Closed frasertweedale closed 2 years ago
@tiran thanks for the review. PR updated.
@frasertweedale,
@avisiedo and I spent the better half of the afternoon debugging a problem with the script. IPA server installation is failing with systemd-tmpfiles
replacement. Something related to Apache, Kerberos, GSS-Proxy, or IPA API is misbehaving.
During our investigation I realized two problems:
chattr
is not available, which resulted in silent errors.IMO it's going to be much more work to re-implement systemd-tmpfiles
than we initially anticipated. I have a proposal for a different implementation:
mv /usr/bin/systemd-tmpfiles /usr/bin/systemd-tmpfiles.orig
/usr/bin/systemd-tmpfiles
The failure was found to be due to 'd' (and other directory-related commands) only performing chmod/chown when it creates the directory. If the directory already existed, chmod/chown was not performed. This diverges from systemd-tmpfiles behaviour and was the cause of the failure (specifically related to directives in /usr/lib/tmpfiles.d/tmp.conf
). The behaviour has been corrected and @avisiedo successfully launched the container in a non-user-ns environment.
Note: please rebase-merge, not squash-merge.