Fix ipa-client-automount to work with new nfs-utils

nfs-utils no longer create /etc/sysconfig/nfs, take that into account using upstream FreeIPA patch. See https://bugzilla.redhat.com/show_bug.cgi?id=1668836 for nfs-utils detalis.
2019-02-28 11:05:01 +02:00 · 2019-02-28 11:05:01 +02:00 · 8b08a231c9
commit 8b08a231c9
parent 9cf5a63a52
2 changed files with 195 additions and 1 deletions
--- a/fedora-30-nfs-utils-fixes.patch
+++ b/fedora-30-nfs-utils-fixes.patch
@ -0,0 +1,189 @@
+From 2ee160d189042a356c1ba9bb91214f2a495cc10d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fran=C3=A7ois=20Cami?= <fcami@redhat.com>
+Date: Tue, 26 Feb 2019 13:59:06 +0100
+Subject: [PATCH] ipa-client-automount: handle NFS configuration file changes
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+nfs-utils in Fedora 30 and later switched its configuration
+file from /etc/sysconfig/nfs to /etc/nfs.conf, providing a
+conversion service (nfs-convert.service) for upgrades.
+However, for new installs the original configuration file
+is missing. This change:
+* adds a tuple-based osinfo.version_number method to handle
+  more kinds of OS versioning schemes
+* detects RHEL and Fedora versions with the the new nfs-utils
+  behavior
+* avoids backing up the new NFS configuration file as we do
+  not have to modify it.
+
+See: https://bugzilla.redhat.com/show_bug.cgi?id=1676981
+
+Fixes: https://pagure.io/freeipa/issue/7868
+Signed-off-by: François Cami <fcami@redhat.com>
+Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
+Reviewed-By: Christian Heimes <cheimes@redhat.com>
+Reviewed-By: Rob Crittenden <rcritten@redhat.com>
+---
+ client/ipa-client-automount.in  | 18 ++++++++++--------
+ ipaplatform/fedora/constants.py |  9 ++++++++-
+ ipaplatform/fedora/paths.py     |  3 +++
+ ipaplatform/fedora/services.py  |  2 +-
+ ipaplatform/osinfo.py           |  9 +++++++++
+ ipaplatform/rhel/constants.py   |  7 +++++++
+ ipaplatform/rhel/paths.py       |  4 +++-
+ 7 files changed, 41 insertions(+), 11 deletions(-)
+
+diff --git a/client/ipa-client-automount.in b/client/ipa-client-automount.in
+index 15926bd02..f9eda9c7f 100755
+--- a/client/ipa-client-automount.in
+++ b/client/ipa-client-automount.in
+@@ -335,14 +335,16 @@ def configure_nfs(fstore, statestore):
+     """
+     Configure secure NFS
+     """
+-    replacevars = {
+-        constants.SECURE_NFS_VAR: 'yes',
+-    }
+-    ipautil.backup_config_and_replace_variables(fstore,
+-        paths.SYSCONFIG_NFS, replacevars=replacevars)
+-    tasks.restore_context(paths.SYSCONFIG_NFS)
+-
+-    print("Configured %s" % paths.SYSCONFIG_NFS)
+    # Newer Fedora releases ship /etc/nfs.conf instead of /etc/sysconfig/nfs
+    # and do not require changes there. On these, SECURE_NFS_VAR == None
+    if constants.SECURE_NFS_VAR:
+        replacevars = {
+            constants.SECURE_NFS_VAR: 'yes',
+        }
+        ipautil.backup_config_and_replace_variables(fstore,
+            paths.SYSCONFIG_NFS, replacevars=replacevars)
+        tasks.restore_context(paths.SYSCONFIG_NFS)
+        print("Configured %s" % paths.SYSCONFIG_NFS)
+ 
+     # Prepare the changes
+     # We need to use IPAChangeConf as simple regexp substitution
+diff --git a/ipaplatform/fedora/constants.py b/ipaplatform/fedora/constants.py
+index d48696e0f..744b30aa0 100644
+--- a/ipaplatform/fedora/constants.py
+++ b/ipaplatform/fedora/constants.py
+@@ -10,6 +10,12 @@ This Fedora base platform module exports platform related constants.
+ from __future__ import absolute_import
+ 
+ from ipaplatform.redhat.constants import RedHatConstantsNamespace
+from ipaplatform.osinfo import osinfo
+
+# Fedora 28 and earlier use /etc/sysconfig/nfs
+# Fedora 30 and later use /etc/nfs.conf
+# Fedora 29 has both
+HAS_NFS_CONF = osinfo.version_number >= (30,)
+ 
+ 
+ class FedoraConstantsNamespace(RedHatConstantsNamespace):
+@@ -22,6 +28,7 @@ class FedoraConstantsNamespace(RedHatConstantsNamespace):
+     # secure remote password, and DSA cert authentication.
+     # see https://fedoraproject.org/wiki/Changes/CryptoPolicy
+     TLS_HIGH_CIPHERS = "PROFILE=SYSTEM:!3DES:!PSK:!SRP:!aDSS"
+-
+    if HAS_NFS_CONF:
+        SECURE_NFS_VAR = None
+ 
+ constants = FedoraConstantsNamespace()
+diff --git a/ipaplatform/fedora/paths.py b/ipaplatform/fedora/paths.py
+index a9bdedfe8..4e993c063 100644
