freeipa/ipaplatform
Jarl Gullberg 5a0eed0b1a ipaplatform/debian: fix path to ldap.so
bind-dyndb-ldap on Debian installs ldap.so in a subdirectory of
/usr/lib to prevent unintentional usage of an unversioned .so.
The default settings for FreeIPA on Debian used an incomplete
path, resulting in a failure to find ldap.so when bind attempts to
start with bind-dyndb-ldap configured.

This fixes the default path to use the appropriate location in its
multiarch-qualified path.

Signed-off-by: Jarl Gullberg <jarl.gullberg@gmail.com>
Reviewed-By: Timo Aaltonen <tjaalton@ubuntu.com>
2023-04-04 09:35:49 -04:00
..
base Suse compatibility fix 2022-06-14 14:21:59 -04:00
debian ipaplatform/debian: fix path to ldap.so 2023-04-04 09:35:49 -04:00
fedora freeipa.spec: depend on bind-dnssec-utils 2021-11-25 16:49:00 +01:00
fedora_container Installer: add --subid option to select the sssd profile with-subid 2022-05-25 08:11:39 +03:00
redhat Installer: add --subid option to select the sssd profile with-subid 2022-05-25 08:11:39 +03:00
rhel rhel platform: add a named crypto-policy support 2021-07-16 15:38:53 +02:00
rhel_container Installer: add --subid option to select the sssd profile with-subid 2022-05-25 08:11:39 +03:00
suse Add missing parameter to Suse modify_nsswitch_pam_stack 2022-06-23 13:06:02 -04:00
__init__.py Make ipaplatform a regular top-level package 2020-05-05 11:47:16 +02:00
_importhook.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
constants.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
Makefile.am Use namespace-aware meta importer for ipaplatform 2017-11-15 14:17:24 +01:00
osinfo.py pylint: Fix cyclic-import 2023-01-10 08:30:58 +01:00
override.py.in Use namespace-aware meta importer for ipaplatform 2017-11-15 14:17:24 +01:00
paths.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
README.md Don't configure authselect in containers 2020-08-06 14:20:54 +02:00
services.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
setup.cfg Port all setup.py to setuptools 2016-10-20 18:43:37 +02:00
setup.py Add ipaplatform for Fedora and RHEL container 2020-07-30 11:38:25 +02:00
tasks.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00

IPA platform abstraction

The ipaplatform package provides an abstraction layer for supported Linux distributions and flavors. The package contains constants, paths to commands and config files, services, and tasks.

  • base abstract base platform
  • debian Debian- and Ubuntu-like
  • redhat abstract base for Red Hat platforms
  • fedora Fedora
  • fedora_container freeipa-container on Fedora
  • rhel RHEL and CentOS
  • rhel_container freeipa-container on RHEL and CentOS
  • suse OpenSUSE and SLES
[base]
  ├─ debian
  ├─[redhat]
  │   ├─ fedora
  │   │   └─ fedora_container
  │   └─ rhel
  │       └─ rhel_container
  └─ suse

(Note: Debian and SUSE use some definitions from Red Hat namespace.)

freeipa-container platform

The fedora_container and rhel_container platforms are flavors of the fedora and rhel platforms. These platform definitions are specifically designed for freeipa-container. The FreeIPA server container implements a read-only container. Paths like /etc, /usr, and /var are mounted read-only and cannot be modified. The image uses symlinks to store all variable data like config files and LDAP database in /data.

  • Some commands don't write through dangling symlinks. The IPA platforms for containers prefix some paths with /data.
  • ipa-server-upgrade verifies that the platform does not change between versions. To allow upgrades of old containers, sysupgrade maps $distro_container to $distro platform.
  • The container images come with authselect pre-configured with sssd with-sudo option. The tasks modify_nsswitch_pam_stack and migrate_auth_configuration are no-ops. ipa-restore does not restore authselect settings. ipa-backup still stores authselect settings in backup data.
  • The --mkhomedir option is not supported.