Bug 1571844
Summary: | authselect must not disable oddjobd | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Christian Heimes <cheimes> |
Component: | authselect | Assignee: | Pavel Březina <pbrezina> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | urgent | Docs Contact: | |
Priority: | unspecified | ||
Version: | 28 | CC: | jhrozek, pbrezina, sgallagh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | authselect-0.4-2.fc28 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-27 23:08:07 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1469207 |
Description
Christian Heimes
2018-04-25 13:58:36 UTC
FreeIPA depends oddjobd.service for two tasks. Without oddjobd it is neither possible to install a replica nor to establish trust with Active Directory. It's highly recommended to create at least one FreeIPA replica. A single master is a single point of failure. upstream PR: https://github.com/pbrezina/authselect/pull/50 Fedora packaging PR: https://src.fedoraproject.org/rpms/authselect/pull-request/4 scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=26556749 fixed scratch build: https://koji.fedoraproject.org/koji/taskinfo?taskID=26556817 # rpm -qa authselect authselect-0.4-2.fc28.x86_64 # /usr/sbin/authconfig --enablesssd --enablesssdauth --update Running authconfig compatibility tool. IMPORTANT: authconfig is replaced by authselect, please update your scripts. See Fedora 28 Change Page: https://fedoraproject.org/wiki/Changes/AuthselectAsDefault See man authselect-migration(7) to help you with migration to authselect Executing: /usr/bin/authselect select sssd --force Removing file: /etc/krb5.conf.d/authconfig-krb.conf Executing: /usr/bin/systemctl disable winbind.service Executing: /usr/bin/systemctl stop winbind.service # systemctl status oddjobd.service ● oddjobd.service - privileged operations for unprivileged applications Loaded: loaded (/usr/lib/systemd/system/oddjobd.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2018-04-25 13:44:59 CEST; 2h 51min ago ... Proposed as a Freeze Exception for 28-final by Fedora user sgallagh using the blocker tracking app because: While this bug is very serious, our blocker criterion for F28 does not require replica creation or AD integration to work. I spoke to the FreeIPA upstream and they're working on getting it into an update for 0day at least, but if we end up slipping Fedora 28, I think there's significant value to getting this in as a freeze exception. Also, the patch to fix it is very simple. authselect-0.4-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-70db86e35f authselect-0.4-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-70db86e35f authselect-0.4-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |