Bug 903648
| Summary: | NSCD warning is irritating | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Dmitri Pal <dpal> |
| Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Kaushik Banerjee <kbanerje> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | low | ||
| Version: | 7.0 | CC: | apeetham, grajaiya, jgalipea, mkosek, pbrezina, rkudyba |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | sssd-1.10.0-10.el7.beta2 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-06-13 12:01:17 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dmitri Pal
2013-01-24 13:37:25 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/1785 Temporarily moving bugs to MODIFIED to work around errata tool bug Verified the bug on SSSD Version: sssd-1.11.2-10.el7.x86_64 Steps followed during verification: 1. Setup nscd.conf with default overlapping services and start nscd. 2. Setup sssd.conf correctly and start it as well. 3. Monitor /var/log/messages file. Following warning appears: Dec 10 17:53:37 rhel-7 systemd: Starting System Security Services Daemon... Dec 10 17:53:37 rhel-7 sssd: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in parallel with SSSD, unless NSCD is configured not to cache these. Dec 10 17:53:37 rhel-7 sssd: Starting up Dec 10 17:53:39 rhel-7 sssd[be[LDAP]]: Starting up Dec 10 17:53:39 rhel-7 sssd[pam]: Starting up Dec 10 17:53:39 rhel-7 sssd[nss]: Starting up 4. Stop both sssd and nscd service. 5. Now configure nscd.conf correctly by commenting out overlapping services. 6. Start nscd service first and then start sssd service. 7. Monitor syslog messages. The warning message disappears as expected. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. Let me know if this should be a new bug. We use NIS and disable sssd:
systemctl status sssd
● sssd.service - System Security Services Daemon
Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
However we still get this several times a day:
Daemon: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in parallel with SSSD, unless NSCD is configured not to cache these
Here's the /etc/nscd.conf:
enable-cache passwd yes
positive-time-to-live passwd 600
negative-time-to-live passwd 20
suggested-size passwd 211
check-files passwd yes
persistent passwd yes
shared passwd yes
max-db-size passwd 33554432
auto-propagate passwd yes
enable-cache group yes
positive-time-to-live group 3600
negative-time-to-live group 60
suggested-size group 211
check-files group yes
persistent group yes
shared group yes
max-db-size group 33554432
auto-propagate group yes
enable-cache hosts yes
positive-time-to-live hosts 3600
negative-time-to-live hosts 20
suggested-size hosts 211
check-files hosts yes
persistent hosts yes
shared hosts yes
max-db-size hosts 33554432
enable-cache services yes
positive-time-to-live services 28800
negative-time-to-live services 20
suggested-size services 211
check-files services yes
persistent services yes
shared services yes
max-db-size services 33554432
Where do you get the warning from if sssd is disabled? (In reply to Jakub Hrozek from comment #10) > Where do you get the warning from if sssd is disabled? It just happens randomly can't reproduce it, could it be related to NIS, ypbind? (In reply to Jakub Hrozek from comment #10) > Where do you get the warning from if sssd is disabled? Perhaps this is a clue? Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all domains. Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager... Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in parallel with SSSD, unless NSCD is configured not to cache these. Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager. (In reply to RobbieTheK from comment #12) > (In reply to Jakub Hrozek from comment #10) > > Where do you get the warning from if sssd is disabled? > > Perhaps this is a clue? > Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all > domains. > Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down > Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager... > Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to > be configured to cache some of the databases controlled by SSSD > [passwd,group,netgroup,services]. It is recommended not to run NSCD in > parallel with SSSD, unless NSCD is configured not to cache these. > Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager. Ah, OK this makes sense. I didn't think about KCM because this bug was opened against RHEL-7 so I had this RHEL-7 tunnel vision. I reckon you are running RHEL-8 or some modern Fedora, then? If yes, then this is a small bug. KCM on startup regenerates its configuration database with the help of the main sssd binary (sssd --genconf --only-section=kcm or something like this) which incidentally also runs the nscd check. (In reply to Jakub Hrozek from comment #13) > (In reply to RobbieTheK from comment #12) > > (In reply to Jakub Hrozek from comment #10) > > > Where do you get the warning from if sssd is disabled? > > > > Perhaps this is a clue? > > Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all > > domains. > > Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down > > Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager... > > Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to > > be configured to cache some of the databases controlled by SSSD > > [passwd,group,netgroup,services]. It is recommended not to run NSCD in > > parallel with SSSD, unless NSCD is configured not to cache these. > > Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager. > > Ah, OK this makes sense. I didn't think about KCM because this bug was > opened against RHEL-7 so I had this RHEL-7 tunnel vision. I reckon you are > running RHEL-8 or some modern Fedora, then? If yes, then this is a small > bug. KCM on startup regenerates its configuration database with the help of > the main sssd binary (sssd --genconf --only-section=kcm or something like > this) which incidentally also runs the nscd check. Yes Fedora 29. Should I open a new bug? (In reply to RobbieTheK from comment #14) > (In reply to Jakub Hrozek from comment #13) > > (In reply to RobbieTheK from comment #12) > > > (In reply to Jakub Hrozek from comment #10) > > > > Where do you get the warning from if sssd is disabled? > > > > > > Perhaps this is a clue? > > > Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all > > > domains. > > > Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down > > > Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager... > > > Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to > > > be configured to cache some of the databases controlled by SSSD > > > [passwd,group,netgroup,services]. It is recommended not to run NSCD in > > > parallel with SSSD, unless NSCD is configured not to cache these. > > > Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager. > > > > Ah, OK this makes sense. I didn't think about KCM because this bug was > > opened against RHEL-7 so I had this RHEL-7 tunnel vision. I reckon you are > > running RHEL-8 or some modern Fedora, then? If yes, then this is a small > > bug. KCM on startup regenerates its configuration database with the help of > > the main sssd binary (sssd --genconf --only-section=kcm or something like > > this) which incidentally also runs the nscd check. > > Yes Fedora 29. Should I open a new bug? I can do that if you don't mind, I hope I know all the details. I'll CC you to this bug report. |