Red Hat Bugzilla – Bug 1216285
autofs provider fails when default_domain_suffix and use_fully_qualified_names set
Last modified: 2015-11-19 06:38:22 EST
Created attachment 1019948 [details] autofs.patch Description of problem: when default_domain_suffix is enabled, you must enable use_fully_qualified names. this breaks the autofs provider, which then returns 'Cannot allocate memory' for the maps. Version-Release number of selected component (if applicable): sssd-1.12.2-58.el7.6.x86_64 How reproducible: always Steps to Reproduce: 1. set default_domain_suffix and use_fully_qualified names 2. configure autofs maps in IPA 3. attempt to access maps Actual results: [root@client01 ~]# ipa automountlocation-tofiles default; grep -e fully -e default /etc/sssd/sssd.conf; service sssd restart; sss_cache -E; service autofs restart; automount -m /etc/auto.master: /- /etc/auto.direct /test /etc/auto.test --------------------------- /etc/auto.direct: --------------------------- /etc/auto.test: test -fstype=nfs test:/test maps not connected to /etc/auto.master: use_fully_qualified_names = true default_domain_suffix = example.com Redirecting to /bin/systemctl restart sssd.service Redirecting to /bin/systemctl restart autofs.service setautomntent: lookup(sss): setautomntent: Cannot allocate memory setautomntent: lookup(sss): setautomntent: Cannot allocate memory autofs dump map information =========================== global options: none configured no master map entries found Expected results: [root@client01 ~]# ipa automountlocation-tofiles default; grep -e fully -e default /etc/sssd/sssd.conf; service sssd restart; sss_cache -E; service autofs restart; automount -m /etc/auto.master: /- /etc/auto.direct /test /etc/auto.test --------------------------- /etc/auto.direct: --------------------------- /etc/auto.test: test -fstype=nfs test:/test maps not connected to /etc/auto.master: use_fully_qualified_names = true default_domain_suffix = example.com Redirecting to /bin/systemctl restart sssd.service Redirecting to /bin/systemctl restart autofs.service autofs dump map information =========================== global options: none configured Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map Mount point: /test source(s): instance type(s): sss map: auto.test test | -fstype=nfs test:/test Additional info: crude patch to fix is attached. behavior is as expected in an AD/IPA trust environment with this bit of code removed, but may not be technically correct. this combination of options is required after https://bugzilla.redhat.com/show_bug.cgi?id=1211830
Created attachment 1019960 [details] sssd-logs
I think your patch is completely correct, the autofs maps can't be qualified, the root is always auto.master (ok, this is configurable) and then automounter traverses the maps. I can't think of a scenario where it would be possible for a user to specify a qualified map other than overriding the map name in the config. Can you send the patch to sssd-devel, please? I'll ack it.
Upstream ticket: https://fedorahosted.org/sssd/ticket/2643
btw I was also able to reproduce the bug and verify it's fixed using your patch with an ordinary LDAP domain, just to make sure there was nothing specific to IPA I was missing. Thanks a lot for the patch!
Fixed upstream: sssd-1-12: 8f57c6765b10de36582ef1dbee32d75452451a94 master: 4df706219e64527209f12ad0c7814ee1be979c07
Created attachment 1079921 [details] automount steps
Jakub, I did create many maps and associated keys on the IPA-server and am able to access them from the ipa-client using the below command. I think we are good to mark this as VERIFIED. Can you please confirm. [root@ipaclient02 etc]# ipa automountlocation-tofiles baltimore; grep -e fully -e default /etc/sssd/sssd.conf; service sssd restart; sss_cache -E; service autofs restart; automount -m /etc/auto.master: /- /etc/auto.direct --------------------------- /etc/auto.direct: maps not connected to /etc/auto.master: --------------------------- /etc/auto.data: data -ro,ipa01.labs01.test:/shared/data --------------------------- /etc/auto.share: man -ro,soft,rsize=8192,wsize=8192 ipa01.labs01.test:/shared/man --------------------------- /etc/auto.test: test -ro,soft,ipa01.labs01.test:/shared/test default_domain_suffix = test.in use_fully_qualified_names = true Redirecting to /bin/systemctl restart sssd.service Redirecting to /bin/systemctl restart autofs.service autofs dump map information =========================== global options: none configured Mount point: /misc source(s): instance type(s): file map: /etc/auto.misc cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom Mount point: /net source(s): type: hosts ipaclient02.labs01.test | (null) localhost | (null) Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map
Hmm, I don't see /shared/data in automount -m output, looks like you need to link the auto.share map with auto.master ?