+--- a/ipaplatform/fedora/paths.py
+++ b/ipaplatform/fedora/paths.py
+@@ -26,6 +26,7 @@ in Fedora-based systems.
+ from __future__ import absolute_import
+ 
+ from ipaplatform.redhat.paths import RedHatPathNamespace
+from ipaplatform.fedora.constants import HAS_NFS_CONF
+ 
+ 
+ class FedoraPathNamespace(RedHatPathNamespace):
+@@ -33,6 +34,8 @@ class FedoraPathNamespace(RedHatPathNamespace):
+         "/etc/httpd/conf.modules.d/02-ipa-wsgi.conf"
+     )
+     NAMED_CRYPTO_POLICY_FILE = "/etc/crypto-policies/back-ends/bind.config"
+    if HAS_NFS_CONF:
+        SYSCONFIG_NFS = '/etc/nfs.conf'
+ 
+ 
+ paths = FedoraPathNamespace()
+diff --git a/ipaplatform/fedora/services.py b/ipaplatform/fedora/services.py
+index 5ff64f1cd..543cb1b7d 100644
+--- a/ipaplatform/fedora/services.py
+++ b/ipaplatform/fedora/services.py
+@@ -34,7 +34,7 @@ fedora_system_units = redhat_services.redhat_system_units.copy()
+ # Fedora 28 and earlier have fedora-domainname.service. Starting from
+ # Fedora 29, the service is called nis-domainname.service as defined in
+ # ipaplatform.redhat.services.
+-HAS_FEDORA_DOMAINNAME_SERVICE = int(osinfo.version_id) <= 28
+HAS_FEDORA_DOMAINNAME_SERVICE = osinfo.version_number <= (28,)
+ 
+ if HAS_FEDORA_DOMAINNAME_SERVICE:
+     fedora_system_units['domainname'] = 'fedora-domainname.service'
+diff --git a/ipaplatform/osinfo.py b/ipaplatform/osinfo.py
+index a38165d01..35b024e16 100644
+--- a/ipaplatform/osinfo.py
+++ b/ipaplatform/osinfo.py
+@@ -177,6 +177,15 @@ class OSInfo(Mapping):
+         """
+         return self._info.get('VERSION_ID')
+ 
+    @property
+    def version_number(self):
+        """Version number tuple based on version_id
+        """
+        version_id = self._info.get('VERSION_ID')
+        if not version_id:
+            return ()
+        return tuple(int(p) for p in version_id.split('.'))
+
+     @property
+     def platform_ids(self):
+         """Ordered tuple of detected platforms (including override)
+diff --git a/ipaplatform/rhel/constants.py b/ipaplatform/rhel/constants.py
+index 72335ac68..073e33281 100644
+--- a/ipaplatform/rhel/constants.py
+++ b/ipaplatform/rhel/constants.py
+@@ -10,10 +10,17 @@ This RHEL base platform module exports platform related constants.
+ from __future__ import absolute_import
+ 
+ from ipaplatform.redhat.constants import RedHatConstantsNamespace
+from ipaplatform.osinfo import osinfo
+
+# RHEL 7 and earlier use /etc/sysconfig/nfs
+# RHEL 8 uses /etc/nfs.conf
+HAS_NFS_CONF = osinfo.version_number >= (8,)
+ 
+ 
+ class RHELConstantsNamespace(RedHatConstantsNamespace):
+     IPA_ADTRUST_PACKAGE_NAME = "ipa-server-trust-ad"
+     IPA_DNS_PACKAGE_NAME = "ipa-server-dns"
+    if HAS_NFS_CONF:
+        SECURE_NFS_VAR = None
+ 
+ constants = RHELConstantsNamespace()
+diff --git a/ipaplatform/rhel/paths.py b/ipaplatform/rhel/paths.py
+index d8b64abde..c081ada32 100644
+--- a/ipaplatform/rhel/paths.py
+++ b/ipaplatform/rhel/paths.py
+@@ -26,10 +26,12 @@ in RHEL-based systems.
+ from __future__ import absolute_import
+ 
+ from ipaplatform.redhat.paths import RedHatPathNamespace
+from ipaplatform.rhel.constants import HAS_NFS_CONF
+ 
+ 
+ class RHELPathNamespace(RedHatPathNamespace):
+-    pass
+    if HAS_NFS_CONF:
+        SYSCONFIG_NFS = '/etc/nfs.conf'
+ 
+ 
+ paths = RHELPathNamespace()
+-- 
+2.20.1
+
--- a/freeipa.spec
+++ b/freeipa.spec
@ -142,7 +142,7 @@

 Name:           %{package_name}
 Version:        %{IPA_VERSION}
-Release:        5%{?dist}
+Release:        6%{?dist}
 Summary:        The Identity, Policy and Audit system

 License:        GPLv3+
@ -152,6 +152,7 @@ Source1:        https://releases.pagure.org/freeipa/freeipa-%{version}.tar.gz.as
 Patch0001:      freeipa-git-master-build-fixes.patch
 Patch0002:      fedora-30-fs.protected_regular.patch
 Patch0003:      fedora-30-samba4-remove-dep-on-talloc_strackframe-memory.patch
+Patch0004:      fedora-30-nfs-utils-fixes.patch

 # For the timestamp trick in patch application
 BuildRequires:  diffstat
@ -1737,6 +1738,10 @@ fi


 %changelog
+* Thu Feb 28 2019 Alexander Bokovoy <abokovoy@redhat.com> - 4.7.2-6
+- Support new nfs-utils behavior (#1668836)
+- ipa-client-automount now works without /etc/sysconfig/nfs
+
 * Tue Feb 19 2019 François Cami <fcami@redhat.com> - 4.7.2-5
 - Fix FTBS due to Samba having removed talloc_strackframe.h
  and memory.h (#1678670)