Discussion:
[Freeipa-devel] [freeipa PR#697][opened] Create system users for FreeIPA services during package installation
dkupka
2017-04-06 13:46:15 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: opened

PR body:
"""
Previously system users needed by FreeIPA server services was created during
ipa-server-install. This led to problem when DBus policy was configured during
package installation but the user specified in the policy didn't exist yet (and
potentionally similar ones). Now systemd-sysusers service is used to ensure
users freeipa-server package needs exist before any installation or
configuration begins.

https://pagure.io/freeipa/issue/6743
"""

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
tjaalton
2017-04-06 15:42:14 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

tjaalton commented:
"""
if I understood the sysusers.d file format correctly, ipa.sysusers.debian.conf would need this line added:

m www-data ipaapi

as you can see from ipaplatform/debian/constants.py. Actually, why not make just one template file ipa.sysusers.conf.in and utilize ipaplatform to substitute values like for most of the conffiles
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292215096
HonzaCholasta
2017-04-07 07:28:22 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

HonzaCholasta commented:
"""
Note that systemd-sysusers is not available in RHEL and CentOS. It might be better to use the sssd approach: https://github.com/SSSD/sssd/blob/master/contrib/sssd.spec.in#L1228.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292462863
tiran
2017-04-07 07:36:37 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

tiran commented:
"""
Originally I used a similar approach for the kdcproxy user based on the snippet https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation . You changed it in ticket https://pagure.io/freeipa/issue/5314 because the approach violates packaging guidelines.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292464389
HonzaCholasta
2017-04-07 07:50:23 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

HonzaCholasta commented:
"""
Ah, right, rpmdiff complained about that. Well, that was 2 years ago, and if it works for sssd it must also work for us, so I guess we should ignore rpmdiff.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292467153
adelton
2017-04-07 09:09:46 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

adelton commented:
"""
Post by dkupka
Previously system users needed by FreeIPA server services was created during
ipa-server-install.
Actually, for any such case I found I filed bugzilla or ticket to get them created during rpm installation.
Post by dkupka
This led to problem when DBus policy was configured during
package installation but the user specified in the policy didn't exist yet (and
potentionally similar ones). Now systemd-sysusers service is used to ensure
users freeipa-server package needs exist before any installation or
configuration begins.
Please do not use systemd-sysusers, create the group/user entries during rpm installation.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292483893
adelton
2017-04-07 09:28:54 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

adelton commented:
"""
I don't think we should do that and rather fail early if the user is missing.
+1
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292488251
martbab
2017-04-07 09:29:57 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

martbab commented:
"""
Right, we do not have systemd available during Docker image build so some fallback mechanism directly in spec would be great. Otherwise we would have to workaround this in containers and I am not a big fan of that.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-292488467
dkupka
2017-04-10 11:10:23 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
dkupka
2017-04-10 13:41:15 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
dkupka
2017-04-11 09:58:26 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
dkupka
2017-04-11 10:32:19 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
stlaz
2017-04-11 11:16:00 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

stlaz commented:
"""
Travis reports wrong usage of the `useradd` command.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-293226318
dkupka
2017-04-11 11:35:29 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
dkupka
2017-04-11 15:03:25 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697
stlaz
2017-04-11 15:34:14 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

stlaz commented:
"""
While I don't like to omit @adelton comments, this is a test blocker for us. I propose going with @dkupka's comment on adding the GID/UID later when we get it or if someone could make a PR making this a bit better, that would be nice too.
In the meantime, I have to ACK this.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-293302227
stlaz
2017-04-11 15:34:21 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

Label: +ack
pvomacka
2017-04-11 15:55:13 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

pvomacka commented:
"""
ipa-4-5:

* e8a429d9e170955919f2e53e66b580be95e908d9 Create system users for FreeIPA services during package installation
master:

* a726e98f034347227765d7303a033a0538f5d8a1 Create system users for FreeIPA services during package installation

"""

See the full comment at https://github.com/freeipa/freeipa/pull/697#issuecomment-293308834
pvomacka
2017-04-11 15:55:34 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

Label: +pushed
pvomacka
2017-04-11 15:55:43 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

Label: -ack
pvomacka
2017-04-11 15:55:48 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Title: #697: Create system users for FreeIPA services during package installation

Label: +ack
pvomacka
2017-04-11 15:55:51 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/697
Author: dkupka
Title: #697: Create system users for FreeIPA services during package installation
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/697/head:pr697
git checkout pr697

Loading...