ALT:nsswitch.conf: Make sss a primary service for automount

ipaclient/install/ipa_client_automount.py

@@ -230,7 +230,7 @@ def uninstall(fstore, statestore):
 
     print("Restoring configuration")
 
-    for filepath in RESTORE_FILES:
+    for filepath in RESTORE_FILES + [paths.NSSWITCH_CONF]:
         if fstore.has_file(filepath):
             fstore.restore_file(filepath)
     if statestore.has_state('autofs'):
@@ -497,6 +497,7 @@ def configure_automount():
         sys.exit("Installation aborted")
 
     try:
+        tasks.modify_nsswitch_automount(fstore)
         configure_nfs(fstore, statestore, options)
         configure_autofs_sssd(fstore, statestore, autodiscover, options)
         configure_autofs_common(fstore, statestore, options)

ipaplatform/altlinux/tasks.py

@@ -30,6 +30,16 @@ def restore_pre_ipa_client_configuration(
     def set_nisdomain(self, nisdomain):
         return True
 
+    def modify_nsswitch_automount(self, fstore):
+        self.configure_nsswitch_database(
+            fstore,
+            "automount",
+            ["sss"],
+            append=False,
+            default_value=["files"],
+            reorder=True,
+        )
+
     def modify_nsswitch_pam_stack(
         self, sssd, mkhomedir, fstore, statestore, sudo=True, subid=False
     ):

ipaplatform/base/tasks.py

@@ -210,6 +210,12 @@ def modify_nsswitch_pam_stack(self, sssd, mkhomedir, fstore, statestore,
 
         raise NotImplementedError()
 
+    def modify_nsswitch_automount(self, fstore):
+        """
+        Sets automount database in nsswitch.conf to 'sss' as a primary service
+        """
+        raise NotImplementedError()
+
     def modify_pam_to_use_krb5(self, statestore):
         """
         Configure pam stack to allow kerberos authentication.
@@ -399,7 +405,7 @@ def get_pkcs11_modules(self):
 
     def configure_nsswitch_database(self, fstore, database, services,
                                     preserve=True, append=True,
-                                    default_value=()):
+                                    default_value=(), reorder=False):
         """
         Edits the specified nsswitch.conf database (e.g. passwd, group,
         sudoers) to use the specified service(s).
@@ -415,6 +421,8 @@ def configure_nsswitch_database(self, fstore, database, services,
         The next arguments modify the behaviour if preserve=True:
             append - if True, the services will be appended, if False,
                      prepended
+            reorder - if True, reorder of matching services is allowed.
+                      If False, reorder of matching services is not allowed.
             default_value - list of services that are considered as default (if
                             the database is not mentioned in nsswitch.conf),
                             e.g. ['files']
@@ -444,9 +452,21 @@ def configure_nsswitch_database(self, fstore, database, services,
                 configured_services = raw_database_entry[
                     'value'].strip().split()
 
-            # Make sure no service is added if already mentioned in the list
-            added_services = [s for s in services
-                              if s not in configured_services]
+            if reorder:
+                added_services = services[:]
+                # drop already configured service if it matches
+                configured_services = [
+                    s
+                    for s in configured_services
+                    if s not in added_services
+                ]
+            else:
+                # Make sure no service is added if already mentioned in the list
+                added_services = [
+                    s
+                    for s in services
+                    if s not in configured_services
+                ]
 
             # Prepend / append the list of new services
             if append: