mirrors/libguestfs
1
0
Fork 0
mirror of https://github.com/libguestfs/libguestfs.git synced 2026-03-21 22:53:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
rhel-8.3.0
libguestfs/sysprep/sysprep_operation_ipa_client.ml
Pino Toscano fa3ff43b76 sysprep: add IPA offline unenrollment (RHBZ#1789592) 
This new operation unenrolls the guest from a IPA server offline, by
removing the configuration files and certificates.

Thanks to Christian Heimes and François Cami for the hints.

(cherry picked from commit 0a53e2c7fc)
2020-05-26 11:30:24 +02:00

67 lines
2.2 KiB
OCaml
Raw Permalink Blame History

(* virt-sysprep
* Copyright (C) 2020 Red Hat Inc.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*)
open Sysprep_operation
open Common_gettext.Gettext
module G = Guestfs
let ipa_client_perform (g : Guestfs.guestfs) root side_effects =
let typ = g#inspect_get_type root in
if typ = "linux" then (
(* Simple paths with no side effects. *)
let paths = [ "/etc/ipa/ca.crt";
"/etc/ipa/default.conf";
"/var/lib/ipa-client/sysrestore/*";
"/var/lib/ipa-client/pki/*" ] in
let paths = List.concat (List.map Array.to_list (List.map g#glob_expand paths)) in
List.iter (
fun filename ->
try g#rm filename with G.Error _ -> ()
) paths;
(* Certificates in the system CA store. *)
let certs = [ "/etc/pki/ca-trust/source/anchors/ipa-ca.crt";
"/usr/local/share/ca-certificates/ipa-ca.crt";
"/etc/pki/ca-trust/source/ipa.p11-kit" ] in
List.iter (
fun filename ->
try
g#rm filename;
side_effects#update_system_ca_store ()
with
G.Error _ -> ()
) certs
)
let op = {
defaults with
name = "ipa-client";
enabled_by_default = true;
heading = s_"Remove the IPA files";
pod_description = Some (s_"\
Remove all the files related to an IPA (Identity, Policy, Audit) system.
This effectively unenrolls the guest from an IPA server without interacting
with it.
This operation does not run C<ipa-client>.");
perform_on_filesystems = Some ipa_client_perform;
}
let () = register_operation op
Reference in New Issue View Git Blame Copy Permalink