search

ManageIQ / manageiq-rpm_build

Code to build RPMs for ManageIQ appliances and container images
Apache License 2.0
10 stars 26 forks source link

external authentication modules are being included in podified even if not used #281

Open Fryguy opened 2 years ago

Fryguy commented 2 years ago

We should reorganize the external authentication modules (in particular samba), to not need to be present in the podified images, since they aren't need in those images. They might be needed in the httpd-init container image, but most probably don't need to live in the httpd container image either.

See https://github.com/ManageIQ/manageiq-rpm_build/blob/a37578cf7f978ec10be39e5f7d38120461daf0ec/rpm_spec/subpackages/manageiq-appliance#L20-L46

Fryguy commented 2 years ago

I'm not even sure why samba is getting installed in podified, since the appliance rpm isn't installed:

[root@4c4ce1d03987 /]# rpm -qa | grep infra
infrastructure-management-pods-14.0.0-20220611023251.el8.x86_64
infrastructure-management-ui-14.0.0-20220611023251.el8.x86_64
infrastructure-management-core-14.0.0-20220611023251.el8.x86_64
infrastructure-management-system-14.0.0-20220611023251.el8.x86_64
infrastructure-management-gemset-14.0.0-20220611023251.el8.x86_64
Fryguy commented 2 years ago

Similarly, ruby-dbus gem can probably be eliminated in podified (which also causes some licensing issues since it is LGPL) See:

https://github.com/ManageIQ/manageiq/blob/dc3e771652e88e83e5687e554230bceda612ef6a/Gemfile#L258

I wonder if it can be moved to the systemd section?

Fryguy commented 2 years ago

@kbrock if you're interested.

kbrock commented 2 years ago

self assigned, but just so it doesn't slip through the cracks for me. If someone else is interested and has ideas, please chime in

Fryguy commented 2 years ago

Seems cifs-utils in the gemset rpm is pulling samba-client-libs

Searching we find:

./manageiq-release/repos/ManageIQ/manageiq-gems-pending/lib/gems/pending/util/mount/miq_smb_session.rb:    mount_args      = {:t => "cifs"}
./manageiq-release/repos/ManageIQ/manageiq-gems-pending/lib/gems/pending/util/mount/miq_smb_session.rb:    # mount -t cifs //192.168.252.140/temp /media/windows_share/ -o rw,username=jrafaniello,password=blah,domain=manageiq.com

Which implies samba is needs for the FileDepot stuff to connect to samba shares. If we can get rid of FileDeopt, then this can go away.

cc @bdunne

miq-bot commented 1 year ago

This issue has been automatically marked as stale because it has not been updated for at least 3 months.

If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.

Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.

kbrock commented 1 year ago

We may be able to remove just the samba portion of file depot? The functionality seemed like it was all about database backups. Do we use this for something else?

Fryguy commented 1 year ago

that's an interesting idea if we can't completely remove FileDepot - @bdunne @jrafanie Thoughts?

jrafanie commented 1 year ago

We may be able to remove just the samba portion of file depot? The functionality seemed like it was all about database backups. Do we use this for something else?

Database backups and log collection. I think they're both gone from the UI as they're done in the appliance console and through the collect_logs tool.