Steps to reproduce:

1. Create the OKD/OpenShift image from freeipa/freeipa-server:fedora-36-4.9.10
2. Start a container for this image to initialize a fresh data volume
3. Create the OKD/OpenShift image from freeipa/freeipa-server:fedora-rawhide-4.10.0, also applying these patches:

• from PR #38 for issue #39
• from PR #41 for issue #40
• from PR #43 for issue #42

4. Start a container for the updated image using the existing data volume

Wrong behaviour:

• Free-IPA fails to start because gssproxy cannot be started. Reason: gssproxy complains about redundant configuration files 99-nfs-client.conf and 99-network-fs-clients.conf in its /etc/gssproxy (linked into data volume as /data/etc/gssproxy/)

Reason:

This commit renamed the config file. After the update, the old file still exists in the data volume. Also, I find that the new file is generated during the update procedure. In consequence, gssproxy find two files with redundant entries and it does not want to start. This leads to the whole Free-IPA failing to start (as it depends on the gssproxy service).

Workaround:

Do the "partial" update as in the steps 1 to 4 above. Then delete the old and obsolete gssproxy config file and restart the POD.

Due to this issue and all the issues linked in the description, I wonder whether it is really a wise idea to promote running Free-IPA in OKD/OpenShift. From a real "cloud" application, you expect "easy" upgrade by basically just using the new/next image tag and restart the POD.

This does not seem to work for Free-IPA... What are your thoughts?