Jakub, After manually adding the entries in /etc/auto.master in ipaclient, automount -m is showing the values. /shared/data /etc/auto.data /shared/man /etc/auto.share /shared/test /etc/auto.test [root@ipaclient02 ~]# automount -m autofs dump map information =========================== global options: none configured Mount point: /misc source(s): instance type(s): file map: /etc/auto.misc cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom instance type(s): files sss map: auto.misc duplicate indirect map entry will be ignored at run time cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom Mount point: /shared/data source(s): instance type(s): file map: /etc/auto.data data | -ro,ipaclient02.labs01.test/shared/data Mount point: /shared/man source(s): instance type(s): file map: /etc/auto.share man | -ro,soft,rsize=8192,wsize=8192 ipaclient02.labs01.test:/shared/man Mount point: /shared/test source(s): instance type(s): file map: /etc/auto.test test | -ro,soft,ipaclient02.labs01.test:/shared/test Mount point: /net source(s): type: hosts ipaclient02.labs01.test | (null) localhost | (null) Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map
(In reply to Sudhir Menon from comment #15) > Jakub, > After manually adding the entries in /etc/auto.master in ipaclient, > automount -m is showing the values. > I guess this is so-so, but wouldn't it be better to link auto.master on the server with auto.share on the server? See ipa help automounter, it gives example on how to configure similar setup.
Verified using RHEL7.2 sssd-1.13.0-36.el7.x86_64 ipa-server-4.2.0-12.el7.x86_64 ipa-server-dns-4.2.0-12.el7.x86_64 ipa-server-trust-ad-4.2.0-12.el7.x86_64 Observations: "setautomntent: lookup(sss): setautomntent: Cannot allocate memory" is not displayed. Steps done: 1. On IPA-Server #vi etc/exportfs /ipaexport *(rw) 2. service nfs restart 3. [root@ipa01 ~]# ipa automountlocation-add baltimore ------------------------------------ Added automount location "baltimore" ------------------------------------ Location: baltimore 4.[root@ipa01 ~]# ipa automountmap-add baltimore auto.share -------------------------------- Added automount map "auto.share" -------------------------------- Map: auto.share 5.[root@ipa01 ~]# ipa automountkey-add baltimore auto.master --key=/share --info=auto.share ---------------------------- Added automount key "/share" ---------------------------- Key: /share Mount information: auto.share 6.[root@ipa01 ~]# ipa automountkey-find baltimore auto.share ----------------------- 1 automount key matched ----------------------- Key: test Mount information: -rw,sync,ipa01.labs01.test:/ipaexport ---------------------------- Number of entries returned 1 ---------------------------- 7. [root@ipaclient02 ~]# ipa-client-automount --server=ipa01.labs01.test --location=baltimore IPA server: ipa01.labs01.test Location: baltimore Continue to configure the system with these values? [no]: yes Configured /etc/sysconfig/nfs Configured /etc/idmapd.conf Started rpcidmapd Started rpcgssd Restarting sssd, waiting for it to become available. Started autofs 8. Ran the below command on IPAclient which was giving the error. Now its not giving the error. [root@ipaclient02 ~]# ipa automountlocation-tofiles baltimore; grep -e fully -e default /etc/sssd/sssd.conf; service sssd restart; sss_cache -E; service autofs restart; automount -m /etc/auto.master: /- /etc/auto.direct /share /etc/auto.share --------------------------- /etc/auto.direct: --------------------------- /etc/auto.share: test -rw,sync,ipa01.labs01.test:/ipaexport maps not connected to /etc/auto.master: default_domain_suffix = test.in use_fully_qualified_names = true Redirecting to /bin/systemctl restart sssd.service Redirecting to /bin/systemctl restart autofs.service autofs dump map information =========================== global options: none configured Mount point: /misc source(s): instance type(s): file map: /etc/auto.misc cd | -fstype=iso9660,ro,nosuid,nodev :/dev/cdrom Mount point: /net source(s): type: hosts ipaclient02.labs01.test | (null) localhost | (null) Mount point: /- source(s): lookup_read_map: lookup(sss): getautomntent_r: No such file or directory instance type(s): sss map: auto.direct no keys found in map Mount point: /share source(s): instance type(s): sss map: auto.share test | -rw,sync,ipa01.labs01.test:/ipaexport
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-2355.html