Skip to content

Commit

Permalink
Fix 'pkidestroy --force' to pickup correct instance name (#231)
Browse files Browse the repository at this point in the history 
- When `pkidestroy --force` was executed with a non-existant non-default
  instance, it should not pickup `pki-tomcat` as the default instance

- The commit adds an additional check to remove selinux contexts
  iff the context exists. Otherwise, it skips them. This is
  necessary to accommodate the `--force` option to pkidestroy

Fixes: BZ#1698084

Signed-off-by: Dinesh Prasanth M K <[email protected]>
  • Loading branch information
@SilleBille
SilleBille committed Aug 8, 2019
1 parent e3afcfd commit 8204011
Show file tree
Hide file tree
Showing 4 changed files with 71 additions and 38 deletions.
10 changes: 8 additions & 2 deletions base/server/python/pki/server/deployment/pkiparser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,11 +263,17 @@ def get_nss_db_type(self):
)
return dbtype

def init_config(self):
def init_config(self, pki_instance_name=None):
self.deployer.nss_db_type = self.get_nss_db_type()
java_home = self._getenv('JAVA_HOME').strip()

default_instance_name = 'pki-tomcat'
# Check if a instance name is provided before assigning a default
# instance_name
if pki_instance_name:
default_instance_name = pki_instance_name
else:
default_instance_name = 'pki-tomcat'

default_http_port = '8080'
default_https_port = '8443'

Expand Down
5 changes: 5 additions & 0 deletions base/server/python/pki/server/deployment/scriptlets/security_databases.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -351,6 +351,11 @@ def destroy(self, deployer):

logger.info('Removing NSS database')

# Remove NSS DB when uninstalling the last subsystem
#
# NOTE: We check for 0 subsystems to exist at this point as
# /var/lib/pki/<instance>/<subsystem> dir should
# be removed as part of subsystem_layout scriptlet
if len(deployer.instance.tomcat_instance_subsystems()) == 0:

if deployer.directory.exists(deployer.mdict['pki_client_dir']):
Expand Down
92 changes: 57 additions & 35 deletions base/server/python/pki/server/deployment/scriptlets/selinux_setup.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,15 @@ def restore_context(self, mdict):
selinux.restorecon(mdict['pki_instance_log_path'], True)
selinux.restorecon(mdict['pki_instance_configuration_path'], True)

# Helper function to check if a given `context_value` exists in the given
# set of `records`. This method can process both port contexts and file contexts
def context_exists(self, records, context_value):
for keys in records.keys():
for key in keys:
if str(key) == context_value:
return True
return False

def spawn(self, deployer):

if config.str2bool(deployer.mdict['pki_skip_installation']):
Expand Down Expand Up @@ -155,9 +164,8 @@ def destroy(self, deployer):
return

# A maximum of 10 tries to delete the SELinux contexts
counter = 1
max_tries = 10
while True:
for counter in range(1, max_tries):
try:
# remove SELinux contexts when removing the last subsystem
if len(deployer.instance.tomcat_instance_subsystems()) == 0:
Expand All @@ -168,41 +176,56 @@ def destroy(self, deployer):
config.PKI_DEPLOYMENT_DEFAULT_TOMCAT_INSTANCE_NAME:

fcon = seobject.fcontextRecords(trans)

logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_instance_path'] + self.suffix)
fcon.delete(
deployer.mdict['pki_instance_path'] +
self.suffix, "")

logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_instance_log_path'] +
self.suffix)
fcon.delete(
deployer.mdict['pki_instance_log_path'] +
self.suffix, "")

logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_instance_configuration_path'] +
self.suffix)
fcon.delete(
deployer.mdict['pki_instance_configuration_path'] +
self.suffix, "")

logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_server_database_path'] + self.suffix)
fcon.delete(
deployer.mdict['pki_server_database_path'] +
self.suffix, "")
file_records = fcon.get_all()

if self.context_exists(file_records,
deployer.mdict['pki_instance_path'] +
self.suffix):
logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_instance_path'] + self.suffix)
fcon.delete(
deployer.mdict['pki_instance_path'] +
self.suffix, "")

if self.context_exists(file_records,
deployer.mdict['pki_instance_log_path'] +
self.suffix):
logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_instance_log_path'] +
self.suffix)
fcon.delete(
deployer.mdict['pki_instance_log_path'] +
self.suffix, "")

if self.context_exists(file_records,
deployer.mdict['pki_instance_configuration_path'] +
self.suffix):
logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_instance_configuration_path'] +
self.suffix)
fcon.delete(
deployer.mdict['pki_instance_configuration_path'] +
self.suffix, "")

if self.context_exists(file_records,
deployer.mdict['pki_server_database_path'] +
self.suffix):
logger.info(
"deleting selinux fcontext \"%s\"",
deployer.mdict['pki_server_database_path'] + self.suffix)
fcon.delete(
deployer.mdict['pki_server_database_path'] +
self.suffix, "")

port_records = seobject.portRecords(trans)
port_record_values = port_records.get_all()
for port in ports:
logger.info("deleting selinux port %s", port)
port_records.delete(port, "tcp")
if self.context_exists(port_record_values, port):
logger.info("deleting selinux port %s", port)
port_records.delete(port, "tcp")

trans.finish()
break
Expand All @@ -211,7 +234,6 @@ def destroy(self, deployer):
logger.error(error_message)
if error_message.strip() == \
"Could not start semanage transaction":
counter += 1
if counter >= max_tries:
raise
time.sleep(5)
Expand Down
2 changes: 1 addition & 1 deletion base/server/python/pki/server/pkidestroy.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ def main(argv):
config.user_deployment_cfg = None

parser.validate()
parser.init_config()
parser.init_config(pki_instance_name=config.pki_deployed_instance_name)

# Enable 'pkidestroy' logging.
config.pki_log_dir = config.PKI_DEPLOYMENT_LOG_ROOT
Expand Down

0 comments on commit 8204011

Please sign in to comment.