Bug 1488370
Summary: | nscd: Add a comment to the default nscd.conf file that is it not recommended to use NSCD and SSSD for the same NSS maps | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Jakub Hrozek <jhrozek> | |
Component: | glibc | Assignee: | Carlos O'Donell <codonell> | |
Status: | CLOSED ERRATA | QA Contact: | qe-baseos-tools-bugs | |
Severity: | low | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 7.4 | CC: | ashankar, codonell, fweimer, jhrozek, knweiss, mcermak, mnewsome, pfrankli, skolosov | |
Target Milestone: | rc | Keywords: | Patch | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | glibc-2.17-286.el7 | Doc Type: | No Doc Update | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1747505 (view as bug list) | Environment: | ||
Last Closed: | 2019-08-06 12:48:58 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1643040, 1747505 |
Description
Jakub Hrozek
2017-09-05 08:38:31 UTC
(In reply to Jakub Hrozek from comment #0) > Description of problem: > It is still not clear to all users that running nscd and sssd at the same > time for the same maps might not be the best idea because then there are two > caching stacks that compete with each other. > > Even though sssd already warns to syslog when it detects that nscd is > running and the maps that nscd caches are the same that sssd caches, perhaps > it would also help if nscd.conf had a comment telling something along those > lines as well Do you mean nsswitch.conf? I'm not sure if a warning makes sense in nscd.conf. The sss module is only listed in nsswitch.conf. I assume he means this: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/system-level_authentication_guide/#usingnscd-sssd I agree that mentioning this in /etc/nscd.conf is a good idea. Talking about warnings: It might be also a good idea to mention the fact the "shared yes" disables the "cache hit rate" stats output of "nscd -g" (it'll show "0%"). Posted patches for Rawhide: https://lists.fedoraproject.org/archives/list/glibc@lists.fedoraproject.org/thread/A656JPF5MT6YNRPDCCJ4H4TTAF6YRXXQ/ I added the following warning: ++# WARNING: Running nscd with a secondary caching service like sssd may lead to ++# unexpected behaviour, especially with how long entries are cached. to both nscd.conf and nsswitch.conf. I also added the following note to nscd.conf: + # shared <service> <yes|no> ++# NOTE: Setting 'shared' to a value of 'yes' will accelerate the lookup ++# with the help of the client, but these lookups will not be ++# counted as cache hits i.e. 'nscd -g' may show '0%'. ++# I think that covers all suggestions in this issue. Looks good, thank you very much. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2019:2118 |