Bug 1113639
| Summary: | autofs: return a connection failure until maps have been fetched | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jakub Hrozek <jhrozek> | |
| Component: | sssd | Assignee: | Pavel Březina <pbrezina> | |
| Status: | CLOSED ERRATA | QA Contact: | shridhar <sgadekar> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | low | |||
| Version: | 8.1 | CC: | abokovoy, arusso, atikhono, b.prins, dlavu, dpal, esa, grajaiya, ikent, jhrozek, jhunt, lslebodn, mbogdano, mkosek, mniranja, mrichter, muhammad.zali, mzidek, orion, pbrezina, rvdwees, sbose, sgadekar, sgoveas, thalman, tscherf | |
| Target Milestone: | rc | Keywords: | Triaged | |
| Target Release: | --- | Flags: | jruemker:
mirror+
|
|
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | sync-to-jira review | |||
| Fixed In Version: | sssd-2.4.0-6.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1892184 (view as bug list) | Environment: | ||
| Last Closed: | 2021-05-18 15:03:54 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1101782, 1679810, 1689138, 1892184, 1894575 | |||
|
Description
Jakub Hrozek
2014-06-26 14:22:30 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2371 *** Bug 1335489 has been marked as a duplicate of this bug. *** Reproposing to 7.4 for capacity reasons. I think the symptom of this issue (no maps on boot with fresh cache) was fixed in this commit - https://pagure.io/SSSD/sssd/c/d4063e9a21a4e203bee7e0a0144fa8cabb14cc46?branch=master although in a different manner than originally proposed it seems. Unfortunately I cannot use sss/db on tmpfs until this is fixed. (In reply to Orion Poplawski from comment #14) > I think the symptom of this issue (no maps on boot with fresh cache) was > fixed in this commit - > https://pagure.io/SSSD/sssd/c/ > d4063e9a21a4e203bee7e0a0144fa8cabb14cc46?branch=master although in a > different manner than originally proposed it seems. > > Unfortunately I cannot use sss/db on tmpfs until this is fixed. Not sure what you mean by "sss/db on tmpfs" but you might be able to use a workaround that will be in autofs with RHEL-7.4. Note that we still need to fix this in sss because autofs still needs a way to distinguish between "map does not exist" and "map not yet available" rather than delay/retry logic that will get triggered even when a map really doesn't exist. Upstream ticket: https://pagure.io/SSSD/sssd/issue/4120 Thank you Ian for your explanation. I think all mentioned cases can be addressed. I agree that we should move this to 8.3 to be on the safe side. Bump. Ian, by any chance, can you find any time to work on this? Thank you. (In reply to Pavel Březina from comment #47) > Bump. Ian, by any chance, can you find any time to work on this? Thank you. Oh boy, I meant to get back to it when you posted last time, sorry. I've been so pressed with other things, but let me try get onto this tomorrow and setup the environment so I can check it out. Ian If I understand it correctly, you want to delay the initial data retrievel? Perhaps adding sleep() to *_handler_send() functions in sdap_autofs.c, e.g.: https://github.com/SSSD/sssd/blob/master/src/providers/ldap/sdap_autofs.c#L241 (In reply to Pavel Březina from comment #52) > If I understand it correctly, you want to delay the initial data retrievel? > > Perhaps adding sleep() to *_handler_send() functions in sdap_autofs.c, e.g.: > https://github.com/SSSD/sssd/blob/master/src/providers/ldap/sdap_autofs. > c#L241 That's right, I'll give that a try. I've had some distro/package mismatch difficulties and had to work out how to configure sss but, as of a few minutes ago, I'm up to configuring sssd (which I had successfully done on another release but matching my patched build went badly) so I'll need this fuzz timing fairly soon. Just to check it was the top three patches in that repo branch you posted that I need, correct? Ian (In reply to Ian Kent from comment #53) > Just to check it was the top three patches in that repo branch you posted > that I need, correct? Correct. Upstream PR (SSSD part): https://github.com/SSSD/sssd/pull/5343 Pushed PR: https://github.com/SSSD/sssd/pull/5343 * `master` * 075519bceca7a8f4fa28a0b7c538f2f50d552d13 - configure: check for stdatomic.h * 8a22d4ad45f5fc8e888be693539495093c2b3c35 - autofs: correlate errors for different protocol versions * 34c519a4851194164befc150df8e768431e66405 - autofs: disable fast reply * 9098108a7142513fa04afdf92a2c1b3ac002c56e - autofs: translate ERR_OFFLINE to EHOSTDOWN * e50258da70b67ff1b0f928e2e7875bc2fa32dfde - autofs: return ERR_OFFLINE if we fail to get information from backend and cache is empty * 3f0ba4c2dcf9126b0f94bca4a056b516759d25c1 - cache_req: allow cache_req to return ERR_OFFLINE if all dp request failed Additional PR: https://github.com/SSSD/sssd/pull/5462 Pushed PR: https://github.com/SSSD/sssd/pull/5462 * `master` * 2499bd145f566bfd73b8c7e284b910dd2b36c6d1 - cache_req: ignore autofs not configured error Tested with following data: [root@vm-10-0-108-173 ~]# rpm -q sssd sssd-2.4.0-6.el8.x86_64 [root@vm-10-0-108-173 ~]# systemctl stop sssd ; rm -rf /var/lib/sss/db/* ; systemctl stop autofs [root@vm-10-0-108-173 ~]# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP success [root@vm-10-0-108-173 ~]# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -j ACCEPT success [root@vm-10-0-108-173 ~]# firewall-cmd --reload success [root@vm-10-0-108-173 ~]# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) [....] /dev/vda2 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=82836k,mode=700) [root@vm-10-0-108-173 ~]# systemctl start sssd [root@vm-10-0-108-173 ~]# sssctl domain-status sgadekar2012r2.com Online status: Offline Active servers: AD Global Catalog: not connected AD Domain Controller: adgs.sgadekar2012r2.com Discovered AD Global Catalog servers: None so far. Discovered AD Domain Controller servers: - adgs.sgadekar2012r2.com [root@vm-10-0-108-173 ~]# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) [...] /dev/vda2 on /boot/efi type vfat (rw,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=ascii,shortname=winnt,errors=remount-ro) tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=82836k,mode=700) [root@vm-10-0-108-173 ~]# firewall-cmd --permanent --direct --remove-rule ipv4 filter OUTPUT 0 -p tcp -m tcp --dport=389 -j DROP success [root@vm-10-0-108-173 ~]# firewall-cmd --permanent --direct --remove-rule ipv4 filter OUTPUT 1 -j ACCEPT success [root@vm-10-0-108-173 ~]# firewall-cmd --reload success [root@vm-10-0-108-173 ~]# systemctl start autofs [root@vm-10-0-108-173 ~]# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) [...] tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=82836k,mode=700) auto.direct on /export type autofs (rw,relatime,fd=5,pgrp=23969,timeout=300,minproto=5,maxproto=5,direct,pipe_ino=91316) Marking verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (sssd bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2021:1666 |