[Freeipa-devel] [PATCH] 1023 tool for configuring automount

Rob Crittenden rcritten at redhat.com
Fri Jun 22 17:27:07 UTC 2012 

Martin Kosek wrote:
> On Wed, 2012-06-20 at 13:23 -0400, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> Rob Crittenden wrote:
>>>> Here is a tool that can be used to configure automount in an IPA client.
>>>> It can use either SSSD or autofs for automount. It also configures NFSv4
>>>> on the client so secure maps will work.
>>>
>>> rebased patch
>>
>> rebase again
>>
>> rob
>
> I finally managed to look on this patch. This is generally a good work
> and make things a lot easier, but still I found few issues:
>
> 1) The patch does not apply cleanly+it needs to be rebased:
>
> # git apply freeipa-rcrit-1023-3-automount.patch
> freeipa-rcrit-1023-3-automount.patch:210: trailing whitespace.
>
> freeipa-rcrit-1023-3-automount.patch:264: trailing whitespace.
>
> freeipa-rcrit-1023-3-automount.patch:273: trailing whitespace.
>
> freeipa-rcrit-1023-3-automount.patch:542: trailing whitespace.
> .\"
> freeipa-rcrit-1023-3-automount.patch:547: trailing whitespace.
> .\"
> error: patch failed: ipapython/platform/base.py:24
> error: ipapython/platform/base.py: patch does not apply

Fixed whitespace and rebased.

> 2) This is just an idea, but would it be better to call the new script
> "ipa-client-automount" so that it is more visible that it is from
> ipa-client binary family (along with ipa-client-install)?

Sure, I wasn't completely happy with the name I came up with.

>
> 3) KeyboardInterrupt is not caught properly:
>
> 4) Neither is EOFError (CTRL+d):

Fixed.

>
> 5) Would it make sense to check if the given automount location exists?
> Currently there is no check for that:
>
> # ipa-configure-automount --server vm-091.idm.lab.bos.redhat.com
> --location foo
> Searching for IPA server...
> IPA server: DNS discovery
> Location: foo
> Continue to configure the system with these values? [no]: y
> Configured /etc/nsswitch.conf
> Configured /etc/sysconfig/nfs
> Configured /etc/idmapd.conf
> Started nfs-server.service
> Started nfs-secure.service
> Restarting sssd, waiting for it to become available.
> Started autofs.service
>
> Automount then obviously not work:

There was even a TODO in the code for this. I went ahead and did it. I 
had punted originally because it wasn't really a big deal to unconfigure 
and reconfigure with the right location.

> Jun 21 04:05:06 localhost automount[1401]: lookup_read_map: lookup(sss):
> getautomntent_r: No such file or directory

This is an sssd issue I've been told isn't fatal.

> 6) In /etc/sssd/sssd.conf we configure ipa_automount_location and
> autofs_provider options. But in uninstall, we remove only
> ipa_automount_location and leave autofs_provider configured

It is a bug in sssd, https://fedorahosted.org/sssd/ticket/1388

> 7) This is related to ipa-client-install, but even when I disable
> autodiscovery and add --server option it still disregards it and tries
> to search SRV records:
>
> # ipa-configure-automount --server=vm-091.idm.lab.bos.redhat.com
> <after some time and SRV searches>
> Unable to confirm that<some-ldap-server>.redhat.com is an IPA v2 server

Yeah, I think a separate ticket should be opened up, I call the same 
code as ipa-client-install.

>
> 8) When discovery is on, we are not really verbose:
>
> # ipa-configure-automount
> Searching for IPA server...
> IPA server: DNS discovery
> Location: default
> Continue to configure the system with these values? [no]:
>
> We just write "IPA server: DNS discovery", but I would at least like to
> now what servers it detected so that I know it does the right thing.

This should be better with Petr^3's patches. Is it not? Perhaps only 
with --debug?

> 9) autofs via LDAP (no SSSD )is broken when autodiscovery is used. After
> some investigation I found this line is causing it:
>
> +    if not autodiscover:
> +        ldap_uri = "ldap://%s" % server
> +    else:
> +        ldap_uri = "ldap:///%s" % api.env.basedn<<<
>
> There should be an IPA server, not basedn. When I fixed it, autofs via
> LDAP worked.

I'm not sure why it didn't work, this is correct. 
ldap:///dc=example,dc=com tells the autofs client to use DNS discovery 
to find the right server. It works for me.

>
> 9) Shouldn't configure_nfs be made optional? I don't think every IPA
> client with autofs configured will want to have nfs-server running...

I hate systemd. I couldn't find a service other than nfs-server that 
would start idmapd. I found one, fixed in this patch.

>
> 10) There are some artifacts in the man page:
> +.TP
> +Files that will be always be configured:
> +
> +/etc/nsswitch.conf
> +
> +Files that will be configured when SSSD is the automount client
> (default):
> +
> +/etc/sssd/sssd.conf
> +
> +Files that will be configured when using the ldap automount client:
> +
> +/etc/sysconfig/autofs
> +
> +/etc/autofs_ldap_auth.conf
>
> .TP is missing for the latter 2 file lists thus causing a bad indent.

Fixed.

rob

-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1023-4-automount.patch
Type: text/x-diff
Size: 27544 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120622/63039e03/attachment.bin>

More information about the Freeipa-devel mailing list