[Freeipa-users] sudo (sssd) hangs due to ipa install/uninstall scripts

[Alexander Bokovoy]

On Wed, 02 Sep 2015, Prasun Gera wrote:
>I have zero confidence in any of the install and uninstall scripts. And
>this is on RHEL systems. On unofficial ones like Ubuntu, things are even
>more broken. I really like freeipa, but so far even in a smallish lab
>environment, it has been a nightmare. I am really tempted to just go back
>to NIS. Does anyone have any ideas or proposals for making things more
>robust ? At the very least, I think that these sort of modifications to
>system files should only happen with package install/removal. Any changes
>that ipa's scripts do should be local to ipa's internal state. Better would
>be to have an internal ipa database sort of thing which keeps track of what
>the current state is so that even if a script dies, which has happened
>often, the next attempt reads the database and figures out what happened
>earlier.
File bugs with enough details. It is the only reliable way to fix any
issues where environments differ. Install/uninstall scripts work for
fresh installs in RHEL and Fedora because this is what is tested. If you
have repurposed machines from some other setups, things might differ and
only you know what is in your environment.

That's not bad or good, that's just different -- the more different
environments we see, more robust code can be added. People are
infinitely more clever than computers when it comes to configuration
files' format mangling.

I've seen multiple cases where a claim of 'ipa scripts broke my
configuration' was later retracted saying that puppet or other SCM run
afterwards did these changes. That just happen, if there are many
elephants dancing in the room, a careful coordination is always a good
idea.

Coming back to your issues, please file bugs -- either upstream or
downstream, via distributions, whatever way is more suitable to you.
Contributing 'broken' config files would be good too.


-- 
/ Alexander Bokovoy