Bug 1312297 - nslcd.service does not restart on failure
nslcd.service does not restart on failure
Status: ON_QA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-pam-ldapd (Show other bugs)
7.2
x86_64 Linux
unspecified Severity low
: rc
: ---
Assigned To: Jakub Hrozek
BaseOS QE Security Team
:
Depends On:
Blocks: 1298243
  Show dependency treegraph
 
Reported: 2016-02-26 05:51 EST by Karsten Weiss
Modified: 2017-10-24 08:38 EDT (History)
6 users (show)

See Also:
Fixed In Version: nss-pam-ldapd-0.8.13-13.el7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
pkis: needinfo+


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Knowledge Base (Solution) 2435031 None None None 2016-07-11 03:54 EDT

  None (edit)
Description Karsten Weiss 2016-02-26 05:51:44 EST
Description of problem:

The nslcd.service does not restart on failure.

There's not "Restart=" line in /usr/lib/systemd/system/nslcd.service.

Is this intentional?

(I saw the following crash on one machine during startup and noticed that the service wasn't restarted automatically even though this would succeed:

# systemctl status nslcd
● nslcd.service - Naming services LDAP client daemon.
   Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled; vendor preset: disabled)
   Active: failed (Result: signal) since Thu 2016-02-25 16:59:14 CET; 17h ago
  Process: 2275 ExecStart=/usr/sbin/nslcd (code=exited, status=0/SUCCESS)
 Main PID: 2280 (code=killed, signal=SEGV)

Feb 25 16:59:13 nehalem201 systemd[1]: Starting Naming services LDAP client daemon....
Feb 25 16:59:13 nehalem201 nslcd[2280]: version 0.8.13 starting
Feb 25 16:59:13 nehalem201 nslcd[2280]: accepting connections
Feb 25 16:59:13 nehalem201 systemd[1]: Started Naming services LDAP client daemon..
Feb 25 16:59:14 nehalem201 systemd[1]: nslcd.service: main process exited, code=killed, status=11/SEGV
Feb 25 16:59:14 nehalem201 systemd[1]: Unit nslcd.service entered failed state.
Feb 25 16:59:14 nehalem201 systemd[1]: nslcd.service failed.

(gdb) bt
#0  0x00007f227d8f5bd0 in pthread_mutex_lock () from /lib64/libpthread.so.0
#1  0x00007f227b5e6cb9 in PR_Lock () from /lib64/libnspr4.so
#2  0x00007f227b5ecd45 in PR_GetCurrentThread () from /lib64/libnspr4.so
#3  0x00007f227b5ddc7f in PR_SetError () from /lib64/libnspr4.so
#4  0x00007f227be8eaaf in SECMOD_RestartModules () from /lib64/libnss3.so
#5  0x00007f227df62276 in tlsm_deferred_ctx_init () from /lib64/libldap_r-2.4.so.2
#6  0x00007f227b5deb15 in PR_CallOnceWithArg () from /lib64/libnspr4.so
#7  0x00007f227df60aa1 in tlsm_session_new () from /lib64/libldap_r-2.4.so.2
#8  0x00007f227df5d974 in alloc_handle () from /lib64/libldap_r-2.4.so.2
#9  0x00007f227df5dd2c in ldap_int_tls_connect.isra.2 () from /lib64/libldap_r-2.4.so.2
#10 0x00007f227df5e558 in ldap_int_tls_start () from /lib64/libldap_r-2.4.so.2
#11 0x00007f227df37491 in ldap_int_open_connection () from /lib64/libldap_r-2.4.so.2
#12 0x00007f227df4ab6d in ldap_new_connection () from /lib64/libldap_r-2.4.so.2
#13 0x00007f227df3686f in ldap_open_defconn () from /lib64/libldap_r-2.4.so.2
#14 0x00007f227df4c098 in ldap_send_initial_request () from /lib64/libldap_r-2.4.so.2
#15 0x00007f227df40b86 in ldap_sasl_bind () from /lib64/libldap_r-2.4.so.2
#16 0x00007f227df41109 in ldap_sasl_bind_s () from /lib64/libldap_r-2.4.so.2
#17 0x00007f227df419a5 in ldap_simple_bind_s () from /lib64/libldap_r-2.4.so.2
#18 0x00007f227e805286 in do_retry_search ()
#19 0x00007f227e805a90 in myldap_search ()
#20 0x00007f227e80dbec in nslcd_host_byaddr ()
#21 0x00007f227e80263f in worker ()
#22 0x00007f227d8f3dc5 in start_thread () from /lib64/libpthread.so.0
#23 0x00007f227d62128d in clone () from /lib64/libc.so.6
(gdb)

Feb 25 16:59:14 nehalem201 kernel: alg: No test for crc32 (crc32-table)
Feb 25 16:59:14 nehalem201 systemd[1]: Started IPMI Driver.
Feb 25 16:59:14 nehalem201 kernel: nslcd[2281]: segfault at 10 ip 00007f227d8f5bd0 sp 00007f227a4b12d8 error 4 in libpthread-2.17.so[7f227d8ec000+16000]
Feb 25 16:59:14 nehalem201 systemd[1]: nslcd.service: main process exited, code=killed, status=11/SEGV
Feb 25 16:59:14 nehalem201 systemd[1]: Unit nslcd.service entered failed state.
Feb 25 16:59:14 nehalem201 systemd[1]: nslcd.service failed.
)

Version-Release number of selected component (if applicable):

nss-pam-ldapd-0.8.13-8.el7.x86_64

How reproducible:

Start nslcd.service, kill the process. Notice that systemd won't restart
the service.

Steps to Reproduce:
1. Make sure nslcd.service is active: systemctl status nslcd.service
2. kill $(cat /var/run/nslcd/nslcd.pid)
3. Check the status again: systemctl status nslcd.service => failed

Actual results:

Notice that the nslcd.service does not restart automatically.

Expected results:

I expect that systemd will restart the nslcd.service automatically after
a process crash.

Additional info:

I've tested the following systemd drop-in for nslcd.service and seems
to work:

# cat /etc/systemd/system/nslcd.service.d/restart.conf 
# 2016-02-26, KAW
[Service]
RestartSec=10s
Restart=on-failure

You may want to add the two Restart lines to /usr/lib/systemd/system/nslcd.service in the official rpm.
Comment 1 Jakub Hrozek 2016-02-26 06:05:09 EST
Thanks for the bug report, I think this would be a nice addition to the service file when we update nslcd in RHEL.
Comment 3 Karsten Weiss 2016-02-27 07:19:36 EST
While we're at it: You may as well want to add the missing Documentation= line to nslcd.service:

[Unit]
Documentation=man:nslcd(8) man:nslcd.conf(5)

Note You need to log in before you can comment on or make changes to this bug.