On 23.9.2015 02:22, Simo Sorce wrote:
On Tue, 2015-09-22 at 20:09 -0400, Simo Sorce wrote:
On Tue, 2015-09-22 at 16:35 +0200, Jan Cholasta wrote:
On 22.9.2015 15:11, Martin Babinsky wrote:
On 09/22/2015 01:33 PM, Jan Cholasta wrote:
Hi,
the attached patch fixes <https://fedorahosted.org/freeipa/ticket/5314>.
Honza
ACK
Thanks.
Pushed to:
master: 0de860318332114ca739a8dd45902f7cc9a3c722
ipa-4-2: 4663625bbb3456db7f13578e6cac0c3e5fae2591
This patch is somehow broken.
I see that %{kdcproxy_home} has been removed from the spec file but not
from everywhere, and it is simply undefined.
On upgrade of my server I have no kdcproxy user and http fails to
operate complaining that /var/lib/kdcproxy does not exist.
Correction, the HTTP server works, but it spits lots of errors in
error_log about /var/lib/kdcproxy not existing.
Is the KDCProxy supposed to be installked/enabled on upgrade ?
If not, why not ?
Even if it is not enabled, shouldn't the user be created just in case ?
Fixed, patch attached.
--
Jan Cholasta
From 45bc745849aade6e9f0495479e9df5d32d43274b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Wed, 23 Sep 2015 10:35:06 +0200
Subject: [PATCH] install: fix kdcproxy user home directory
https://fedorahosted.org/freeipa/ticket/5314
---
freeipa.spec.in | 3 ++-
ipaplatform/base/paths.py | 1 +
ipaserver/install/httpinstance.py | 3 ++-
3 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index 7a199a5..782eefc 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -482,7 +482,7 @@ install daemons/dnssec/ipa-ods-exporter %{buildroot}%{_libexecdir}/ipa/ipa-ods-e
mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
# KDC proxy config (Apache config sets KDCPROXY_CONFIG to load this file)
-mkdir -p %{buildroot}%{kdcproxy_home}
+mkdir -p %{buildroot}%{_sharedstatedir}/kdcproxy
mkdir -p %{buildroot}%{_sysconfdir}/ipa/kdcproxy/
install -m 644 install/share/kdcproxy.conf %{buildroot}%{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
@@ -714,6 +714,7 @@ fi
%{_libexecdir}/ipa/ipa-dnskeysync-replica
%{_libexecdir}/ipa/ipa-ods-exporter
%{_libexecdir}/ipa/ipa-httpd-kdcproxy
+%dir %{_sharedstatedir}/kdcproxy
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/kdcproxy
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py
index 97c330c..215caf9 100644
--- a/ipaplatform/base/paths.py
+++ b/ipaplatform/base/paths.py
@@ -286,6 +286,7 @@ class BasePathNamespace(object):
REPLICA_INFO_GPG_TEMPLATE = "/var/lib/ipa/replica-info-%s.gpg"
SYSRESTORE = "/var/lib/ipa/sysrestore"
STATEFILE_DIR = "/var/lib/ipa/sysupgrade"
+ VAR_LIB_KDCPROXY = "/var/lib/kdcproxy"
VAR_LIB_PKI_DIR = "/var/lib/pki"
VAR_LIB_PKI_CA_DIR = "/var/lib/pki-ca"
PKI_ALIAS_CA_P12 = "/var/lib/pki-ca/alias/ca.p12"
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 7358511..ab84780 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -85,8 +85,9 @@ def create_kdcproxy_user():
tasks.create_system_user(
name=KDCPROXY_USER,
group=KDCPROXY_USER,
- homedir=paths.VAR_LIB,
+ homedir=paths.VAR_LIB_KDCPROXY,
shell=paths.NOLOGIN,
+ comment="IPA KDC Proxy User",
)
--
2.4.3
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
