external authentication modules are being included in podified even if not used

[Fryguy]

We should reorganize the external authentication modules (in particular samba), to not need to be present in the podified images, since they aren't need in those images. They might be needed in the httpd-init container image, but most probably don't need to live in the httpd container image either.

See

manageiq-rpm_build/rpm_spec/subpackages/manageiq-appliance

Lines 20 to 46 in a37578c

	# External Authentication
	Requires: sssd >= 1.11.6
	Requires: sssd-dbus >= 1.11.6
	# External Authentication - IPA
	Requires: c-ares >= 1.7.0
	Requires: ipa-admintools >= 3.0.0
	Requires: ipa-client >= 3.0.0
	Requires: mod_intercept_form_submit >= 0.9.7
	Requires: mod_auth_gssapi
	Requires: mod_authnz_pam >= 0.9.2
	Requires: mod_lookup_identity >= 0.9.2
	Requires: mod_ssl
	# External Authentication - Active Directory
	Requires: adcli
	Requires: oddjob
	Requires: oddjob-mkhomedir
	Requires: realmd
	Requires: samba-common
	Requires: samba-common-tools
	# External Authentication - SAML
	Requires: mod_auth_mellon
	# External Authentication - OpenID-Connect
	Requires: mod_auth_openidc

[Fryguy]

I'm not even sure why samba is getting installed in podified, since the appliance rpm isn't installed:

[root@4c4ce1d03987 /]# rpm -qa | grep infra
infrastructure-management-pods-14.0.0-20220611023251.el8.x86_64
infrastructure-management-ui-14.0.0-20220611023251.el8.x86_64
infrastructure-management-core-14.0.0-20220611023251.el8.x86_64
infrastructure-management-system-14.0.0-20220611023251.el8.x86_64
infrastructure-management-gemset-14.0.0-20220611023251.el8.x86_64

[Fryguy]

Similarly, ruby-dbus gem can probably be eliminated in podified (which also causes some licensing issues since it is LGPL) See:

https://github.com/ManageIQ/manageiq/blob/dc3e771652e88e83e5687e554230bceda612ef6a/Gemfile#L258

I wonder if it can be moved to the systemd section?

[Fryguy]

@kbrock if you're interested.

[kbrock]

self assigned, but just so it doesn't slip through the cracks for me.
If someone else is interested and has ideas, please chime in

[Fryguy]

Seems cifs-utils in the gemset rpm is pulling samba-client-libs

Searching we find:

./manageiq-release/repos/ManageIQ/manageiq-gems-pending/lib/gems/pending/util/mount/miq_smb_session.rb:    mount_args      = {:t => "cifs"}
./manageiq-release/repos/ManageIQ/manageiq-gems-pending/lib/gems/pending/util/mount/miq_smb_session.rb:    # mount -t cifs //192.168.252.140/temp /media/windows_share/ -o rw,username=jrafaniello,password=blah,domain=manageiq.com

Which implies samba is needs for the FileDepot stuff to connect to samba shares. If we can get rid of FileDeopt, then this can go away.

cc @bdunne

[miq-bot]

This issue has been automatically marked as stale because it has not been updated for at least 3 months.

If you can still reproduce this issue on the current release or on master, please reply with all of the information you have about it in order to keep the issue open.

Thank you for all your contributions! More information about the ManageIQ triage process can be found in the triage process documentation.

[kbrock]

We may be able to remove just the samba portion of file depot?
The functionality seemed like it was all about database backups.
Do we use this for something else?

[Fryguy]

that's an interesting idea if we can't completely remove FileDepot - @bdunne @jrafanie Thoughts?

[jrafanie]

We may be able to remove just the samba portion of file depot?
The functionality seemed like it was all about database backups.
Do we use this for something else?

Database backups and log collection. I think they're both gone from the UI as they're done in the appliance console and through the collect_logs tool.