Bug 881874 - Please remove /etc/request-key.d/id_resolver.conf from the installer image
Please remove /etc/request-key.d/id_resolver.conf from the installer image
Product: Fedora
Classification: Fedora
Component: lorax (Show other bugs)
All Linux
unspecified Severity low
: ---
: ---
Assigned To: Brian Lane
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2012-11-29 12:49 EST by Orion Poplawski
Modified: 2013-02-04 13:46 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-02-04 13:46:44 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2012-11-29 12:49:09 EST
Description of problem:

The presence of /etc/request-key.d/id_resolver.conf in the installer image prevents one from running rpc.idmapd in the %post environment.  This is because requests for idmapping are sent to request-key running in the installer environment first.

Workaround is to remove it in %pre or in %post --nochroot.
Comment 1 Martin Gracik 2012-11-30 04:50:07 EST
And isn't the file required by something else? I'm not sure if removing it won't break anything else.

Your workaround is simple enough, and I'm reluctant to removing files, if I'm not sure how important they are.
Comment 2 Orion Poplawski 2012-11-30 15:57:08 EST
As I understand it, the sole purpose of the file is to configure name-id mapping for nfsv4.  For this to be of any practical value the nss configuration of the installer would need to match that of the target installed system.  Your options seem to be to make use of the installed system configuration (ie in the %post chroot) or to also configure the installer environment (e.g. running authconfig + sssd in that environment) and use that.  If the former, you need to remove the request-key configuration so that it doesn't intercept the kernel up calls.

The workaround is fairly simple, but it took me a long time to figure out what the issue was and why my previous configuration (running rpc.idmapd in %post) no longer worked.

Certainly worth some thought to get it right though.
Comment 3 Fedora Admin XMLRPC Client 2013-02-04 10:04:42 EST
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 4 Brian Lane 2013-02-04 13:46:44 EST
I'd rather not depend on behavior requiring removal of config files. We're trying to keep the environment as close to normal as possible and in general the file removal actions are there to save space.

Note You need to log in before you can comment on or make changes to this bug.