ipa-server-install leaves a lot of files around
find /etc/ /run/ /var/ /root/ -mount | sort > /root/before
ipa-server-install -p Secret123 -a Secret123 -r IPA.EXAMPLE -n ipa.example -U --auto-reverse --auto-forwarders --no-dnssec-validation --setup-dns --setup-kra
ipa-dns-install --dnssec-master --no-dnssec-validation -U --auto-forwarders
ipa-server-install --uninstall -U
find /etc/ /run/ /var/ /root/ -mount | sort > /root/after
The uninstall does not clean up all files
I expect uninstall to be clean and pristine.
freeipa-server-4.8.1-1.fc30.x86_64 freeipa-client-4.8.1-1.fc30.x86_64 package ipa-server is not installed package ipa-client is not installed 389-ds-base-1.4.1.6-1.fc30.x86_64 pki-ca-10.7.3-3.fc30.noarch krb5-server-1.17-14.fc30.x86_64
Single server with DNS, DNSSEC, and KRA, no AD integration.
+/etc/dirsrv/ssca/18a51399.0 +/etc/dirsrv/ssca/ca.crt +/etc/httpd/alias +/etc/httpd/conf.d/nss.conf +/etc/ipa/dnssec/softhsm_pin_so +/etc/krb5.conf.d/freeipa +/etc/krb5.keytab +/etc/named.keytab +/etc/rndc.key +/etc/sssd/sssd.conf.deleted +/etc/sysconfig/krb5kdc.orig -/etc/systemd/system/dirsrv.target.wants +/etc/systemd/system/dirsrv@IPA-EXAMPLE.service.d +/etc/systemd/system/dirsrv@IPA-EXAMPLE.service.d/ipa-env.conf -/etc/systemd/system/multi-user.target.wants/sssd.service +/root/ca-agent.p12 +/root/cacert.p12 +/root/.cache +/root/.cache/ipa +/root/.cache/ipa/schema +/root/.cache/ipa/schema/1 +/root/.cache/ipa/schema/1/2fa5fa44 +/root/.cache/ipa/servers +/root/.cache/ipa/servers/host-10-0-137-212.ipa.example +/root/.dogtag +/root/kracert.p12 -/run/certmonger.pid +/run/httpd/ipa-custodia.sock +/run/ipa/ccaches/host~host-10-0-137-212.ipa.example@IPA.EXAMPLE +/run/opendnssec/engine.sock +/run/slapd-IPA-EXAMPLE.socket -/run/sssd.pid +/var/lib/gssproxy/rcache/HTTP_0 +/var/lib/ipa/dnssec +/var/lib/ipa/ipa-kasp.db.backup +/var/lib/sss/db/timestamps_ipa.example.ldb +/var/lib/sss/pipes/pac +/var/lib/sss/pipes/pam -/var/lib/sss/pipes/private/sbus-dp_implicit_files +/var/lib/sss/pipes/private/pam -/var/lib/sss/pipes/private/sbus-dp_implicit_files.8426 -/var/lib/sss/pipes/private/sbus-monitor +/var/lib/sss/pipes/ssh +/var/lib/sss/pipes/sudo +/var/lib/sss/pubconf/krb5.include.d/domain_realm_ipa_example +/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults +/var/lib/sss/pubconf/krb5.include.d/localauth_plugin +/var/log/httpd/access_log +/var/log/httpd/error_log +/var/log/httpd/ssl_request_log +/var/log/ipa +/var/log/ipaclient-install.log +/var/log/ipa-custodia.audit.log +/var/log/ipa/ipactl.log +/var/log/ipa/renew.log +/var/log/ipa/restart.log +/var/log/kadmind.log +/var/log/krb5kdc.log +/var/log/pki/pki-ca-destroy.20190927054213.log +/var/log/pki/pki-ca-spawn.20190927052754.log +/var/log/pki/pki-kra-destroy.20190927054038.log +/var/log/pki/pki-kra-spawn.20190927053133.log +/var/log/pki/pki-tomcat +/var/log/pki/pki-tomcat/ca +/var/log/pki/pki-tomcat/ca/archive +/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20190927052754 +/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20190927052754 +/var/log/pki/pki-tomcat/ca/debug.2019-09-27.log +/var/log/pki/pki-tomcat/ca/selftests.log +/var/log/pki/pki-tomcat/ca/signedAudit +/var/log/pki/pki-tomcat/ca/signedAudit/ca_audit +/var/log/pki/pki-tomcat/ca/system +/var/log/pki/pki-tomcat/catalina.2019-09-27.log +/var/log/pki/pki-tomcat/ca/transactions +/var/log/pki/pki-tomcat/host-manager.2019-09-27.log +/var/log/pki/pki-tomcat/kra +/var/log/pki/pki-tomcat/kra/archive +/var/log/pki/pki-tomcat/kra/archive/spawn_deployment.cfg.20190927053133 +/var/log/pki/pki-tomcat/kra/archive/spawn_manifest.20190927053133 +/var/log/pki/pki-tomcat/kra/debug.2019-09-27.log +/var/log/pki/pki-tomcat/kra/selftests.log +/var/log/pki/pki-tomcat/kra/signedAudit +/var/log/pki/pki-tomcat/kra/signedAudit/kra_cert-kra_audit +/var/log/pki/pki-tomcat/kra/system +/var/log/pki/pki-tomcat/kra/transactions +/var/log/pki/pki-tomcat/localhost.2019-09-27.log +/var/log/pki/pki-tomcat/localhost_access_log.2019-09-27.txt +/var/log/pki/pki-tomcat/manager.2019-09-27.log +/var/log/pki/pki-tomcat/pki +/var/log/pki/pki-tomcat/pki/debug.2019-09-27.log +/var/log/sssd/krb5_child.log +/var/log/sssd/ldap_child.log +/var/log/sssd/sssd_ifp.log +/var/log/sssd/sssd_ipa.example.log +/var/log/sssd/sssd_pac.log +/var/log/sssd/sssd_pam.log +/var/log/sssd/sssd_ssh.log +/var/log/sssd/sssd_sudo.log +/var/named/data/named.run +/var/named/_default.tsigkeys +/var/named/dynamic/managed-keys.bind +/var/named/dynamic/managed-keys.bind.jnl +/var/tmp/kadmin_0 +/var/tmp/ldap_389
Please consider not cleaning logs from the above list.
+/etc/httpd/alias +/etc/httpd/conf.d/nss.conf
These are quite curious since IPA doesn't use mod_nss anymore.
AD trust leaves additional files behind, e.g. Samba keytab.
# ktutil ktutil: rkt /etc/samba/samba.keytab ktutil: l slot KVNO Principal ---- ---- --------------------------------------------------------------------- 1 2 host/host-10-0-137-224.ipa.example@IPA.EXAMPLE 2 2 host/host-10-0-137-224.ipa.example@IPA.EXAMPLE 3 2 host/host-10-0-137-224.ipa.example@IPA.EXAMPLE
It may be a pain to get right but perhaps once this is resolved a test can be written to do a similar find before and after execution to verify that new things don't end up being left behind.
Also see https://pagure.io/freeipa/issue/6910
master:
ipa-4-12:
ipa-4-11:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.