Bug 903648 - NSCD warning is irritating
Summary: NSCD warning is irritating
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd
Version: 7.0
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: rc
: ---
Assignee: Jakub Hrozek
QA Contact: Kaushik Banerjee
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-01-24 13:37 UTC by Dmitri Pal
Modified: 2020-05-02 17:15 UTC (History)
6 users (show)

Fixed In Version: sssd-1.10.0-10.el7.beta2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-13 12:01:17 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github SSSD sssd issues 2827 None closed NSCD warning is irritating 2020-05-02 17:15:25 UTC

Description Dmitri Pal 2013-01-24 13:37:25 UTC
When running nscd && sssd, nscd needs to be configured to not conflict with overlapping services, however even if configured correctly, warning messages show up in logs. We need to remove these warnings if sssd is configured correctly.

Comment 3 Dmitri Pal 2013-01-24 13:42:44 UTC
Upstream ticket:
https://fedorahosted.org/sssd/ticket/1785

Comment 4 Jakub Hrozek 2013-10-04 13:24:24 UTC
Temporarily moving bugs to MODIFIED to work around errata tool bug

Comment 6 Amith 2013-12-10 12:38:02 UTC
Verified the bug on SSSD Version: sssd-1.11.2-10.el7.x86_64

Steps followed during verification:
1. Setup nscd.conf with default overlapping services and start nscd.
2. Setup sssd.conf correctly and start it as well.
3. Monitor /var/log/messages file. Following warning appears:

Dec 10 17:53:37 rhel-7 systemd: Starting System Security Services Daemon...
Dec 10 17:53:37 rhel-7 sssd: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in parallel with SSSD, unless NSCD is configured not to cache these.
Dec 10 17:53:37 rhel-7 sssd: Starting up
Dec 10 17:53:39 rhel-7 sssd[be[LDAP]]: Starting up
Dec 10 17:53:39 rhel-7 sssd[pam]: Starting up
Dec 10 17:53:39 rhel-7 sssd[nss]: Starting up

4. Stop both sssd and nscd service.
5. Now configure nscd.conf correctly by commenting out overlapping services.
6. Start nscd service first and then start sssd service.
7. Monitor syslog messages. 

The warning message disappears as expected.

Comment 7 Ludek Smid 2014-06-13 12:01:17 UTC
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Comment 9 RobbieTheK 2019-06-14 14:28:47 UTC
Let me know if this should be a new bug. We use NIS and disable sssd:
systemctl status sssd
● sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; disabled; vendor preset: enabled)
   Active: inactive (dead)

However we still get this several times a day:
Daemon: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in parallel with SSSD, unless NSCD is configured not to cache these 

Here's the /etc/nscd.conf:

  enable-cache            passwd          yes
        positive-time-to-live   passwd          600
        negative-time-to-live   passwd          20
        suggested-size          passwd          211
        check-files             passwd          yes
        persistent              passwd          yes
        shared                  passwd          yes
        max-db-size             passwd          33554432
        auto-propagate          passwd          yes

        enable-cache            group           yes
        positive-time-to-live   group           3600
        negative-time-to-live   group           60
        suggested-size          group           211
        check-files             group           yes
        persistent              group           yes
        shared                  group           yes
        max-db-size             group           33554432
        auto-propagate          group           yes

        enable-cache            hosts           yes
        positive-time-to-live   hosts           3600
        negative-time-to-live   hosts           20
        suggested-size          hosts           211
        check-files             hosts           yes
        persistent              hosts           yes
        shared                  hosts           yes
        max-db-size             hosts           33554432

        enable-cache            services        yes
        positive-time-to-live   services        28800
        negative-time-to-live   services        20
        suggested-size          services        211
        check-files             services        yes
        persistent              services        yes
        shared                  services        yes
        max-db-size             services        33554432

Comment 10 Jakub Hrozek 2019-06-14 19:49:56 UTC
Where do you get the warning from if sssd is disabled?

Comment 11 RobbieTheK 2019-06-14 19:56:12 UTC
(In reply to Jakub Hrozek from comment #10)
> Where do you get the warning from if sssd is disabled?
It just happens randomly can't reproduce it, could it be related to NIS, ypbind?

