[Freeipa-users] sudo (sssd) hangs due to ipa install/uninstall scripts
Prasun Gera
prasun.gera at gmail.com
Tue May 9 08:35:35 UTC 2017
Just writing to say that the automount scripts still seem to be quite
broken in RHEL 7.3. I did a couple of client installs recently, and
ipa-client-automount
--install completed successfully, but didn't add sss to /etc/nsswitch.conf.
By now, I've got used to this pattern. So I look for the presence or
absence of sss in nsswitch.conf after running any of these scripts, since
that seems to be the most common issue.
On Thu, Sep 3, 2015 at 3:17 AM, Alexander Bokovoy <abokovoy at redhat.com>
wrote:
> On Wed, 02 Sep 2015, Prasun Gera wrote:
>
>> I have zero confidence in any of the install and uninstall scripts. And
>> this is on RHEL systems. On unofficial ones like Ubuntu, things are even
>> more broken. I really like freeipa, but so far even in a smallish lab
>> environment, it has been a nightmare. I am really tempted to just go back
>> to NIS. Does anyone have any ideas or proposals for making things more
>> robust ? At the very least, I think that these sort of modifications to
>> system files should only happen with package install/removal. Any changes
>> that ipa's scripts do should be local to ipa's internal state. Better
>> would
>> be to have an internal ipa database sort of thing which keeps track of
>> what
>> the current state is so that even if a script dies, which has happened
>> often, the next attempt reads the database and figures out what happened
>> earlier.
>>
> File bugs with enough details. It is the only reliable way to fix any
> issues where environments differ. Install/uninstall scripts work for
> fresh installs in RHEL and Fedora because this is what is tested. If you
> have repurposed machines from some other setups, things might differ and
> only you know what is in your environment.
>
> That's not bad or good, that's just different -- the more different
> environments we see, more robust code can be added. People are
> infinitely more clever than computers when it comes to configuration
> files' format mangling.
>
> I've seen multiple cases where a claim of 'ipa scripts broke my
> configuration' was later retracted saying that puppet or other SCM run
> afterwards did these changes. That just happen, if there are many
> elephants dancing in the room, a careful coordination is always a good
> idea.
>
> Coming back to your issues, please file bugs -- either upstream or
> downstream, via distributions, whatever way is more suitable to you.
> Contributing 'broken' config files would be good too.
>
>
> --
> / Alexander Bokovoy
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170509/7576675e/attachment.htm>
More information about the Freeipa-users
mailing list