Conflicting Instructions - systemd config for tang

Latest response

On this RHEL 8 documentation page:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/system_design_guide/configuring-automated-unlocking-of-encrypted-volumes-using-policy-based-decryption_system-design-guide

Step 5 for setting up the tang server suggests editing the the port number of tang in this file:

/etc/systemd/system/multi-user.target.wants/tangd.socket

However, by default, that is just a symlink back to the /usr/lib version of tangd.socket and may be overwritten by future RPM updates. The systemd documention says to copy this to /etc/systemd/system and then edit it and do a systemctl reenable .

Even other parts of the RHEL 8 documentation agree that this will be potentially override by normal patching and suggest (section 3.5.4) copying the /usr/lib/systemd/system/ version to /etc/systemd/system/, then doing a reenable and daemon-reload.

Ref: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/managing-services-with-systemd_configuring-basic-system-settings#Managing_Services_with_systemd-Extending_Unit_Config

Please fix this documentation as this might cause critical production outages.

Responses

Hi Nathan McGarvey,

Thanks for posting in the Red Hat public discussion area. The best way to submit a fix for this is with a case with Red Hat. Red Hat employees sometimes examine the discussion area, but an issue that you present is best fixed with a case with Red Hat. Generally, much of the replies are from customer to customer (example, I do not work for Red Hat)

You can use this link https://access.redhat.com/support/cases/#/case/new to submit a case.

You could copy & paste your original description above for the body of the case.

Regards

RJ

Hello Nathan,

Just to make visible that the solution is in progress - we are also discussing this problem in https://access.redhat.com/discussions/4344681 - I would like to propose that we continue only there.

Thank you for your very good catch, we are working on it.