mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 15:40:01 -06:00
ce0592bd47
If the client was installed with authconfig, with automount configured to use ldap (--no-sssd), and later updated to a version using authselect, the uninstaller tries to disable the authselect feature with-custom-automount but fails because there is no authselect profile in use. (Upgrade of a client does not transform authconfig settings into authselect settings because we don't have any client upgrader, as opposed to the ipa-server-upgrade for the servers). To avoid uninstallation failure, ignore the error and log a warning. The second part of the commit leverages the "complete" state stored in the statestore, in order to fix issues when a client installation fails and the installation is reverted by the ipa-client-install tool itself. The fix checks if the statestore shows an incomplete installation. If the install was incomplete and failed before any attempt to configure authselect, then unconfigure doesn't need to do anything. In the other cases, unconfigure needs to revert to the pre-ipa state. Fixes: https://pagure.io/freeipa/issue/9147 Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
base | ||
debian | ||
fedora | ||
fedora_container | ||
redhat | ||
rhel | ||
rhel_container | ||
suse | ||
__init__.py | ||
_importhook.py | ||
constants.py | ||
Makefile.am | ||
osinfo.py | ||
override.py.in | ||
paths.py | ||
README.md | ||
services.py | ||
setup.cfg | ||
setup.py | ||
tasks.py |
IPA platform abstraction
The ipaplatform
package provides an abstraction layer for
supported Linux distributions and flavors. The package contains
constants, paths to commands and config files, services, and tasks.
- base abstract base platform
- debian Debian- and Ubuntu-like
- redhat abstract base for Red Hat platforms
- fedora Fedora
- fedora_container freeipa-container on Fedora
- rhel RHEL and CentOS
- rhel_container freeipa-container on RHEL and CentOS
- suse OpenSUSE and SLES
[base]
├─ debian
├─[redhat]
│ ├─ fedora
│ │ └─ fedora_container
│ └─ rhel
│ └─ rhel_container
└─ suse
(Note: Debian and SUSE use some definitions from Red Hat namespace.)
freeipa-container platform
The fedora_container and rhel_container platforms are flavors
of the fedora and rhel platforms. These platform definitions
are specifically designed for
freeipa-container.
The FreeIPA server container implements a read-only container. Paths
like /etc
, /usr
, and /var
are mounted read-only and cannot
be modified. The image uses symlinks to store all variable data like
config files and LDAP database in /data
.
- Some commands don't write through dangling symlinks. The IPA
platforms for containers prefix some paths with
/data
. ipa-server-upgrade
verifies that the platform does not change between versions. To allow upgrades of old containers, sysupgrade maps$distro_container
to$distro
platform.- The container images come with authselect pre-configured with
sssd with-sudo
option. The tasksmodify_nsswitch_pam_stack
andmigrate_auth_configuration
are no-ops.ipa-restore
does not restore authselect settings.ipa-backup
still stores authselect settings in backup data. - The
--mkhomedir
option is not supported.