Bug 967023

Summary: oddjobd is not started by realmd
Product: Red Hat Enterprise Linux 7 Reporter: Patrik Kis <pkis>
Component: realmdAssignee: Stef Walter <stefw>
Status: CLOSED CURRENTRELEASE QA Contact: David Spurek <dspurek>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: dspurek, ebenes, jrieden, ksrot, stefw
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: realmd-0.14.2-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 964971 Environment:
Last Closed: 2014-06-13 11:17:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 964971, 967025    
Bug Blocks:    

Description Patrik Kis 2013-05-24 14:28:05 UTC 
+++ This bug was initially created as a clone of Bug #964971 +++

Description of problem:
oddjobd is being enabled during realm join but not started
Note, that oddjobd cannot be started through d-bus as it is probably expected, as stated in bug 963722, so it is necessary to start it as normal service.

Version-Release number of selected component (if applicable):
realmd-0.14.1-1.fc19
oddjob-0.31.4-1.fc19
authconfig-6.2.6-3.fc19

How reproducible:
always

Steps to Reproduce:
# realm -v join -U Bender-admin ad.baseos.qe
 * Resolving: _ldap._tcp.dc._msdcs.ad.baseos.qe
 * Sending MS-CLDAP ping to: 10.34.25.20
 * Successfully discovered: ad.baseos.qe
Password for Bender-admin: 
 * Required files: /usr/sbin/sssd, /usr/bin/net
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.I269WW -U Bender-admin ads join ad.baseos.qe createupn
Enter Bender-admin's password:
^[[ADNS update failed: NT_STATUS_UNSUCCESSFUL
Using short domain name -- AD
Joined 'PKIS' to dns domain 'ad.baseos.qe'
DNS Update for pkis.ipa.baseos.qe failed: ERROR_DNS_UPDATE_FAILED
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.I269WW -U Bender-admin ads keytab create
Enter Bender-admin's password:
 * /usr/bin/systemctl enable sssd.service
ln -s '/usr/lib/systemd/system/sssd.service' '/etc/systemd/system/multi-user.target.wants/sssd.service'
 * /usr/bin/systemctl restart sssd.service
 * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable sssd.service
 * Successfully enrolled machine in realm

# ps -ef |grep oddjo
root      4698  1268  0 10:22 pts/0    00:00:00 grep --color=auto oddjo
# systemctl list-unit-files |grep oddjob
oddjobd.service                             enabled 


The problem is probably here, with --nostart:

 * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable sssd.service

and only sssd is started afterwards.

--- Additional comment from Stef Walter on 2013-05-24 06:41:30 EDT ---

Patch available upstream.
Comment 4 Stef Walter 2013-09-20 12:34:15 UTC 
It's pretty dumb that oddjobd doesn't start automatically when used even when enabled. It's a DBus service :S
Comment 5 Stef Walter 2013-09-20 12:45:25 UTC 
Can you try this build?

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6307918
Comment 6 David Spurek 2013-09-24 14:19:36 UTC 
(In reply to Stef Walter from comment #5)
> Can you try this build?
> 
> http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6307918

oddjob service is still not stared after join to AD server
Comment 7 Stef Walter 2013-09-24 14:30:04 UTC 
1. Please provide the --verbose output of the join
2. Could you also post the contents of /usr/lib64/realmd/realmd-distro.conf
3. Did you restart realmd before trying the new build?
Comment 8 David Spurek 2013-09-24 14:41:07 UTC 
realmd service was restarted.

verbose output of join:

realm -v join --user=Amy-admin ad.baseos.qe
 * Resolving: _ldap._tcp.ad.baseos.qe
 * Performing LDAP DSE lookup on: 2620:52:0:2223::1:1
 ! Can't contact LDAP server
 * Performing LDAP DSE lookup on: 2620:52:0:2223:1dfe:a8ea:f0d8:380c
 * Performing LDAP DSE lookup on: 2001:db8:ee8c:180:1dfe:a8ea:f0d8:380c
 ! Can't contact LDAP server
 * Performing LDAP DSE lookup on: 10.34.37.22
 ! Can't contact LDAP server
 * Successfully discovered: ad.baseos.qe
Password for Amy-admin: 
 * Required files: /usr/sbin/oddjobd, /usr/libexec/oddjob/mkhomedir, /usr/sbin/sssd, /usr/bin/net
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.VUUA4W -U Amy-admin ads join ad.baseos.qe
Enter Amy-admin's password:
Using short domain name -- AD
Joined 'RHEL7-20-8' to dns domain 'ad.baseos.qe'
 * LANG=C LOGNAME=root /usr/bin/net -s /var/cache/realmd/realmd-smb-conf.VUUA4W -U Amy-admin ads keytab create
Enter Amy-admin's password:
 * /usr/bin/systemctl enable sssd.service
ln -s '/usr/lib/systemd/system/sssd.service' '/etc/systemd/system/multi-user.target.wants/sssd.service'
 * /usr/bin/systemctl restart sssd.service
 * /usr/bin/sh -c /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service
 * Successfully enrolled machine in realm


cat /usr/lib64/realmd/realmd-distro.conf
# Distro specific overrides for redhat
[paths]
smb.conf = /etc/samba/smb.conf

[samba-packages]
samba-common = /usr/bin/net

[winbind-packages]
samba-winbind = /usr/sbin/winbindd
samba-winbind-clients = /usr/bin/wbinfo
oddjob = /usr/sbin/oddjobd
oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir

[sssd-packages]
sssd = /usr/sbin/sssd
oddjob = /usr/sbin/oddjobd
oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir

[adcli-packages]
adcli = /usr/sbin/adcli

[ipa-packages]
ipa-client = /usr/sbin/ipa-client-install

[commands]
winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service"
winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
winbind-enable-service = /usr/bin/systemctl enable winbind.service
winbind-disable-service = /usr/bin/systemctl disable winbind.service
winbind-restart-service = /usr/bin/systemctl restart winbind.service
winbind-stop-service = /usr/bin/systemctl stop winbind.service

sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service"
sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
sssd-enable-service = /usr/bin/systemctl enable sssd.service
sssd-disable-service = /usr/bin/systemctl disable sssd.service
sssd-restart-service = /usr/bin/systemctl restart sssd.service
sssd-stop-service = /usr/bin/systemctl stop sssd.service
sssd-caches-flush = /usr/sbin/sss_cache --users --groups --netgroups --services --autofs-maps

# Fedora and RHEL have libnss_sss in place by default, this is no longer needed
name-caches-flush =
Comment 9 Stef Walter 2013-09-24 15:09:43 UTC 
Thanks. That makes sense. Could you try out this build:

http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6322555
Comment 10 David Spurek 2013-09-25 06:42:52 UTC 
This build looks fine, oddjob service is started and enabled after IPA and AD join. In which realmd version will be this fix included?
Comment 14 Ludek Smid 2014-06-13 11:17:03 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.