Disable systemd-resolved before deploying FreeIPA server/replica

Having systemd-resolved in use seems to cause problems for
FreeIPA servers:
https://bugzilla.redhat.com/show_bug.cgi?id=1880628
until the scripts are enhanced to do this or something, let's
disable it before server/replica deployment.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
This commit is contained in:
Adam Williamson 2020-09-18 13:49:11 -07:00
parent aab6935707
commit fdf142dbd5
2 changed files with 17 additions and 0 deletions

View File

@ -41,6 +41,15 @@ sub run {
# do the enrolment # do the enrolment
if (get_var("FREEIPA_REPLICA")) { if (get_var("FREEIPA_REPLICA")) {
# here we're enrolling not just as a client, but as a replica # here we're enrolling not just as a client, but as a replica
# disable systemd-resolved, it kinda conflicts with FreeIPA's
# bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628
unless (script_run "systemctl is-active systemd-resolved.service") {
script_run "systemctl stop systemd-resolved.service";
script_run "systemctl disable systemd-resolved.service";
script_run "rm -f /etc/resolv.conf";
script_run "systemctl restart NetworkManager";
}
# install server packages # install server packages
assert_script_run "dnf -y groupinstall freeipa-server", 600; assert_script_run "dnf -y groupinstall freeipa-server", 600;

View File

@ -19,6 +19,14 @@ sub run {
# aren't in Modular Server composes) # aren't in Modular Server composes)
my $extraparams = ''; my $extraparams = '';
$extraparams = '--enablerepo=fedora' if (get_var("MODULAR")); $extraparams = '--enablerepo=fedora' if (get_var("MODULAR"));
# disable systemd-resolved, it kinda conflicts with FreeIPA's
# bind: https://bugzilla.redhat.com/show_bug.cgi?id=1880628
unless (script_run "systemctl is-active systemd-resolved.service") {
script_run "systemctl stop systemd-resolved.service";
script_run "systemctl disable systemd-resolved.service";
script_run "rm -f /etc/resolv.conf";
script_run "systemctl restart NetworkManager";
}
# we need a lot of entropy for this, and we don't care how good # we need a lot of entropy for this, and we don't care how good
# it is, so let's use haveged # it is, so let's use haveged
assert_script_run "dnf ${extraparams} -y install haveged", 300; assert_script_run "dnf ${extraparams} -y install haveged", 300;