[Freeipa-devel] [PATCH] 0006 Removes sssd.conf after uninstall.
Martin Kosek
mkosek at redhat.com
Mon Aug 27 12:57:44 UTC 2012
On 08/27/2012 01:42 PM, Martin Kosek wrote:
> On 08/17/2012 03:04 PM, Tomas Babej wrote:
>> Hi,
>>
>> The sssd.conf file is no longer left behind in case sssd was not
>> configured before the installation.
>>
>> https://fedorahosted.org/freeipa/ticket/2740
>>
>> Tomas
>>
>
> I found few issues with this approach:
>
> 1) (major) We do not want to delete sssd.conf when there were more domain's
> that just the IPA one configured (was_sssd_configured variable).
>
> I would consider changing it like that:
>
> ...
> if was_sssd_installed and was_sssd_configured:
> # SSSD was installed before our installation, config now is restored,
> restart it
> ...
> elif not was_sssd_configured:
> - remove sssd.conf file (or move it to sssd.conf.deleted as Stephen
> suggested if we want to be more defensive)
> ...
>
> If we choose the rename operation over delete operation, we should inform a
> user about the rename as well.
>
> 2) (minor) As I mentioned earlier, as a rule of thumb it is better to catch
> more specific exceptions that just bare "except" clause, PEP8 should contain
> more info to this cause. In this case, I would catch just for OSError exception.
>
> Martin
I had a short discussion with Tomas and current state of handling of sssd.conf
during uninstall looks weird.
Uninstall code do check if there is some non-IPA domain configured in current
sssd.conf, but if it is, we still rather restore old sssd.conf which was backed
up during ipa-client-install instead of modifying current one. I think this may
cause user authentication issues if he configured non-IPA domains after
ipa-client-install.
I think that the right behavior of SSSD conf uninstall should be the following:
* sssd.conf existed before IPA install + non-IPA domains in sssd.conf found:
- move backed conf up sssd.conf.bkp (and inform the user)
- use SSSDConfig delete_domain function to remove ipa domain from sssd.conf
- restart sssd afterwards
* sssd.conf did not exist before IPA install + non-IPA domains in sssd.conf found:
- use SSSDConfig delete_domain function to remove ipa domain from sssd.conf
- restart sssd afterwards
* sssd.conf did not exist before IPA install + no other domains in sssd.conf:
- remove sssd.conf or rename it to sssd.conf.deleted
Jakub, any recommendations?
Thanks,
Martin
More information about the Freeipa-devel
mailing list