to master: a0d90263d62f48f0c04b8b9e7da3aaa10201c3a0

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] [PATCH] 0011 server uninstall fails to remove krb principals

2016-07-19 Thread Petr Vobornik 
On 07/11/2016 09:52 AM, Florence Blanc-Renaud wrote:
> Hi,
> 
> please find a patch for the 3rd issue of ticket 6012.
> 
> https://fedorahosted.org/freeipa/ticket/6012
> 
> 

bump for review

-- 
Petr Vobornik

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [PATCH] 0011 server uninstall fails to remove krb principals

2016-07-11 Thread Florence Blanc-Renaud 

Hi,

please find a patch for the 3rd issue of ticket 6012.

https://fedorahosted.org/freeipa/ticket/6012
>From 53f4ca564fe130db3f50c03dbc3f449332016a77 Mon Sep 17 00:00:00 2001
From: Florence Blanc-Renaud 
Date: Mon, 11 Jul 2016 09:00:44 +0200
Subject: [PATCH] server uninstall fails to remove krb principals

This patch fixes the 3rd issue of ticket 6012:
ipa-server-install --uninstall -U
complains while removing Kerberos service principals from /etc/krb5.keytab

Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r DOM-221.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM' returned non-zero exit status 5


This happens because the uninstaller performs the following sequence:
1/ restore pre-install files, including /etc/krb5.keytab
At this point /etc/krb5.keytab does not contain any principal for
IPA domain
2/ call ipa-client-install --uninstall, which in turns runs
ipa-rmkeytab -k /etc/krb5.keytab -r 
to remove the principals.

The fix ignores ipa-rmkeytab's exit code 5 (Principal name or realm not
found in keytab)

https://fedorahosted.org/freeipa/ticket/6012
---
 client/ipa-client-install | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/client/ipa-client-install b/client/ipa-client-install
index 8546ff8b0dbea0f28fba12a00c2ee1868ec7c3c6..778d057e2265a9f8a4acbe2dd311cf25094f3126 100755
--- a/client/ipa-client-install
+++ b/client/ipa-client-install
@@ -614,6 +614,13 @@ def uninstall(options, env):
 fp.close()
 realm = parser.get('global', 'realm')
 run([paths.IPA_RMKEYTAB, "-k", paths.KRB5_KEYTAB, "-r", realm])
+except CalledProcessError as err:
+if err.returncode != 5:
+# 5 means Principal name or realm not found in keytab
+# and can be ignored
+root_logger.error(
+"Failed to remove Kerberos service principals: %s",
+str(err))
 except Exception as e:
 root_logger.error(
 "Failed to remove Kerberos service principals: %s", str(e))
-- 
2.7.4

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code