freeipa

Clone
Source Code
GIT

#8080 ipa-server-install --uninstall leaves files
Opened 4 years ago by cheimes. Modified 4 years ago

Open
Close issue as:
fixed wontfix worksforme duplicate insufficientinfo invalid

Issue

ipa-server-install leaves a lot of files around

Steps to Reproduce

  1. find /etc/ /run/ /var/ /root/ -mount | sort > /root/before
  2. ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE -n ipa.example -U --auto-reverse --auto-forwarders --no-dnssec-validation --setup-dns --setup-kra
  3. ipa-dns-install --dnssec-master --no-dnssec-validation -U --auto-forwarders
  4. ipa-server-install --uninstall -U
  5. find /etc/ /run/ /var/ /root/ -mount | sort > /root/after
  6. diff files

Actual behavior

The uninstall does not clean up all files

Expected behavior

I expect uninstall to be clean and pristine.

Version/Release/Distribution

freeipa-server-4.8.1-1.fc30.x86_64
freeipa-client-4.8.1-1.fc30.x86_64
package ipa-server is not installed
package ipa-client is not installed
389-ds-base-1.4.1.6-1.fc30.x86_64
pki-ca-10.7.3-3.fc30.noarch
krb5-server-1.17-14.fc30.x86_64

file list

Single server with DNS, DNSSEC, and KRA, no AD integration.

+/etc/dirsrv/ssca/18a51399.0
+/etc/dirsrv/ssca/ca.crt
+/etc/httpd/alias
+/etc/httpd/conf.d/nss.conf
+/etc/ipa/dnssec/softhsm_pin_so
+/etc/krb5.conf.d/freeipa
+/etc/krb5.keytab
+/etc/named.keytab
+/etc/rndc.key
+/etc/sssd/sssd.conf.deleted
+/etc/sysconfig/krb5kdc.orig
-/etc/systemd/system/dirsrv.target.wants
+/etc/systemd/system/dirsrv@IPA-EXAMPLE.service.d
+/etc/systemd/system/dirsrv@IPA-EXAMPLE.service.d/ipa-env.conf
-/etc/systemd/system/multi-user.target.wants/sssd.service
+/root/ca-agent.p12
+/root/cacert.p12
+/root/.cache
+/root/.cache/ipa
+/root/.cache/ipa/schema
+/root/.cache/ipa/schema/1
+/root/.cache/ipa/schema/1/2fa5fa44
+/root/.cache/ipa/servers
+/root/.cache/ipa/servers/host-10-0-137-212.ipa.example
+/root/.dogtag
+/root/kracert.p12
-/run/certmonger.pid
+/run/httpd/ipa-custodia.sock
+/run/ipa/ccaches/host~host-10-0-137-212.ipa.example@IPA.EXAMPLE
+/run/opendnssec/engine.sock
+/run/slapd-IPA-EXAMPLE.socket
-/run/sssd.pid
+/var/lib/gssproxy/rcache/HTTP_0
+/var/lib/ipa/dnssec
+/var/lib/ipa/ipa-kasp.db.backup
+/var/lib/sss/db/timestamps_ipa.example.ldb
+/var/lib/sss/pipes/pac
+/var/lib/sss/pipes/pam
-/var/lib/sss/pipes/private/sbus-dp_implicit_files
+/var/lib/sss/pipes/private/pam
-/var/lib/sss/pipes/private/sbus-dp_implicit_files.8426
-/var/lib/sss/pipes/private/sbus-monitor
+/var/lib/sss/pipes/ssh
+/var/lib/sss/pipes/sudo
+/var/lib/sss/pubconf/krb5.include.d/domain_realm_ipa_example
+/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults
+/var/lib/sss/pubconf/krb5.include.d/localauth_plugin
+/var/log/httpd/access_log
+/var/log/httpd/error_log
+/var/log/httpd/ssl_request_log
+/var/log/ipa
+/var/log/ipaclient-install.log
+/var/log/ipa-custodia.audit.log
+/var/log/ipa/ipactl.log
+/var/log/ipa/renew.log
+/var/log/ipa/restart.log
+/var/log/kadmind.log
+/var/log/krb5kdc.log
+/var/log/pki/pki-ca-destroy.20190927054213.log
+/var/log/pki/pki-ca-spawn.20190927052754.log
+/var/log/pki/pki-kra-destroy.20190927054038.log
+/var/log/pki/pki-kra-spawn.20190927053133.log
+/var/log/pki/pki-tomcat
+/var/log/pki/pki-tomcat/ca
+/var/log/pki/pki-tomcat/ca/archive
+/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20190927052754
+/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20190927052754
+/var/log/pki/pki-tomcat/ca/debug.2019-09-27.log
+/var/log/pki/pki-tomcat/ca/selftests.log
+/var/log/pki/pki-tomcat/ca/signedAudit
+/var/log/pki/pki-tomcat/ca/signedAudit/ca_audit
+/var/log/pki/pki-tomcat/ca/system
+/var/log/pki/pki-tomcat/catalina.2019-09-27.log
+/var/log/pki/pki-tomcat/ca/transactions
+/var/log/pki/pki-tomcat/host-manager.2019-09-27.log
+/var/log/pki/pki-tomcat/kra
+/var/log/pki/pki-tomcat/kra/archive
+/var/log/pki/pki-tomcat/kra/archive/spawn_deployment.cfg.20190927053133
+/var/log/pki/pki-tomcat/kra/archive/spawn_manifest.20190927053133
+/var/log/pki/pki-tomcat/kra/debug.2019-09-27.log
+/var/log/pki/pki-tomcat/kra/selftests.log
+/var/log/pki/pki-tomcat/kra/signedAudit
+/var/log/pki/pki-tomcat/kra/signedAudit/kra_cert-kra_audit
+/var/log/pki/pki-tomcat/kra/system
+/var/log/pki/pki-tomcat/kra/transactions
+/var/log/pki/pki-tomcat/localhost.2019-09-27.log
+/var/log/pki/pki-tomcat/localhost_access_log.2019-09-27.txt
+/var/log/pki/pki-tomcat/manager.2019-09-27.log
+/var/log/pki/pki-tomcat/pki
+/var/log/pki/pki-tomcat/pki/debug.2019-09-27.log
+/var/log/sssd/krb5_child.log
+/var/log/sssd/ldap_child.log
+/var/log/sssd/sssd_ifp.log
+/var/log/sssd/sssd_ipa.example.log
+/var/log/sssd/sssd_pac.log
+/var/log/sssd/sssd_pam.log
+/var/log/sssd/sssd_ssh.log
+/var/log/sssd/sssd_sudo.log
+/var/named/data/named.run
+/var/named/_default.tsigkeys
+/var/named/dynamic/managed-keys.bind
+/var/named/dynamic/managed-keys.bind.jnl
+/var/tmp/kadmin_0
+/var/tmp/ldap_389

Please consider not cleaning logs from the above list.

 
+/etc/httpd/alias
+/etc/httpd/conf.d/nss.conf

These are quite curious since IPA doesn't use mod_nss anymore.

AD trust leaves additional files behind, e.g. Samba keytab.

# ktutil 
ktutil:  rkt /etc/samba/samba.keytab
ktutil:  l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1    2 host/host-10-0-137-224.ipa.example@IPA.EXAMPLE
   2    2 host/host-10-0-137-224.ipa.example@IPA.EXAMPLE
   3    2 host/host-10-0-137-224.ipa.example@IPA.EXAMPLE

It may be a pain to get right but perhaps once this is resolved a test can be written to do a similar find before and after execution to verify that new things don't end up being left behind.

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.