[Freeipa-users] sudo (sssd) hangs due to ipa install/uninstall scripts
Rob Crittenden
rcritten at redhat.com
Tue May 9 14:25:52 UTC 2017
Prasun Gera wrote:
> Just writing to say that the automount scripts still seem to be quite
> broken in RHEL 7.3. I did a couple of client installs recently,
> and ipa-client-automount --install completed successfully, but didn't
> add sss to /etc/nsswitch.conf. By now, I've got used to this pattern. So
> I look for the presence or absence of sss in nsswitch.conf after running
> any of these scripts, since that seems to be the most common issue.
https://bugzilla.redhat.com/show_bug.cgi?id=1392540
rob
>
> On Thu, Sep 3, 2015 at 3:17 AM, Alexander Bokovoy <abokovoy at redhat.com
> <mailto:abokovoy at redhat.com>> wrote:
>
> On Wed, 02 Sep 2015, Prasun Gera wrote:
>
> I have zero confidence in any of the install and uninstall
> scripts. And
> this is on RHEL systems. On unofficial ones like Ubuntu, things
> are even
> more broken. I really like freeipa, but so far even in a
> smallish lab
> environment, it has been a nightmare. I am really tempted to
> just go back
> to NIS. Does anyone have any ideas or proposals for making
> things more
> robust ? At the very least, I think that these sort of
> modifications to
> system files should only happen with package install/removal.
> Any changes
> that ipa's scripts do should be local to ipa's internal state.
> Better would
> be to have an internal ipa database sort of thing which keeps
> track of what
> the current state is so that even if a script dies, which has
> happened
> often, the next attempt reads the database and figures out what
> happened
> earlier.
>
> File bugs with enough details. It is the only reliable way to fix any
> issues where environments differ. Install/uninstall scripts work for
> fresh installs in RHEL and Fedora because this is what is tested. If you
> have repurposed machines from some other setups, things might differ and
> only you know what is in your environment.
>
> That's not bad or good, that's just different -- the more different
> environments we see, more robust code can be added. People are
> infinitely more clever than computers when it comes to configuration
> files' format mangling.
>
> I've seen multiple cases where a claim of 'ipa scripts broke my
> configuration' was later retracted saying that puppet or other SCM run
> afterwards did these changes. That just happen, if there are many
> elephants dancing in the room, a careful coordination is always a good
> idea.
>
> Coming back to your issues, please file bugs -- either upstream or
> downstream, via distributions, whatever way is more suitable to you.
> Contributing 'broken' config files would be good too.
>
>
> --
> / Alexander Bokovoy
>
>
>
>
More information about the Freeipa-users
mailing list