1852659 – sssd service is starting even though it is disabled state [rhel-7.9.z]

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1852659 - sssd service is starting even though it is disabled state [rhel-7.9.z]

Summary: sssd service is starting even though it is disabled state [rhel-7.9.z]

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	sssd
Sub Component:
Version:	7.8
Hardware:	Unspecified
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Alexey Tikhonov
QA Contact:	shridhar
Docs Contact:
URL:
Whiteboard:	sync-to-jira qetodo
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-07-01 03:16 UTC by Divya Mittal
Modified:	2024-03-25 16:07 UTC (History)
CC List:	14 users (show)
Fixed In Version:	sssd-1.16.5-10.el7_9.6
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-12-15 11:22:17 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SSSD-2612	0	None	None	None	2023-10-07 10:11:22 UTC

Description Divya Mittal 2020-07-01 03:16:51 UTC

Description of problem:

sssd service is restarting after server update even if it is in disabled state.


Version-Release number of selected component (if applicable):

sssd-ad-1.16.4-37.el7_8.1.x86_64                            Wed Jun 24 13:24:08 2020
sssd-client-1.16.4-37.el7_8.1.x86_64                        Wed Jun 24 13:24:06 2020
sssd-common-1.16.4-37.el7_8.1.x86_64                        Wed Jun 24 13:24:07 2020
sssd-common-pac-1.16.4-37.el7_8.1.x86_64                    Wed Jun 24 13:24:07 2020
sssd-krb5-common-1.16.4-37.el7_8.1.x86_64                   Wed Jun 24 13:24:07 2020
sssd-ldap-1.16.4-37.el7_8.1.x86_64                          Wed Jun 24 13:24:08 2020

How reproducible:

Not reproducible

Steps to Reproduce:
1.
2.
3.

Actual results:

sssd is trying to start even when it is in disabled state and going to failed state


Expected results:

sssd should not start when it is in disabled state and service state should be in inactive .

Additional info:

Below can be seen in sssd-common package

==============
rpm -q --scripts sssd-common
..
..
..

systemctl try-restart sssd >/dev/null 2>&1 || :
# After changing order of sssd-common and *libwbclient,
# older version of sssd will restart sssd.service in postun scriptlet
# It failed due to missing alternative to libwbclient. Start it again.
/bin/systemctl is-active --quiet sssd.service || {
    if [ -f /var/tmp/sssd_is_running ]; then
        systemctl start sssd.service >/dev/null 2>&1;
        rm -f /var/tmp/sssd_is_running;
==============

Comment 2 Sumit Bose 2020-07-01 06:42:01 UTC

Hi,

the file '/var/tmp/sssd_is_running' is created during update in %pre and is removed in %posttrans. But if there are some issues during an update, maybe not even caused by an SSSD package, %posttrans might not be executed. A later update will see this file and will try to start SSSD in %posttrans even if it was not running before.

To avoid such confusion the file '/var/tmp/sssd_is_running' should be removed in %pre before the check if it should be created or not.

bye,
Sumit

Comment 3 Alexey Tikhonov 2020-07-01 11:51:12 UTC

(In reply to Sumit Bose from comment #2)
> Hi,
> 
> the file '/var/tmp/sssd_is_running' is created during update in %pre and is
> removed in %posttrans. But if there are some issues during an update, maybe
> not even caused by an SSSD package, %posttrans might not be executed. A
> later update will see this file and will try to start SSSD in %posttrans
> even if it was not running before.
> 
> To avoid such confusion the file '/var/tmp/sssd_is_running' should be
> removed in %pre before the check if it should be created or not.

Something like this?
```
diff --git a/sssd.spec b/sssd.spec
index 50e2eb2..e954eea 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -1130,6 +1130,7 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "Us
 %pre common
 getent group sssd >/dev/null || groupadd -r sssd
 getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
+rm -f /var/tmp/sssd_is_running
 /bin/systemctl is-active --quiet sssd.service && touch /var/tmp/sssd_is_running || :
 
 %post common
```

Sumit, do you know why the code that works with `/var/tmp/sssd_is_running` was removed in RHEL8 sssd.spec?
In RHEL8 it's just:
```
%posttrans common
%systemd_postun_with_restart sssd.service
```

Comment 4 Sumit Bose 2020-07-01 12:03:06 UTC

(In reply to Alexey Tikhonov from comment #3)
> (In reply to Sumit Bose from comment #2)
> > Hi,
> > 
> > the file '/var/tmp/sssd_is_running' is created during update in %pre and is
> > removed in %posttrans. But if there are some issues during an update, maybe
> > not even caused by an SSSD package, %posttrans might not be executed. A
> > later update will see this file and will try to start SSSD in %posttrans
> > even if it was not running before.
> > 
> > To avoid such confusion the file '/var/tmp/sssd_is_running' should be
> > removed in %pre before the check if it should be created or not.
> 
> Something like this?
> ```
> diff --git a/sssd.spec b/sssd.spec
> index 50e2eb2..e954eea 100644
> --- a/sssd.spec
> +++ b/sssd.spec
> @@ -1130,6 +1130,7 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d
> / -s /sbin/nologin -c "Us
>  %pre common
>  getent group sssd >/dev/null || groupadd -r sssd
>  getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin
> -c "User for sssd" sssd
> +rm -f /var/tmp/sssd_is_running
>  /bin/systemctl is-active --quiet sssd.service && touch
> /var/tmp/sssd_is_running || :
>  
>  %post common
> ```

Yes, exactly.

> 
> Sumit, do you know why the code that works with `/var/tmp/sssd_is_running`
> was removed in RHEL8 sssd.spec?
> In RHEL8 it's just:
> ```
> %posttrans common
> %systemd_postun_with_restart sssd.service
> ```

iirc it was added to handle an issue with updates from a version where the restart was in %postun. Since there is no such version in RHEL-8 it is not needed anymore.

HTH

bye,
Sumit

Comment 24 errata-xmlrpc 2020-12-15 11:22:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sssd bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:5459

Note You need to log in before you can comment on or make changes to this bug.