#1280 Forced cleanup for Dogtag 9
Closed: Invalid None Opened 9 years ago by edewata.

Dogtag 9 may leave some files/folders after either a successful or an unsuccessful removal of the instance/package. These files/folders include:

  • /etc/pki-ca
  • /var/lib/pki-ca
  • /var/log/pki-ca
  • /etc/sysconfig/pki-ca
  • /etc/sysconfig/pki
  • /var/run/pki-ca.pid
  • /usr/share/pki

There should be a tool to clean up all instance-specific files/folders forcefully regardless of the state of the installation (e.g. pkiremove --force). The shared Dogtag files/folders should be removed when the package is uninstalled. The remaining files/folders should be just logs that are guaranteed not to interfere with later installations. Another tool could be provided to clean up these logs as well to ensure a completely clean system.

See also forced cleanup for Dogtag 10 in ticket #1172.

See also the following thread:
https://www.redhat.com/archives/freeipa-users/2015-February/msg00347.html

Proposed milestone: 9.0.x


Also need to remove left over Dogtag processes and user/group.

This is the current RHEL 6 command:

# pkiremove
PKI instance Deletion Utility ...

[error] This script must be run as root!
Usage:  pkiremove -pki_instance_root=<pki_instance_root> # Instance root
                                                         # directory
                                                         # destination
                  -pki_instance_name=<pki_instance_id>   # Unique PKI
                                                         # subsystem
                                                         # instance name
                                                         # (e. g. - pki-pki1)

[-force]   # Don't ask any questions

[-verbose] # Display detailed information. May be specified multiple times,
           # each time increasing the verbosity level.

[-dry_run] # Do not perform any actions.
           # Just report what would have been done.

Example:  pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca

IMPORTANT:  Must be run as root!

Per 10.2.3 Triage meeting of 02/26/2015:

There is a force option.  See if it removes everything that the user reported,
then file an IPA ticket for them to use it (if they are not already).

Need to check with IPA team to see if they want to keep any of the installation artifacts (e.g. configs, certs, keys, logs).

Per discussions with Endi on 03/09/2015: Dogtag 9.0.x

Metadata Update from @edewata:
- Issue set to the milestone: 9.0

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1842

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata