Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add better CentOS 8 support #103

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

add better CentOS 8 support #103

wants to merge 1 commit into from

Conversation

dacron
Copy link

@dacron dacron commented Jan 28, 2020

No description provided.

@ghoneycutt
Copy link
Collaborator

Hi @dacron Thank you for your contribution! Could you please remove rhel-8 from travis so we are not duplicating tests. Also could you mention how this is helping add better support.

@dacron
Copy link
Author

dacron commented Jan 29, 2020

Hi @ghoneycutt certainly. The big thing that adds "better" CentOS support is that the proposed changes in manifests/init.pp ensure that if you are running CentOS major release 8 or greater you enter the block for authselect as opposed to authconfig.

This is as the conditional block on line 194 previously only used facts['os']['name'] == 'RedHat' and versioncmp(majorrelase, 8) >= 8. By changing the first half of the condition we can force CentOS to go down this route.

@ghoneycutt
Copy link
Collaborator

This would duplicate the data already in https://github.com/sgnl05/sgnl05-sssd/blob/master/data/os/RedHat/8.yaml

Since the data for RedHat and CentOS should be the same, suggest switching to os.family.

@dacron
Copy link
Author

dacron commented Jan 31, 2020

@ghoneycutt I've removes data/CentOS/8.yaml. Turns out that the required data is already there, but the structure in data is slightly confusing in that data/os/os_majrel is actually data/osfamily/os_majrel:

hierarchy:
  - name: "osfamily/major_release/architecture"
    path: "os/%{facts.os.family}/%{facts.os.release.major}/%{facts.os.architecture}.yaml"

  - name: "osfamily/major_release"
    path: "os/%{facts.os.family}/%{facts.os.release.major}.yaml"

  - name: "osfamily"
    path: "osfamily/%{facts.os.family}.yaml"

@realvinx
Copy link

What do I need to do to support CentOS8 ?

@ghoneycutt
Copy link
Collaborator

Running the acceptance test I get this

An error occurred while loading ./spec/acceptance/00_sssd_spec.rb.
Failure/Error: require 'beaker-rspec'
Beaker::Host::CommandFailure:
  Host 'centos8' exited with 127 running:
   /sbin/service sshd restart
  Last 10 lines of output were:
  	bash: /sbin/service: No such file or directory

Did service move to /usr/bin or does a package need to be installed?

@dacron
Copy link
Author

dacron commented Feb 11, 2020

Looks like it has been moved to /usr/sbin. I don't have a great enough understanding of rspec tests to fix this unfortunately :( rpm-qilp $PACKAGE below.

[adacre@alex-workstation 08:43:27] spec > rpm -qilp initscripts-10.00.4-1.el8.x86_64.rpm
warning: initscripts-10.00.4-1.el8.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 8483c65d: NOKEY
Name        : initscripts
Version     : 10.00.4
Release     : 1.el8
Architecture: x86_64
Install Date: (not installed)
Group       : Unspecified
Size        : 1096618
License     : GPLv2
Signature   : RSA/SHA256, Wed 04 Dec 2019 23:58:04 UTC, Key ID 05b555b38483c65d
Source RPM  : initscripts-10.00.4-1.el8.src.rpm
Build Date  : Fri 08 Nov 2019 18:36:09 UTC
Build Host  : x86-02.mbox.centos.org
Relocations : (not relocatable)
Packager    : CentOS Buildsys <[email protected]>
Vendor      : CentOS
URL         : https://github.com/fedora-sysv/initscripts
Summary     : Basic support for legacy System V init scripts
Description :
This package provides basic support for legacy System V init scripts, and some
other legacy tools & utilities.
/etc/rc.d
/etc/rc.d/init.d
/etc/rc.d/init.d/functions
/etc/rc.d/rc.local
/etc/rc.d/rc0.d
/etc/rc.d/rc1.d
/etc/rc.d/rc2.d
/etc/rc.d/rc3.d
/etc/rc.d/rc4.d
/etc/rc.d/rc5.d
/etc/rc.d/rc6.d
/etc/rc0.d
/etc/rc1.d
/etc/rc2.d
/etc/rc3.d
/etc/rc4.d
/etc/rc5.d
/etc/rc6.d
/etc/sysconfig/console
/etc/sysconfig/modules
/usr/bin/usleep
/usr/lib/.build-id
/usr/lib/.build-id/1e
/usr/lib/.build-id/1e/147107b64e1ca44b3438babe744427674b99c3
/usr/lib/.build-id/3b
/usr/lib/.build-id/3b/b105d824b5147293de44a853b49aed248a98b3
/usr/lib/.build-id/a6
/usr/lib/.build-id/a6/41b5bc24577c3db6b190eeb9dbbe28eb5e53f1
/usr/lib/.build-id/ff
/usr/lib/.build-id/ff/abdcac3325d6b9a6fa7f19f1f69b09f7e7af29
/usr/lib/systemd/system/import-state.service
/usr/lib/systemd/system/loadmodules.service
/usr/lib/udev/rename_device
/usr/lib/udev/rules.d/60-net.rules
/usr/libexec/import-state
/usr/libexec/initscripts
/usr/libexec/initscripts/legacy-actions
/usr/libexec/loadmodules
/usr/sbin/consoletype
/usr/sbin/genhostid
/usr/sbin/service
/usr/share/doc/initscripts
/usr/share/doc/initscripts/sysconfig.txt
/usr/share/licenses/initscripts
/usr/share/licenses/initscripts/COPYING
/usr/share/locale/ar/LC_MESSAGES/initscripts.mo
/usr/share/locale/as/LC_MESSAGES/initscripts.mo
/usr/share/locale/ast/LC_MESSAGES/initscripts.mo
/usr/share/locale/bal/LC_MESSAGES/initscripts.mo
/usr/share/locale/bg/LC_MESSAGES/initscripts.mo
/usr/share/locale/bn/LC_MESSAGES/initscripts.mo
/usr/share/locale/bn_IN/LC_MESSAGES/initscripts.mo
/usr/share/locale/bo/LC_MESSAGES/initscripts.mo
/usr/share/locale/br/LC_MESSAGES/initscripts.mo
/usr/share/locale/bs/LC_MESSAGES/initscripts.mo
/usr/share/locale/ca/LC_MESSAGES/initscripts.mo
/usr/share/locale/cs/LC_MESSAGES/initscripts.mo
/usr/share/locale/cy/LC_MESSAGES/initscripts.mo
/usr/share/locale/da/LC_MESSAGES/initscripts.mo
/usr/share/locale/de/LC_MESSAGES/initscripts.mo
/usr/share/locale/el/LC_MESSAGES/initscripts.mo
/usr/share/locale/en_GB/LC_MESSAGES/initscripts.mo
/usr/share/locale/es/LC_MESSAGES/initscripts.mo
/usr/share/locale/et/LC_MESSAGES/initscripts.mo
/usr/share/locale/eu/LC_MESSAGES/initscripts.mo
/usr/share/locale/fa/LC_MESSAGES/initscripts.mo
/usr/share/locale/fi/LC_MESSAGES/initscripts.mo
/usr/share/locale/fr/LC_MESSAGES/initscripts.mo
/usr/share/locale/ga/LC_MESSAGES/initscripts.mo
/usr/share/locale/gl/LC_MESSAGES/initscripts.mo
/usr/share/locale/gu/LC_MESSAGES/initscripts.mo
/usr/share/locale/he/LC_MESSAGES/initscripts.mo
/usr/share/locale/hi/LC_MESSAGES/initscripts.mo
/usr/share/locale/hr/LC_MESSAGES/initscripts.mo
/usr/share/locale/hu/LC_MESSAGES/initscripts.mo
/usr/share/locale/hy/LC_MESSAGES/initscripts.mo
/usr/share/locale/ia/LC_MESSAGES/initscripts.mo
/usr/share/locale/id/LC_MESSAGES/initscripts.mo
/usr/share/locale/is/LC_MESSAGES/initscripts.mo
/usr/share/locale/it/LC_MESSAGES/initscripts.mo
/usr/share/locale/ja/LC_MESSAGES/initscripts.mo
/usr/share/locale/ka/LC_MESSAGES/initscripts.mo
/usr/share/locale/kk/LC_MESSAGES/initscripts.mo
/usr/share/locale/kn/LC_MESSAGES/initscripts.mo
/usr/share/locale/ko/LC_MESSAGES/initscripts.mo
/usr/share/locale/ks/LC_MESSAGES/initscripts.mo
/usr/share/locale/ku/LC_MESSAGES/initscripts.mo
/usr/share/locale/lo/LC_MESSAGES/initscripts.mo
/usr/share/locale/lt/LC_MESSAGES/initscripts.mo
/usr/share/locale/lv/LC_MESSAGES/initscripts.mo
/usr/share/locale/mai/LC_MESSAGES/initscripts.mo
/usr/share/locale/mk/LC_MESSAGES/initscripts.mo
/usr/share/locale/ml/LC_MESSAGES/initscripts.mo
/usr/share/locale/mr/LC_MESSAGES/initscripts.mo
/usr/share/locale/ms/LC_MESSAGES/initscripts.mo
/usr/share/locale/my/LC_MESSAGES/initscripts.mo
/usr/share/locale/nb/LC_MESSAGES/initscripts.mo
/usr/share/locale/nds/LC_MESSAGES/initscripts.mo
/usr/share/locale/nl/LC_MESSAGES/initscripts.mo
/usr/share/locale/nn/LC_MESSAGES/initscripts.mo
/usr/share/locale/or/LC_MESSAGES/initscripts.mo
/usr/share/locale/pa/LC_MESSAGES/initscripts.mo
/usr/share/locale/pl/LC_MESSAGES/initscripts.mo
/usr/share/locale/pt/LC_MESSAGES/initscripts.mo
/usr/share/locale/pt_BR/LC_MESSAGES/initscripts.mo
/usr/share/locale/ro/LC_MESSAGES/initscripts.mo
/usr/share/locale/ru/LC_MESSAGES/initscripts.mo
/usr/share/locale/si/LC_MESSAGES/initscripts.mo
/usr/share/locale/sk/LC_MESSAGES/initscripts.mo
/usr/share/locale/sl/LC_MESSAGES/initscripts.mo
/usr/share/locale/sq/LC_MESSAGES/initscripts.mo
/usr/share/locale/sr/LC_MESSAGES/initscripts.mo
/usr/share/locale/sr@latin/LC_MESSAGES/initscripts.mo
/usr/share/locale/sv/LC_MESSAGES/initscripts.mo
/usr/share/locale/ta/LC_MESSAGES/initscripts.mo
/usr/share/locale/te/LC_MESSAGES/initscripts.mo
/usr/share/locale/tg/LC_MESSAGES/initscripts.mo
/usr/share/locale/tr/LC_MESSAGES/initscripts.mo
/usr/share/locale/uk/LC_MESSAGES/initscripts.mo
/usr/share/locale/ur/LC_MESSAGES/initscripts.mo
/usr/share/locale/vi/LC_MESSAGES/initscripts.mo
/usr/share/locale/wa/LC_MESSAGES/initscripts.mo
/usr/share/locale/zh_CN/LC_MESSAGES/initscripts.mo
/usr/share/locale/zh_HK/LC_MESSAGES/initscripts.mo
/usr/share/locale/zh_TW/LC_MESSAGES/initscripts.mo
/usr/share/man/man1/consoletype.1.gz
/usr/share/man/man1/genhostid.1.gz
/usr/share/man/man1/usleep.1.gz
/usr/share/man/man8/service.8.gz

@realvinx
Copy link

realvinx commented Feb 11, 2020
edited
Loading

# which service
/usr/sbin/service

I don't know anything about these tests too, but I'm wondering why service is used here to start sshd and not systemctl.

@dacron
Copy link
Author

dacron commented Feb 11, 2020

added service_provider key to EL8 facts hash.

@realvinx
Copy link

here's what I get during puppet run on CentOS8 ... authconfig vs. authselect ?

Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns: usage: authconfig [-h] [--enablenis] [--disablenis] [--nisdomain <domain>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--nisserver <server>] [--enableldap] [--disableldap]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enableldapauth] [--disableldapauth]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--ldapserver <server>] [--ldapbasedn <dn>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enableldaptls] [--disableldaptls] [--enableldapstarttls]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disableldapstarttls] [--enablerfc2307bis]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablerfc2307bis] [--enablesmartcard]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablesmartcard] [--smartcardaction <0=Lock|1=Ignore>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablerequiresmartcard] [--disablerequiresmartcard]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablefingerprint] [--disablefingerprint] [--enablekrb5]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablekrb5] [--krb5kdc <server>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--krb5adminserver <server>] [--krb5realm <realm>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablekrb5kdcdns] [--disablekrb5kdcdns]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablekrb5realmdns] [--disablekrb5realmdns]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablewinbind] [--disablewinbind] [--enablewinbindauth]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablewinbindauth] [--winbindjoin <Administrator>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablewinbindkrb5] [--disablewinbindkrb5]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--smbworkgroup <workgroup>] [--enablesssd] [--disablesssd]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablesssdauth] [--disablesssdauth] [--enablecachecreds]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablecachecreds] [--enablepamaccess]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablepamaccess] [--enablemkhomedir]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablemkhomedir] [--enablefaillock] [--disablefaillock]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--passminlen <number>] [--passminclass <number>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--passmaxrepeat <number>] [--passmaxclassrepeat <number>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablereqlower] [--disablereqlower] [--enablerequpper]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablerequpper] [--enablereqdigit] [--disablereqdigit]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablereqother] [--disablereqother] [--nostart]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--updateall] [--update] [--kickstart] [--test] [--probe]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--savebackup <name>] [--restorebackup <name>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--restorelastbackup] [--enablecache] [--disablecache]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enableecryptfs] [--disableecryptfs] [--enableshadow]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disableshadow] [--useshadow] [--enablemd5] [--disablemd5]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--usemd5]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--passalgo <descrypt|bigcrypt|md5|sha256|sha512>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--ldaploadcacert <URL>] [--smartcardmodule <module>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--smbsecurity <user|server|domain|ads>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--smbrealm <realm>] [--smbservers <servers>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--smbidmaprange <lowest-highest>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--smbidmapuid <lowest-highest>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--smbidmapgid <lowest-highest>] [--winbindseparator <\>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--winbindtemplatehomedir </home/%D/%U>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--winbindtemplateshell </bin/false>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--enablewinbindusedefaultdomain]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablewinbindusedefaultdomain] [--enablewinbindoffline]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablewinbindoffline] [--enablepreferdns]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablepreferdns] [--enableforcelegacy]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disableforcelegacy] [--enablelocauthorize]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablelocauthorize] [--enablesysnetauth]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns:                   [--disablesysnetauth] [--faillockargs <options>]
Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns: authconfig: error: unrecognized arguments: with-mkhomedir
Error: '/usr/sbin/authconfig with-mkhomedir --update' returned 2 instead of one of [0]
Error: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns: change from 'notrun' to ['0'] failed: '/usr/sbin/authconfig with-mkhomedir --update' returned 2 instead of one of [0] (corrective)
Error: Systemd start for sssd failed!

CentOS7 works.

@ghoneycutt
Copy link
Collaborator

Waiting on voxpupuli/beaker#1623 to provide EL8 support.

In the meantime, if you update the Gemfile so the beaker gem looks as below, it should work.

  gem 'beaker', :github => 'florianfa/beaker', :branch => 'el8', :require => false

@realvinx
Copy link

realvinx commented Feb 14, 2020
edited
Loading

I don't know anything about beaker and puppet acceptance testing, but I think the sssd-module does not switch to authselect with CentOS8.

I added some if-clauses quick and dirty to /etc/puppetlabs/code/modules/sssd/manifests/init.pp

  • ( $::facts['os']['name'] == 'CentOS' and versioncmp($::facts['os']['release']['major'], '8') >= 0) at the top of this case $::osfamily and a bit below to use a different path to authselect
case $::osfamily {
    'RedHat': {
      #if ($::facts['os']['name'] == 'Fedora' and versioncmp($::facts['os']['release']['major'], '28') >= 0) or
      #( $::facts['os']['name'] == 'Redhat' and versioncmp($::facts['os']['release']['major'], '8') >= 0) {
      if ($::facts['os']['name'] == 'Fedora' and versioncmp($::facts['os']['release']['major'], '28') >= 0) or
      ( $::facts['os']['name'] == 'Redhat' and versioncmp($::facts['os']['release']['major'], '8') >= 0) or
      ( $::facts['os']['name'] == 'CentOS' and versioncmp($::facts['os']['release']['major'], '8') >= 0) {
        if $ensure == 'present' {
          $authselect_options = join(
            concat(
              [$authselect_profile],
              $mkhomedir ? {
                true  => $enable_mkhomedir_flags,
                false => $disable_mkhomedir_flags,
              }
            ),
            ' ',
          )
        } else {
          $authselect_options = join(concat([$authselect_profile],$ensure_absent_flags), ' ')
        }

        #authselect is in /usr/bin/authselect on CentOS8 not /bin/authselect
        if ($::facts['os']['name'] == 'CentOS' and versioncmp($::facts['os']['release']['major'], '8') >=0) {
          $authselect_exec = '/usr/bin/authselect'
        } else {
          $authselect_exec = '/bin/authselect'
        }

With that puppet-run executes without errors and uses authselect... BUT my LDAP-sssd-auth is still unsuccessful !
sshd[6962]: pam_sss(sshd:auth): received for user myusername: 9 (Authentication service cannot retrieve authentication info)

I'm not sure if that's a problem in the sssd-module or if anything else on my host breaks it.
Still looking into that, maybe someone else can test this.

@jehane
Copy link

jehane commented Apr 22, 2020

Beaker has been updated to add CentOS 8 support. Are your planning to update the module soon ?

@zeekus
Copy link

zeekus commented Jun 5, 2020

I see the same issue.

Seems the module fails at the last execution line with Centos8.

Notice: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns: authconfig: error: unrecognized arguments: with-mkhomedir
Error: '/usr/sbin/authconfig with-mkhomedir --update' returned 2 instead of one of [0]
Error: /Stage[main]/Sssd/Exec[authconfig-mkhomedir]/returns: change from 'notrun' to ['0'] failed: '/usr/sbin/authconfig with-mkhomedir --update' returned 2 instead of one of [0] (corrective)

It seems for Centos8 the command should be just 'authconfig --update'

[root@lpe2d ~]# /usr/sbin/authconfig --update
Running authconfig compatibility tool.
The purpose of this tool is to enable authentication against chosen services with authselect and minimum configuration. It does not provide all capabilities of authconfig.

IMPORTANT: authconfig is replaced by authselect, please update your scripts.
See man authselect-migration(7) to help you with migration to authselect

Executing: /usr/bin/authselect check
Executing: /usr/bin/authselect select sssd with-mkhomedir --force
Executing: /usr/bin/systemctl enable sssd.service
Executing: /usr/bin/systemctl stop sssd.service
Executing: /usr/bin/systemctl start sssd.service
Executing: /usr/bin/systemctl enable oddjobd.service
Executing: /usr/bin/systemctl stop oddjobd.service
Executing: /usr/bin/systemctl start oddjobd.service

@zeekus
Copy link

zeekus commented Jul 29, 2020
edited
Loading

I was able to get this module to work with centos8.

The problem seems to be some Yaml files for Centos are missing.

create mode 100644 data/os/Centos/8.yaml

#YAML file data/os/Centos/8.yaml

---
sssd::extra_packages:
  - 'authselect'
  - 'oddjob-mkhomedir'

sssd::manage_oddjobd: true

sssd::enable_mkhomedir_flags:
  - 'enablemkhomedir'

sssd::disable_mkhomedir_flags: []

@a-yip2
Copy link

a-yip2 commented Aug 14, 2021

Using the latest version mod 'sgnl05-sssd', '3.1.0' and still having the exact same issue.

I think the problem is a lapse of focus in following the logic - the module is still using authconfig as a wrapper in Centos 8, but the os file used the new syntax. The issue is caused by a mix of wrong syntax.

The 8.yaml file in /modules/sssd/data/os/RedHat

sssd::extra_packages:

  • 'authselect'
  • 'oddjob-mkhomedir'

sssd::manage_oddjobd: true

**sssd::enable_mkhomedir_flags:

  • 'with-mkhomedir'**

sssd::disable_mkhomedir_flags: []

To fix the issue, I only have to change the enable_mkhomedir_flags to the correct one for authconfig:

sssd::extra_packages:

  • 'authselect'
  • 'oddjob-mkhomedir'

sssd::manage_oddjobd: true

**sssd::enable_mkhomedir_flags:

  • '--enablemkhomedir'**

sssd::disable_mkhomedir_flags: []

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dacron @ghoneycutt @realvinx @jehane @zeekus @a-yip2