freeipa/ipaplatform
Florence Blanc-Renaud 1086f7a70f ipatests: clear initgroups cache in clear_sssd_cache
The tasks module provides a method to clear sssd cache,
but the method does not remove the file /var/lib/sss/mc/initgroups.

Update the method to also remove this file.

Signed-off-by: Florence Blanc-Renaud <flo@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2021-01-06 16:41:50 +01:00
..
base ipatests: clear initgroups cache in clear_sssd_cache 2021-01-06 16:41:50 +01:00
debian Debian: Fix chrony service name 2020-12-18 20:37:10 +02:00
fedora Always define the path DNSSEC_OPENSSL_CONF 2020-11-30 15:52:19 +01:00
fedora_container Add missing fedora_container platform members 2020-09-29 12:06:24 +02:00
redhat Fix spelling mistake: filen ame -> filename 2020-12-17 11:48:59 +01:00
rhel Add User and Group to all ipaplatform.constants 2020-09-22 09:23:18 -04:00
rhel_container Add User and Group to all ipaplatform.constants 2020-09-22 09:23:18 -04:00
suse ipatests: Respect platform's openssl dir 2020-11-17 14:25:39 +02:00
__init__.py Make ipaplatform a regular top-level package 2020-05-05 11:47:16 +02:00
_importhook.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
constants.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
Makefile.am Use namespace-aware meta importer for ipaplatform 2017-11-15 14:17:24 +01:00
osinfo.py Allow to override ipaplatform with env var 2020-07-30 11:38:25 +02:00
override.py.in Use namespace-aware meta importer for ipaplatform 2017-11-15 14:17:24 +01:00
paths.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
README.md Don't configure authselect in containers 2020-08-06 14:20:54 +02:00
services.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Add ipaplatform for Fedora and RHEL container 2020-07-30 11:38:25 +02:00
tasks.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00

IPA platform abstraction

The ipaplatform package provides an abstraction layer for supported Linux distributions and flavors. The package contains constants, paths to commands and config files, services, and tasks.

  • base abstract base platform
  • debian Debian- and Ubuntu-like
  • redhat abstract base for Red Hat platforms
  • fedora Fedora
  • fedora_container freeipa-container on Fedora
  • rhel RHEL and CentOS
  • rhel_container freeipa-container on RHEL and CentOS
  • suse OpenSUSE and SLES
[base]
  ├─ debian
  ├─[redhat]
  │   ├─ fedora
  │   │   └─ fedora_container
  │   └─ rhel
  │       └─ rhel_container
  └─ suse

(Note: Debian and SUSE use some definitions from Red Hat namespace.)

freeipa-container platform

The fedora_container and rhel_container platforms are flavors of the fedora and rhel platforms. These platform definitions are specifically designed for freeipa-container. The FreeIPA server container implements a read-only container. Paths like /etc, /usr, and /var are mounted read-only and cannot be modified. The image uses symlinks to store all variable data like config files and LDAP database in /data.

  • Some commands don't write through dangling symlinks. The IPA platforms for containers prefix some paths with /data.
  • ipa-server-upgrade verifies that the platform does not change between versions. To allow upgrades of old containers, sysupgrade maps $distro_container to $distro platform.
  • The container images come with authselect pre-configured with sssd with-sudo option. The tasks modify_nsswitch_pam_stack and migrate_auth_configuration are no-ops. ipa-restore does not restore authselect settings. ipa-backup still stores authselect settings in backup data.
  • The --mkhomedir option is not supported.