Red Hat Bugzilla – Bug 1110247
Failover SRV discovery not honouring priority/weight
Last modified: 2015-03-05 05:28:17 EST
This bug is created as a clone of upstream ticket: https://fedorahosted.org/sssd/ticket/2357 Using sssd-1.11.5.1-1.el6.x86_64 (from jhrozek's recent COPR repo) on RHEL6.5. I have the following SRV RR's configured in DNS: {{{ ;; QUESTION SECTION: ;_ldap._tcp.idm.poc1.local. IN SRV ;; ANSWER SECTION: _ldap._tcp.idm.poc1.local. 3600 IN SRV 0 0 389 ipa2.idm.poc1.syseng.tmcs. _ldap._tcp.idm.poc1.local. 3600 IN SRV 0 0 389 ipa1.idm.poc1.syseng.tmcs. _ldap._tcp.idm.poc1.local. 3600 IN SRV 10 0 389 ipa2.idm.poc2.syseng.tmcs. _ldap._tcp.idm.poc1.local. 3600 IN SRV 10 0 389 ipa1.idm.poc2.syseng.tmcs. _ldap._tcp.idm.poc1.local. 3600 IN SRV 20 0 389 ipa2.idm.poc3.syseng.tmcs. _ldap._tcp.idm.poc1.local. 3600 IN SRV 20 0 389 ipa1.idm.poc3.syseng.tmcs. }}} Tcpdump confirms all 6 records are returned by the DNS server during SSSD's startup. The SRV discovery only tries one host from each priority level, ie; 3 servers in the above case. Debug logs seem to confirm this: {{{ (Wed Jun 11 07:03:57 2014) [sssd[be[idm.local]]] [fo_discover_srv_done] (0x0400): Got answer. Processing... (Wed Jun 11 07:03:57 2014) [sssd[be[idm.local]]] [fo_discover_srv_done] (0x0400): Got 3 servers (Wed Jun 11 07:03:57 2014) [sssd[be[idm.local]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'ipa2.idm.poc1.local:389' to service 'IPA' (Wed Jun 11 07:03:57 2014) [sssd[be[idm.local]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'ipa1.idm.poc2.local:389' to service 'IPA' (Wed Jun 11 07:03:57 2014) [sssd[be[idm.local]]] [fo_add_server_to_list] (0x0400): Inserted primary server 'ipa2.idm.poc3.local:389' to service 'IPA' (Wed Jun 11 07:03:57 2014) [sssd[be[idm.local]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'IPA' as 'resolved' }}} Full debug log and sssd.conf attached. RFC2782 suggests that for each priority level, all elements should be added to the list (ordered by weight).
Fixed in master: * 2be2220f15b2a819a80b07c8881822ef87053c69 * da6ee4b16f57d24f63c09efa74ead7f7cf315a55 * cb8c79278d23a5b1deb66ea4af37feebc7137fd0
Verified in version sssd-1.12.2-39.el7 Output from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: failover-ldap_009: BZ1110247 multiple srv records with same weight and priority :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ‘/etc/named.conf.orig’ -> ‘/etc/named.conf’ Redirecting to /bin/systemctl restart named.service Redirecting to /bin/systemctl restart named.service Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service :: [ 15:39:07 ] :: Sleeping for 5 seconds :: [ BEGIN ] :: Running 'getent passwd puser1' puser1:*:1001:1001:Posix User1:/home/puser1: :: [ PASS ] :: Command 'getent passwd puser1' (Expected 0, got 0) :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server1.domain1' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server2.domain1' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server1.domain2' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server2.domain2' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server1.domain3' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server2.domain3' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'ldapserver.example.com:389'' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server1.domain4' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Inserted primary server 'server2.domain4' :: [ BEGIN ] :: Running 'auth_success puser1 Secret123' spawn ssh -q -l puser1 localhost echo 'login successful' puser1@localhost's password: login successful :: [ PASS ] :: Command 'auth_success puser1 Secret123' (Expected 0, got 0) failover-ldap-009-BZ1110247-multiple-srv-records-with-same-weight-and-priority result: PASS
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html