[Freeipa-devel] [PATCH] 0006 Removes sssd.conf after uninstall.

Martin Kosek mkosek at redhat.com
Mon Aug 27 12:57:44 UTC 2012 

On 08/27/2012 01:42 PM, Martin Kosek wrote:
> On 08/17/2012 03:04 PM, Tomas Babej wrote:
>> Hi,
>>
>> The sssd.conf file is no longer left behind in case sssd was not
>> configured before the installation.
>>
>> https://fedorahosted.org/freeipa/ticket/2740
>>
>> Tomas
>>
> 
> I found few issues with this approach:
> 
> 1) (major) We do not want to delete sssd.conf when there were more domain's
> that just the IPA one configured (was_sssd_configured variable).
> 
> I would consider changing it like that:
> 
> ...
> if was_sssd_installed and was_sssd_configured:
>         # SSSD was installed before our installation, config now is restored,
> restart it
>         ...
> elif not was_sssd_configured:
>     - remove sssd.conf file (or move it to sssd.conf.deleted as Stephen
> suggested if we want to be more defensive)
> ...
> 
> If we choose the rename operation over delete operation, we should inform a
> user about the rename as well.
> 
> 2) (minor) As I mentioned earlier, as a rule of thumb it is better to catch
> more specific exceptions that just bare "except" clause, PEP8 should contain
> more info to this cause. In this case, I would catch just for OSError exception.
> 
> Martin


I had a short discussion with Tomas and current state of handling of sssd.conf
during uninstall looks weird.

Uninstall code do check if there is some non-IPA domain configured in current
sssd.conf, but if it is, we still rather restore old sssd.conf which was backed
up during ipa-client-install instead of modifying current one. I think this may
cause user authentication issues if he configured non-IPA domains after
ipa-client-install.

I think that the right behavior of SSSD conf uninstall should be the following:

* sssd.conf existed before IPA install + non-IPA domains in sssd.conf found:
  - move backed conf up sssd.conf.bkp (and inform the user)
  - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf
  - restart sssd afterwards
* sssd.conf did not exist before IPA install + non-IPA domains in sssd.conf found:
  - use SSSDConfig delete_domain function to remove ipa domain from sssd.conf
  - restart sssd afterwards
* sssd.conf did not exist before IPA install + no other domains in sssd.conf:
  - remove sssd.conf or rename it to sssd.conf.deleted

Jakub, any recommendations?

Thanks,
Martin

More information about the Freeipa-devel mailing list