Bug 2255725
| Summary: | realmd claims 'sssd' is required to join realms, but it's a metapackage that is not in the Server tree (cannot join a realm when installing from Server DVD without additional repo) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Adam Williamson <awilliam> |
| Component: | realmd | Assignee: | Sumit Bose <sbose> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rawhide | CC: | admiller, hlin, lsedlar, luk.claes, onosek, robatino, sbose, stefw, w |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
| Whiteboard: | openqa | ||
| Fixed In Version: | realmd-0.17.1-8.fc40 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2024-02-05 10:24:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2187792 | ||
|
Description
Adam Williamson
2023-12-23 20:41:34 UTC
The consequence of this is that you can't install the server-product-environment group from the Server tree (and hence from the Server DVD), because anaconda complains that sssd isn't there. This is breaking some of openQA's kickstart install tests. There are some subpackages from the sssd build: sssd-ad-2.9.3-1.fc40.x86_64.rpm sssd-client-2.9.3-1.fc40.x86_64.rpm sssd-common-2.9.3-1.fc40.x86_64.rpm sssd-common-pac-2.9.3-1.fc40.x86_64.rpm sssd-dbus-2.9.3-1.fc40.x86_64.rpm sssd-idp-2.9.3-1.fc40.x86_64.rpm sssd-ipa-2.9.3-1.fc40.x86_64.rpm sssd-kcm-2.9.3-1.fc40.x86_64.rpm sssd-krb5-2.9.3-1.fc40.x86_64.rpm sssd-krb5-common-2.9.3-1.fc40.x86_64.rpm sssd-nfs-idmap-2.9.3-1.fc40.x86_64.rpm sssd-proxy-2.9.3-1.fc40.x86_64.rpm sssd-tools-2.9.3-1.fc40.x86_64.rpm The sssd-2.9.3-1.fc40.x86_64.rpm metapackage is indeed missing, but it's also not mentioned in comps. The warning seems correct to me. The variants.xml file contains both <environment display_order="2">server-product-environment</environment> and <group default="true">^server-product-environment</group>. The comps file defines the environment with a bunch of groups, but there is no group called ^server-product-environment. Hence the warning. All of the groups listed in the environment are given as input to the depsolver: https://kojipkgs.fedoraproject.org/compose/rawhide/Fedora-Rawhide-20231223.n.0/work/x86_64/pungi/Server.x86_64.comps.conf > The sssd-2.9.3-1.fc40.x86_64.rpm metapackage is indeed missing, but it's also not mentioned in comps.
Huh. You're right. I am sure when I filed this bug I checked comps and it did have sssd in it, but I'm looking now and it sure doesn't. Don't know how that happened. Looking at the anaconda logs again, it's anaconda itself that adds the sssd requirement into the list, because of the output of `realm list`, apparently. So we need to get realmd to stop saying that sssd needs to be installed to join realms.
> The comps file defines the environment with a bunch of groups, but there is no group called ^server-product-environment. Hence the warning.
Well, I can see what that is trying to say. For dnf "specs" - that is, strings you can pass to e.g. `dnf install` - the `@` prefix means "this is a group", and `@^` means "this is an environment group". So `dnf install @^server-product-environment` means "install the environment group server-product-environment". So, in a sense, if we're considering a string meant to refer to a group, then you can see that a prefix of "^" would mean "this is an environment group".
I don't know if that's actually valid syntax for anything that reads the variants.xml file, however, or what that line is actually intended to do (or if it's intended to do anything more than the `<environment` line already does). It's clearly not the issue here, though.
Presumably we want realmd to report that 'sssd-ipa' is required for joining a FreeIPA domain, and 'sssd-ad' is required for joining an AD domain? (In reply to Adam Williamson from comment #5) > Presumably we want realmd to report that 'sssd-ipa' is required for joining > a FreeIPA domain, and 'sssd-ad' is required for joining an AD domain? Hi, yes, I will try to prepare a fix. The `sssd` package is a meta-package which just installs all SSSD related packages. Due to the number of dependencies of all the different SSSD features it was removed from the group to encourage to use the more specific packages as you described. bye, Sumit Proposing as a Beta blocker per "It must be possible to join the system to a FreeIPA or Active Directory domain at install time and post-install, and the system must respect the identity, authentication and access control configuration provided by the domain" - https://fedoraproject.org/wiki/Basic_Release_Criteria . This causes kickstart installs as FreeIPA or AD client from the Server DVD to fail. FEDORA-2024-bc9a8bb87e has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-bc9a8bb87e FEDORA-2024-bc9a8bb87e has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report. Hi, I'm sorry I forgot about this issue. I pushed a patch which fixd the issue for me and created a new build, please let me if there are still issues here. bye, Sumit |