Bug 1945966

Summary: top reports sssd-kcm is the top cpu consumer by time
Product: [Fedora] Fedora Reporter: Chris Murphy <bugzilla>
Component: sssdAssignee: Pavel Březina <pbrezina>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 34CC: abokovoy, atikhono, jhrozek, lslebodn, mzidek, pbrezina, sbose, ssorce, sssd-maintainers
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-04-08 13:20:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
strace sssd-kcm none

Description Chris Murphy 2021-04-03 02:35:43 UTC 
Description of problem:

sssd-kcm has started using between 10% and 95% cpu. I don't know what the instigator is, and I'm not aware of any services needing kerberos (virt-manager? google account? fedora account?)

Version-Release number of selected component (if applicable):
sssd-2.4.2-3.fc34.x86_64

How reproducible:
always

Steps to Reproduce:
1. Boot, login
2.
3.

Actual results:

sssd-kcm starts using lots of cpu


Expected results:

should use barely any


Additional info:
Comment 1 Chris Murphy 2021-04-03 02:36:14 UTC 
Created attachment 1768706 [details]
strace sssd-kcm
Comment 2 Chris Murphy 2021-04-03 02:47:33 UTC 
many hundreds of lines in /var/log/sssd/sssd_kcm.log and there are multiple such logs

(2021-04-02 20:21:23): [kcm] [sec_get] (0x0040): Cannot retrieve the secret [2]: No such file or directory
(2021-04-02 20:21:28): [kcm] [sec_get] (0x0040): Cannot retrieve the secret [2]: No such file or directory
(2021-04-02 20:21:33): [kcm] [sec_get] (0x0040): Cannot retrieve the secret [2]: No such file or directory
(2021-04-02 20:21:38): [kcm] [sec_get] (0x0040): Cannot retrieve the secret [2]: No such file or directory
(2021-04-02 20:21:43): [kcm] [sec_get] (0x0040): Cannot retrieve the secret [2]: No such file or directory
(2021-04-02 20:21:48): [kcm] [sec_get] (0x0040): Cannot retrieve the secret [2]: No such file or directory

journal contains

Apr 02 20:43:49 flap.local systemd[1]: Starting SSSD Kerberos Cache Manager...
Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912158): [sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912222): [sssd] [confdb_init_db] (0x0020): Cannot convert INI to LDIF [1432158317]: [File ownership and permissi>
Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912244): [sssd] [confdb_setup] (0x0010): ConfDB initialization has failed [1432158317]: File ownership and permi>
Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912280): [sssd] [load_configuration] (0x0010): Unable to setup ConfDB [1432158317]: File ownership and permissio>
Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912297): [sssd] [main] (0x0010): SSSD couldn't load the configuration database.
Apr 02 20:43:49 flap.local sssd[3408]: SSSD couldn't load the configuration database [1432158317]: Unknown error 1432158317.
Apr 02 20:43:49 flap.local systemd[1]: Started SSSD Kerberos Cache Manager.

Created
/etc/sssd/sssd.conf

Added

           [kcm]
           debug_level = 10

Then, restart the sssd-kcm service. Doesn't change any of the log messages in sssd_kcm.log
Comment 3 Chris Murphy 2021-04-03 03:07:28 UTC 
Deleted Fedora in Settings > Online Accounts. sssd-kcm is no longer using such large amounts of CPU. There are two bugs here:

(a) it shouldn't use this much cpu when credential are wrong/expire
(b) some kind of clue about what's it's mad about should be in the journal
Comment 4 Alexey Tikhonov 2021-04-06 07:57:06 UTC 
Related to bz 1645624
Comment 5 Pavel Březina 2021-04-06 08:57:05 UTC 
(In reply to Chris Murphy from comment #2)
> many hundreds of lines in /var/log/sssd/sssd_kcm.log and there are multiple
> such logs
> 
> (2021-04-02 20:21:23): [kcm] [sec_get] (0x0040): Cannot retrieve the secret
> [2]: No such file or directory
> (2021-04-02 20:21:28): [kcm] [sec_get] (0x0040): Cannot retrieve the secret
> [2]: No such file or directory
> (2021-04-02 20:21:33): [kcm] [sec_get] (0x0040): Cannot retrieve the secret
> [2]: No such file or directory
> (2021-04-02 20:21:38): [kcm] [sec_get] (0x0040): Cannot retrieve the secret
> [2]: No such file or directory
> (2021-04-02 20:21:43): [kcm] [sec_get] (0x0040): Cannot retrieve the secret
> [2]: No such file or directory
> (2021-04-02 20:21:48): [kcm] [sec_get] (0x0040): Cannot retrieve the secret
> [2]: No such file or directory

Do you use Kerberos at all?

> journal contains
> 
> Apr 02 20:43:49 flap.local systemd[1]: Starting SSSD Kerberos Cache
> Manager...
> Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912158): [sssd]
> [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
> Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912222): [sssd]
> [confdb_init_db] (0x0020): Cannot convert INI to LDIF [1432158317]: [File
> ownership and permissi>
> Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912244): [sssd]
> [confdb_setup] (0x0010): ConfDB initialization has failed [1432158317]: File
> ownership and permi>
> Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912280): [sssd]
> [load_configuration] (0x0010): Unable to setup ConfDB [1432158317]: File
> ownership and permissio>
> Apr 02 20:43:49 flap.local sssd[3408]: (2021-04-02 20:43:49:912297): [sssd]
> [main] (0x0010): SSSD couldn't load the configuration database.
> Apr 02 20:43:49 flap.local sssd[3408]: SSSD couldn't load the configuration
> database [1432158317]: Unknown error 1432158317.
> Apr 02 20:43:49 flap.local systemd[1]: Started SSSD Kerberos Cache Manager.
> 
> Created
> /etc/sssd/sssd.conf

This will fix it:
sudo chmod 0600 /etc/sssd/sssd.conf

> 
> Added
> 
>            [kcm]
>            debug_level = 10
> 
> Then, restart the sssd-kcm service. Doesn't change any of the log messages
> in sssd_kcm.log

(In reply to Chris Murphy from comment #3)
> Deleted Fedora in Settings > Online Accounts. sssd-kcm is no longer using
> such large amounts of CPU. There are two bugs here:
> 
> (a) it shouldn't use this much cpu when credential are wrong/expire
> (b) some kind of clue about what's it's mad about should be in the journal

gnome-online-accounts is triggering lots of load on kcm due to constant polling every 5 seconds which tests kcm performance limits. This is heavily discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1645624
Comment 6 Chris Murphy 2021-04-06 16:00:30 UTC 
>Do you use Kerberos at all?

Not knowingly. Maybe FAS2 used it? I'm not sure what the replacement uses.

>gnome-online-accounts is triggering lots of load on kcm due to constant polling every 5 seconds which tests kcm performance limits. This is heavily discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1645624

I think this bug is a dup of that bug, feel free to close it.
Comment 7 Pavel Březina 2021-04-08 13:20:26 UTC 

*** This bug has been marked as a duplicate of bug 1645624 ***