Comment 12 RobbieTheK 2019-06-18 15:41:36 UTC
(In reply to Jakub Hrozek from comment #10)
> Where do you get the warning from if sssd is disabled?

Perhaps this is a clue?
Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all domains.
Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down
Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager...
Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to be configured to cache some of the databases controlled by SSSD [passwd,group,netgroup,services]. It is recommended not to run NSCD in parallel with SSSD, unless NSCD is configured not to cache these.
Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager.

Comment 13 Jakub Hrozek 2019-06-18 18:01:51 UTC
(In reply to RobbieTheK from comment #12)
> (In reply to Jakub Hrozek from comment #10)
> > Where do you get the warning from if sssd is disabled?
> 
> Perhaps this is a clue?
> Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all
> domains.
> Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down
> Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager...
> Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to
> be configured to cache some of the databases controlled by SSSD
> [passwd,group,netgroup,services]. It is recommended not to run NSCD in
> parallel with SSSD, unless NSCD is configured not to cache these.
> Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager.

Ah, OK this makes sense. I didn't think about KCM because this bug was opened against RHEL-7 so I had this RHEL-7 tunnel vision. I reckon you are running RHEL-8 or some modern Fedora, then? If yes, then this is a small bug. KCM on startup regenerates its configuration database with the help of the main sssd binary (sssd --genconf --only-section=kcm or something like this) which incidentally also runs the nscd check.

Comment 14 RobbieTheK 2019-06-18 18:08:51 UTC
(In reply to Jakub Hrozek from comment #13)
> (In reply to RobbieTheK from comment #12)
> > (In reply to Jakub Hrozek from comment #10)
> > > Where do you get the warning from if sssd is disabled?
> > 
> > Perhaps this is a clue?
> > Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all
> > domains.
> > Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down
> > Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager...
> > Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to
> > be configured to cache some of the databases controlled by SSSD
> > [passwd,group,netgroup,services]. It is recommended not to run NSCD in
> > parallel with SSSD, unless NSCD is configured not to cache these.
> > Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager.
> 
> Ah, OK this makes sense. I didn't think about KCM because this bug was
> opened against RHEL-7 so I had this RHEL-7 tunnel vision. I reckon you are
> running RHEL-8 or some modern Fedora, then? If yes, then this is a small
> bug. KCM on startup regenerates its configuration database with the help of
> the main sssd binary (sssd --genconf --only-section=kcm or something like
> this) which incidentally also runs the nscd check.

Yes Fedora 29. Should I open a new bug?

Comment 15 Jakub Hrozek 2019-06-18 18:54:45 UTC
(In reply to RobbieTheK from comment #14)
> (In reply to Jakub Hrozek from comment #13)
> > (In reply to RobbieTheK from comment #12)
> > > (In reply to Jakub Hrozek from comment #10)
> > > > Where do you get the warning from if sssd is disabled?
> > > 
> > > Perhaps this is a clue?
> > > Jun 17 16:32:42 ourserver ypbind[20820]: 20822: Ping active servers for all
> > > domains.
> > > Jun 17 16:32:55 ourserver sssd[kcm][30684]: Shutting down
> > > Jun 17 16:32:59 ourserver systemd[1]: Starting SSSD Kerberos Cache Manager...
> > > Jun 17 16:32:59 ourserver sssd[30091]: NSCD socket was detected and seems to
> > > be configured to cache some of the databases controlled by SSSD
> > > [passwd,group,netgroup,services]. It is recommended not to run NSCD in
> > > parallel with SSSD, unless NSCD is configured not to cache these.
> > > Jun 17 16:32:59 ourserver systemd[1]: Started SSSD Kerberos Cache Manager.
> > 
> > Ah, OK this makes sense. I didn't think about KCM because this bug was
> > opened against RHEL-7 so I had this RHEL-7 tunnel vision. I reckon you are
> > running RHEL-8 or some modern Fedora, then? If yes, then this is a small
> > bug. KCM on startup regenerates its configuration database with the help of
> > the main sssd binary (sssd --genconf --only-section=kcm or something like
> > this) which incidentally also runs the nscd check.
> 
> Yes Fedora 29. Should I open a new bug?

I can do that if you don't mind, I hope I know all the details. I'll CC you to this bug report.


Note You need to log in before you can comment on or make changes to this bug.