While trying to figure out why my configuration management system kept reporting that sssd.conf would change every time authconfig is run even though its arguments don't change, I realized that python3-sssdconfig will randomize the order of the "services" item in the "[sssd]" section.
Idempotency is important for configuration management systems like ansible; running a command twice should give exactly the same output as running it once. I can understand that it might not be reasonable to rewrite the items back in the original order, but the order chosen should at least be stable. I suspect that sticking "sorted()" in the right place would be quite sufficient.
I guess any fix would have to go into IPAChangeConf.merge() or .dump() in ipachangeconf.py, but that code is somewhat complicated.
Stephen said he'd hack on this but I'm not sure exactly when he plans on doing this, so for now I'm adding this to the future milestone.
Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Future releases (no date set yet)
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.3 — Documentation