infinite loop on start if misconfigured
This bug report will be marked for expiration in 16 days if no further activity occurs. (find out why)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sssd (Ubuntu) |
Incomplete
|
Medium
|
Unassigned |
Bug Description
Suppose sssd has a valid sssd.conf file but no /etc/krb5.keytab (maybe the
keytab disappeared or got corrupted; or maybe ipa-client-install encountered
an error and didn't create one, but nevertheless your custom installer put
the sssd.conf in place - note that ipa-client-install leaves the sssd service
enabled even if the enrollment failed, although it does try to delete
sssd.conf).
If I do 'sudo systemctl start sssd' then it will quite reasonably tell me
there was a startup error:
Job for sssd.service failed because the control process exited with error code.
See "systemctl status sssd.service" and "journalctl -xe" for details.
But for some reason it enters a cycle of starting and stopping in the
background.
$ systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/
Active: activating (start) since Tue 2020-07-28 09:58:43 UTC; 199ms ago
Main PID: 7956 (sssd)
$ systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/
Active: activating (start) since Tue 2020-07-28 09:59:09 UTC; 5s ago
Main PID: 8080 (sssd)
$ systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/lib/systemd/
Active: activating (start) since Tue 2020-07-28 09:59:54 UTC; 1s ago
Main PID: 8276 (sssd)
This is a problem because if sssd is enabled in systemd and I reboot the machine,
the system will fail to finish booting because it is waiting for infinite
retries of the sssd service.
[FAILED] Failed to start System Security Services Daemon.
See 'systemctl status sssd.service' for details.
[DEPEND] Dependency failed for SSSD PAM Service responder socket.
[DEPEND] Dependency failed for SSSD PAM Service responder private socket.
[DEPEND] Dependency failed for SSSD NSS Service responder socket.
[DEPEND] Dependency failed for SSSD SSH Service responder socket.
[DEPEND] Dependency failed for SSSD AutoFS Service responder socket.
[DEPEND] Dependency failed for SSSD Sudo Service responder socket.
[DEPEND] Dependency failed for SSSD PAC Service responder socket.
[ OK ] Stopped System Security Services Daemon.
Starting System Security Services Daemon...
[*** ] A start job is running for System Security Services Daemon (4s / 1min 30s)
[FAILED] Failed to start System Security Services Daemon.
See 'systemctl status sssd.service' for details.
[DEPEND] Dependency failed for SSSD PAM Service responder socket.
[DEPEND] Dependency failed for SSSD PAM Service responder private socket.
[DEPEND] Dependency failed for SSSD NSS Service responder socket.
[DEPEND] Dependency failed for SSSD SSH Service responder socket.
[DEPEND] Dependency failed for SSSD AutoFS Service responder socket.
[DEPEND] Dependency failed for SSSD Sudo Service responder socket.
[DEPEND] Dependency failed for SSSD PAC Service responder socket.
[ OK ] Stopped System Security Services Daemon.
Starting System Security Services Daemon...
[*** ] A start job is running for System Security Services Daemon (4s / 1min 30s)
...ad infinitum...
So in summary: I acknowledge that this was misconfigured because of user error,
but my contention is that that shouldn't make the system unbootable.
Version tested: sssd 2.2.3-3 under systemd 245.4-4ubuntu3.2 in Ubuntu 20.04.
Changed in sssd (Ubuntu Focal): | |
status: | New → Triaged |
Changed in sssd (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Medium |
Changed in sssd (Ubuntu Focal): | |
importance: | Undecided → Medium |
Thank you for taking the time to report this bug and helping to make Ubuntu
better.
This bug is present in Debian as well and Ubuntu currently does not make any
changes to the Debian package. Therefore, this bug would be best fixed
directly in Debian, and then Ubuntu will pick up the fix automatically.
Would you mind filing a bug with Debian please?
----
Debian uses a bug tracker a little different than Launchpad. As an example,
assuming the source package we are interested in is 'vim', you can find
the Debian bug tracker for vim here:
https:/ /bugs.debian. org/cgi- bin/pkgreport. cgi?pkg= vim
You can file a bug via email by sending mail to: <email address hidden>
The body of the email needs to contain everything between the --- below:
---
Package: vim
Version: your_version_here
Your details, explanation, and steps to reproduce go below those two lines,
Package and Version, which are required.
---
You can read more here about filing bugs in Debian here: /www.debian. org/Bugs/ Reporting
https:/
Hope that helps!