search

freeipa / freeipa-container

FreeIPA server in containers — images at https://quay.io/repository/freeipa/freeipa-server?tab=tags
https://quay.io/repository/freeipa/freeipa-server?tab=tags
Apache License 2.0
615 stars 259 forks source link

Upgrade leads to duplicate section in gssproxy configuration #239

Closed antoinecarton closed 5 years ago

antoinecarton commented 6 years ago

Hello,

We've been facing the following issue while upgrading our Freeipa container from version 4.4.0 up to version 4.5.4:

gssproxy[1375]: Error when reading config directory: Duplicate section detected in snippet: /etc/gssproxy/24-nfs-server.conf.
gssproxy[1375]: Error when reading config directory: Duplicate section detected in snippet: /etc/gssproxy/99-nfs-client.conf.
systemd[1]: gssproxy.service: control process exited, code=exited status=1
systemd[1]: Failed to start GSSAPI Proxy Daemon.
systemd[1]: Unit gssproxy.service entered failed state.
systemd[1]: gssproxy.service failed.

The conflict comes from the [service/nfs-server] that is located at both location 24-nfs-server.conf and gssproxy.conf (same for [service/nfs-client] in 99-nfs-client.conf and gssproxy.conf).

Trying to drop the entries from gssproxy.conf, this leads to:

gssproxy.service failed.
Starting GSSAPI Proxy Daemon...
socket, selinux_context, and euid for ipa-httpd and HTTP should not match!
nfs-client sets allow_any_uid with the same socket and selinux_context as ipa-httpd!
nfs-client sets allow_any_uid with the same socket and selinux_context as ipa-api!
Error reading configuration 1: Operation not permitted
gssproxy.service: control process exited, code=exited status=1
Failed to start GSSAPI Proxy Daemon.
Unit gssproxy.service entered failed state.
gssproxy.service failed.

Any information that could help solving these issues?

Thank you!

adelton commented 5 years ago

I believe that in f0b68890ea0a316f680da66bdcbe099bb5a963f0 I fixed the config file upgrade issue that manifested itself in the gssproxy.service.