Ubuntu
sssd package

  1. Bug #1566508
  2. Comment #46

Comment 46 for bug 1566508

Revision history for this message
Victor Tapia (vtapia) wrote :

# VERIFICATION FOR XENIAL

I prepared a reproducer based on the description details (LDAP + NFS) using an entry_cache_timeout of 88000 in sssd.conf to ensure the cache was valid during the validation run. From a remote machine, I ran this script:

#!/bin/bash
OK=0
KO=0
while true ; do
#date
nova reboot vtapia-xenial
sleep 60
nc -z cases 22 || sleep 30
ssh -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes ubuntu@vtapia-xenial "tail /var/log/syslog -n200 | grep -Ei 'DHCP|autofs|automount|sssd' | grep -v apparmor && ls /direct/ok"
if [ $? != 0 ] ; then
KO=$((KO + 1))
break
else
OK=$((OK + 1))
fi
echo "$OK $KO"
done

This script reboots the machine using sssd and tries to access a direct mapping (/direct/). If the boot order is successful (i.e. autofs starts after sssd and its responders have started), the mapping will be available and the file in it ("ok") will be too. If the test passes, the machine is restarted and checked again.

This is an excerpt of the output:

Warning: Permanently added 'vtapia-xenial,10.5.1.88' (ECDSA) to the list of known hosts.
Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPDISCOVER on ens3 to 255.255.255.255 port 67 interval 3 (xid=0xe1d78e6a)
Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPREQUEST of 10.5.1.88 on ens3 to 255.255.255.255 port 67 (xid=0x6a8ed7e1)
Mar 30 13:31:41 vtapia-xenial sh[767]: DHCPREQUEST of 10.5.1.88 on ens3 to 255.255.255.255 port 67 (xid=0x6a8ed7e1)
Mar 30 13:31:41 vtapia-xenial sh[767]: DHCPOFFER of 10.5.1.88 from 10.5.1.102
Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPOFFER of 10.5.1.88 from 10.5.1.102
Mar 30 13:31:41 vtapia-xenial dhclient[780]: DHCPACK of 10.5.1.88 from 10.5.1.102
Mar 30 13:31:41 vtapia-xenial sh[767]: DHCPACK of 10.5.1.88 from 10.5.1.102
Mar 30 13:31:41 vtapia-xenial root: /etc/dhcp/dhclient-enter-hooks.d/samba returned non-zero exit status 1
Mar 30 13:31:41 vtapia-xenial sssd: Starting up
Mar 30 13:31:41 vtapia-xenial sssd[be[openstacklocal]]: Starting up
Mar 30 13:31:41 vtapia-xenial sssd[autofs]: Starting up
Mar 30 13:31:41 vtapia-xenial sssd[nss]: Starting up
Mar 30 13:31:41 vtapia-xenial sssd[pam]: Starting up
Mar 30 13:31:41 vtapia-xenial systemd[1]: Starting LSB: Automounts filesystems on demand...
Mar 30 13:31:41 vtapia-xenial autofs[1143]: * Starting automount...
Mar 30 13:31:41 vtapia-xenial automount[1171]: Starting automounter version 5.1.1, master map /etc/auto.master
Mar 30 13:31:41 vtapia-xenial automount[1171]: using kernel protocol version 5.02
Mar 30 13:31:42 vtapia-xenial automount[1171]: mounted direct on /wololo with timeout 300, freq 75 seconds
Mar 30 13:31:42 vtapia-xenial automount[1171]: mounted direct on /direct with timeout 300, freq 75 seconds
Mar 30 13:31:42 vtapia-xenial automount[1171]: mounted indirect on /home with timeout 300, freq 75 seconds
Mar 30 13:31:42 vtapia-xenial autofs[1143]: ...done.
Mar 30 13:31:42 vtapia-xenial systemd[1]: Started LSB: Automounts filesystems on demand.
Mar 30 13:32:56 vtapia-xenial automount[1171]: attempting to mount entry /home/ubuntu
Mar 30 13:32:56 vtapia-xenial automount[1171]: mounted /home/ubuntu
/direct/ok
1815 0

The log shows that the machine has restarted 1815 times with no errors, so we can assume the bug has been fixed.

The tested versions are:

$ ssh vtapia-xenial "dpkg -l | grep sssd"
Warning: Permanently added 'vtapia-xenial,10.5.1.88' (ECDSA) to the list of known hosts.
ii sssd 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- metapackage
ii sssd-ad 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- Active Directory back end
ii sssd-ad-common 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- PAC responder
ii sssd-common 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- common files
ii sssd-ipa 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- IPA back end
ii sssd-krb5 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- Kerberos back end
ii sssd-krb5-common 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- Kerberos helpers
ii sssd-ldap 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- LDAP back end
ii sssd-proxy 1.13.4-1ubuntu1.4 amd64 System Security Services Daemon -- proxy back end

Note: This would be the output of a failing boot process:

Warning: Permanently added 'vtapia-xenial,10.5.1.88' (ECDSA) to the list of known hosts.
Mar 22 10:00:24 vtapia-xenial systemd[1]: Starting LSB: Automounts filesystems on demand...
Mar 22 10:00:24 vtapia-xenial autofs[1199]: * Starting automount...
Mar 22 10:00:24 vtapia-xenial automount[1252]: Starting automounter version 5.1.1, master map /etc/auto.master
Mar 22 10:00:24 vtapia-xenial automount[1252]: using kernel protocol version 5.02
Mar 22 10:00:24 vtapia-xenial sssd: Starting up
Mar 22 10:00:24 vtapia-xenial automount[1252]: setautomntent: lookup(sss): setautomntent: Connection refused
Mar 22 10:00:24 vtapia-xenial automount[1252]: mounted indirect on /home with timeout 300, freq 75 seconds
Mar 22 10:00:24 vtapia-xenial autofs[1199]: ...done.
Mar 22 10:00:24 vtapia-xenial systemd[1]: Started LSB: Automounts filesystems on demand.
Mar 22 10:00:25 vtapia-xenial sssd[be[openstacklocal]]: Starting up
Mar 22 10:00:25 vtapia-xenial sssd[nss]: Starting up
Mar 22 10:00:25 vtapia-xenial sssd[pam]: Starting up
Mar 22 10:00:25 vtapia-xenial sssd[autofs]: Starting up
Mar 22 10:01:41 vtapia-xenial automount[1252]: attempting to mount entry /home/ubuntu
Mar 22 10:01:41 vtapia-xenial automount[1252]: mounted /home/ubuntu
ls: cannot access '/direct/ok': No such file or directory