Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1852659

Summary: sssd service is starting even though it is disabled state [rhel-7.9.z]
Product: Red Hat Enterprise Linux 7 Reporter: Divya Mittal <dmittal>
Component: sssdAssignee: Alexey Tikhonov <atikhono>
Status: CLOSED ERRATA QA Contact: shridhar <sgadekar>
Severity: high Docs Contact:
Priority: high    
Version: 7.8CC: atikhono, ddas, dlavu, grajaiya, jhrozek, jreznik, lslebodn, mzidek, pbrezina, sbose, sgoveas, spanjikk, thalman, tscherf
Target Milestone: rcKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard: sync-to-jira qetodo
Fixed In Version: sssd-1.16.5-10.el7_9.6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-12-15 11:22:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Divya Mittal 2020-07-01 03:16:51 UTC 
Description of problem:

sssd service is restarting after server update even if it is in disabled state.


Version-Release number of selected component (if applicable):

sssd-ad-1.16.4-37.el7_8.1.x86_64                            Wed Jun 24 13:24:08 2020
sssd-client-1.16.4-37.el7_8.1.x86_64                        Wed Jun 24 13:24:06 2020
sssd-common-1.16.4-37.el7_8.1.x86_64                        Wed Jun 24 13:24:07 2020
sssd-common-pac-1.16.4-37.el7_8.1.x86_64                    Wed Jun 24 13:24:07 2020
sssd-krb5-common-1.16.4-37.el7_8.1.x86_64                   Wed Jun 24 13:24:07 2020
sssd-ldap-1.16.4-37.el7_8.1.x86_64                          Wed Jun 24 13:24:08 2020

How reproducible:

Not reproducible

Steps to Reproduce:
1.
2.
3.

Actual results:

sssd is trying to start even when it is in disabled state and going to failed state


Expected results:

sssd should not start when it is in disabled state and service state should be in inactive .

Additional info:

Below can be seen in sssd-common package

==============
rpm -q --scripts sssd-common
..
..
..

systemctl try-restart sssd >/dev/null 2>&1 || :
# After changing order of sssd-common and *libwbclient,
# older version of sssd will restart sssd.service in postun scriptlet
# It failed due to missing alternative to libwbclient. Start it again.
/bin/systemctl is-active --quiet sssd.service || {
    if [ -f /var/tmp/sssd_is_running ]; then
        systemctl start sssd.service >/dev/null 2>&1;
        rm -f /var/tmp/sssd_is_running;
==============
Comment 2 Sumit Bose 2020-07-01 06:42:01 UTC 
Hi,

the file '/var/tmp/sssd_is_running' is created during update in %pre and is removed in %posttrans. But if there are some issues during an update, maybe not even caused by an SSSD package, %posttrans might not be executed. A later update will see this file and will try to start SSSD in %posttrans even if it was not running before.

To avoid such confusion the file '/var/tmp/sssd_is_running' should be removed in %pre before the check if it should be created or not.

bye,
Sumit
Comment 3 Alexey Tikhonov 2020-07-01 11:51:12 UTC 
(In reply to Sumit Bose from comment #2)
> Hi,
> 
> the file '/var/tmp/sssd_is_running' is created during update in %pre and is
> removed in %posttrans. But if there are some issues during an update, maybe
> not even caused by an SSSD package, %posttrans might not be executed. A
> later update will see this file and will try to start SSSD in %posttrans
> even if it was not running before.
> 
> To avoid such confusion the file '/var/tmp/sssd_is_running' should be
> removed in %pre before the check if it should be created or not.

Something like this?
```
diff --git a/sssd.spec b/sssd.spec
index 50e2eb2..e954eea 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -1130,6 +1130,7 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
 %pre common
 getent group sssd >/dev/null || groupadd -r sssd
 getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
+rm -f /var/tmp/sssd_is_running
 /bin/systemctl is-active --quiet sssd.service && touch /var/tmp/sssd_is_running || :
 
 %post common
```

Sumit, do you know why the code that works with `/var/tmp/sssd_is_running` was removed in RHEL8 sssd.spec?
In RHEL8 it's just:
```
%posttrans common
%systemd_postun_with_restart sssd.service
```
Comment 4 Sumit Bose 2020-07-01 12:03:06 UTC 
(In reply to Alexey Tikhonov from comment #3)
> (In reply to Sumit Bose from comment #2)
> > Hi,
> > 
> > the file '/var/tmp/sssd_is_running' is created during update in %pre and is
> > removed in %posttrans. But if there are some issues during an update, maybe
> > not even caused by an SSSD package, %posttrans might not be executed. A
> > later update will see this file and will try to start SSSD in %posttrans
> > even if it was not running before.
> > 
> > To avoid such confusion the file '/var/tmp/sssd_is_running' should be
> > removed in %pre before the check if it should be created or not.
> 
> Something like this?
> ```
> diff --git a/sssd.spec b/sssd.spec
> index 50e2eb2..e954eea 100644
> --- a/sssd.spec
> +++ b/sssd.spec
> @@ -1130,6 +1130,7 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d
> / -s /sbin/nologin -c "Us
>  %pre common
>  getent group sssd >/dev/null || groupadd -r sssd
>  getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin
> -c "User for sssd" sssd
> +rm -f /var/tmp/sssd_is_running
>  /bin/systemctl is-active --quiet sssd.service && touch
> /var/tmp/sssd_is_running || :
>  
>  %post common
> ```

Yes, exactly.

> 
> Sumit, do you know why the code that works with `/var/tmp/sssd_is_running`
> was removed in RHEL8 sssd.spec?
> In RHEL8 it's just:
> ```
> %posttrans common
> %systemd_postun_with_restart sssd.service
> ```

iirc it was added to handle an issue with updates from a version where the restart was in %postun. Since there is no such version in RHEL-8 it is not needed anymore.

HTH

bye,
Sumit
Comment 24 errata-xmlrpc 2020-12-15 11:22:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:5459