Pavel, I think this looks a bit similar to https://bugzilla.redhat.com/show_bug.cgi?id=1466934
do you agree? Do you have some suggestion to increase the wait timeout in case the services are restarted?
On Thu, Jul 13, 2017 at 08:41:58AM +0200, Harald Dunkel wrote:
Hi Jakub,
it happened again (using sssd 1.15.0). At 18.21 sssd became unavailable. See below
On Wed, 24 Feb 2016 09:24:47 +0100 Jakub Hrozek jhrozek@redhat.com wrote:
Do you think this is OK? Did it try to terminate the unresponsive sssd_be, or did it just try to start a new one and ran into a conflict with the old?
We should have started a new one. Again, I'm speculating, but I /think/ that because the system might have been under load, the sssd_be took too long to restart and the monitor (sssd itself) gave up on it. Of course, it's something we should fix, but without a better idea how to reproduce the error in the first place, I'm not sure how to start to be honest.
This time nss went away, AFAICS. sssd.log:
(Mon Jul 10 00:39:27 2017) [sssd] [monitor_hup] (0x0020): Received SIGHUP. (Mon Jul 10 00:39:27 2017) [sssd] [te_server_hup] (0x0020): Received SIGHUP. Rotating logfiles. (Wed Jul 12 18:21:31 2017) [sssd] [svc_child_info] (0x0040): Child [1152] exited with code [0] (Wed Jul 12 18:21:31 2017) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jul 12 18:21:32 2017) [sssd] [start_service] (0x0100): Queueing service nss for startup (Wed Jul 12 18:21:32 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. (Wed Jul 12 18:21:32 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Adding connection 0x10c4230. (Wed Jul 12 18:21:32 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Got a connection (Wed Jul 12 18:21:32 2017) [sssd] [svc_child_info] (0x0040): Child [117466] exited with code [3] (Wed Jul 12 18:21:32 2017) [sssd] [svc_child_info] (0x0040): Child [1150] exited with code [0] (Wed Jul 12 18:21:32 2017) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jul 12 18:21:32 2017) [sssd] [start_service] (0x0100): Queueing service example.de for startup (Wed Jul 12 18:21:34 2017) [sssd] [start_service] (0x0100): Queueing service nss for startup (Wed Jul 12 18:21:34 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. (Wed Jul 12 18:21:34 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Adding connection 0x10c44a0. (Wed Jul 12 18:21:34 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Got a connection (Wed Jul 12 18:21:34 2017) [sssd] [svc_child_info] (0x0040): Child [117468] exited with code [3] (Wed Jul 12 18:21:34 2017) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jul 12 18:21:38 2017) [sssd] [start_service] (0x0100): Queueing service nss for startup (Wed Jul 12 18:21:38 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. (Wed Jul 12 18:21:38 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Adding connection 0x10b29b0. (Wed Jul 12 18:21:38 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Got a connection (Wed Jul 12 18:21:38 2017) [sssd] [svc_child_info] (0x0040): Child [117469] exited with code [3] (Wed Jul 12 18:21:38 2017) [sssd] [monitor_restart_service] (0x0010): Process [nss], definitely stopped! (Wed Jul 12 18:21:38 2017) [sssd] [monitor_quit] (0x0040): Returned with: 1 (Wed Jul 12 18:21:38 2017) [sssd] [monitor_quit] (0x0020): Terminating [example.de][117467] (Wed Jul 12 18:21:39 2017) [sssd] [monitor_quit] (0x0020): Child [example.de] exited gracefully (Wed Jul 12 18:21:39 2017) [sssd] [monitor_quit] (0x0020): Terminating [pac][1156] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [pac] terminated with a signal (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Terminating [ssh][1155] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [ssh] terminated with a signal (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Terminating [pam][1154] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [pam] terminated with a signal (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Terminating [sudo][1153] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [sudo] exited gracefully (Wed Jul 12 19:12:37 2017) [sssd] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\]+)\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\]+)$))]. (Wed Jul 12 19:12:37 2017) [sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
sssd_nss.log: (Wed Jul 12 18:21:29 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Wed Jul 12 18:21:32 2017) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Wed Jul 12 18:21:32 2017) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Wed Jul 12 18:21:32 2017) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed (Wed Jul 12 18:21:34 2017) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Wed Jul 12 18:21:34 2017) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Wed Jul 12 18:21:34 2017) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed (Wed Jul 12 18:21:38 2017) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Wed Jul 12 18:21:38 2017) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Wed Jul 12 18:21:38 2017) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed
domain log: (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=juppschmitz@example.de] (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)] (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=helpdesk,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=User Administrator,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=IT Specialist,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=IT Security Specialist,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=Security Architect,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)] (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): domain: example.de (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): user: juppschmitz@example.de (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): service: dovecot (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): tty: dovecot (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): ruser: juppschmitz (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): rhost: 172.19.97.238 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): authtok type: 1 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): priv: 1 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): cli_pid: 117180 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): logon name: not set (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [be_resolve_server_process] (0x0200): Found address for server ipa2.example.de: [172.19.96.4] TTL 7200 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ipa2.example.de' as 'working' (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [set_server_common_status] (0x0100): Marking server 'ipa2.example.de' as 'working' (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0200): Entry [name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb] has set [ts_cache] attrs. (Wed Jul 12 18:21:29 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0200): Entry [name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb] has set [cache, ts_cache] attrs. (Wed Jul 12 18:21:29 2017) [sssd[be[example.de]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.EXAMPLE.DE], [2][No such file or directory] (Wed Jul 12 18:21:29 2017) [sssd[be[example.de]]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): DB File for example.de: /var/lib/sss/db/cache_example.de.ldb (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): Timestamp file for example.de: /var/lib/sss/db/timestamps_example.de.ldb (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_example.de,1) (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\]+)\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\]+)$))]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [id] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [auth] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [access] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [chpass] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [sudo] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [autofs] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [selinux] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [hostid] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [subdomains] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sdap_set_sasl_options] (0x0100): Will look for srvvm01.ac.example.de@EXAMPLE.DE in default keytab (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [select_principal_from_keytab] (0x0200): Selected primary: host/srvvm01.ac.example.de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [select_principal_from_keytab] (0x0200): Selected realm: EXAMPLE.DE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to host/srvvm01.ac.example.de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to EXAMPLE.DE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [USER][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][cn=ng,cn=alt,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_host_search_base set to cn=accounts,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HOST][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HBAC][cn=hbac,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_selinux_search_base set to cn=selinux,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SELINUX][cn=selinux,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_subdomains_search_base set to cn=trusts,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SUBDOMAINS][cn=trusts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_master_domain_search_base set to cn=ad,cn=etc,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_ranges_search_base set to cn=ranges,cn=etc,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_RANGES][cn=ranges,cn=etc,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_views_search_base set to cn=views,cn=accounts,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_VIEWS][cn=views,cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_init_dyndns] (0x0100): Dynamic DNS updates are off. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy option (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_auth_options] (0x0100): Option krb5_fast_principal set to host/srvvm01.ac.example.de@EXAMPLE.DE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to true (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [check_lifetime] (0x0200): No lifetime configured. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [check_lifetime] (0x0200): No lifetime configured. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_krb5_check_options] (0x0100): No KDC explicitly configured, using defaults. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_krb5_check_options] (0x0100): No kpasswd server explicitly configured, using the KDC or defaults. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_krb5_check_options] (0x0100): ccache is of type FILE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [parse_krb5_map_user] (0x0100): krb5_map_user is empty! (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][cn=sudo,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][cn=default,cn=automount,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sssm_ipa_selinux_init] (0x0080): SELinux init handler called but SSSD is built without SSH support, ignoring (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_write_krb5_localauth_snippet] (0x0200): File for localauth plugin configuration is [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_write_krb5_libdefaults_snippet] (0x0200): File for KRB5 kibdefaults configuration is [/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_write_domain_mappings] (0x0200): Mapping file for domain [example.de] is [/var/lib/sss/pubconf/krb5.include.d/domain_realm_example_de] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [become_user] (0x0200): Trying to become user [0][0]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [become_user] (0x0200): Already user [0]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.EXAMPLE.DE], [2][No such file or directory] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.EXAMPLE.DE], [2][No such file or directory] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): DB File for example.de: /var/lib/sss/db/cache_example.de.ldb (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): Timestamp file for example.de: /var/lib/sss/db/timestamps_example.de.ldb
In future we would like to make heavier use of systemd features, we need to socket-activate the parts as a first step. Using systemd's watchdog would also be nice, but we're not there yet.
Sorry to say, but having "nice" features is irrelevant, if you loose 1 hour EMail traffic.
I highly appreciate that there are many many volunteers out there writing open source software because they like to (I do, too), but in the office we don't run these servers for fun.
Regards Harri
On 07/13/2017 10:54 AM, Jakub Hrozek wrote:
Pavel, I think this looks a bit similar to https://bugzilla.redhat.com/show_bug.cgi?id=1466934
do you agree? Do you have some suggestion to increase the wait timeout in case the services are restarted?
It looks similar. The timeout is currently hardcoded. We can create a test build with configurable/increased timeout and see if it helps.
On Thu, Jul 13, 2017 at 08:41:58AM +0200, Harald Dunkel wrote:
Hi Jakub,
it happened again (using sssd 1.15.0). At 18.21 sssd became unavailable. See below
On Wed, 24 Feb 2016 09:24:47 +0100 Jakub Hrozek jhrozek@redhat.com wrote:
Do you think this is OK? Did it try to terminate the unresponsive sssd_be, or did it just try to start a new one and ran into a conflict with the old?
We should have started a new one. Again, I'm speculating, but I /think/ that because the system might have been under load, the sssd_be took too long to restart and the monitor (sssd itself) gave up on it. Of course, it's something we should fix, but without a better idea how to reproduce the error in the first place, I'm not sure how to start to be honest.
This time nss went away, AFAICS. sssd.log:
(Mon Jul 10 00:39:27 2017) [sssd] [monitor_hup] (0x0020): Received SIGHUP. (Mon Jul 10 00:39:27 2017) [sssd] [te_server_hup] (0x0020): Received SIGHUP. Rotating logfiles. (Wed Jul 12 18:21:31 2017) [sssd] [svc_child_info] (0x0040): Child [1152] exited with code [0] (Wed Jul 12 18:21:31 2017) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jul 12 18:21:32 2017) [sssd] [start_service] (0x0100): Queueing service nss for startup (Wed Jul 12 18:21:32 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. (Wed Jul 12 18:21:32 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Adding connection 0x10c4230. (Wed Jul 12 18:21:32 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Got a connection (Wed Jul 12 18:21:32 2017) [sssd] [svc_child_info] (0x0040): Child [117466] exited with code [3] (Wed Jul 12 18:21:32 2017) [sssd] [svc_child_info] (0x0040): Child [1150] exited with code [0] (Wed Jul 12 18:21:32 2017) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jul 12 18:21:32 2017) [sssd] [start_service] (0x0100): Queueing service example.de for startup (Wed Jul 12 18:21:34 2017) [sssd] [start_service] (0x0100): Queueing service nss for startup (Wed Jul 12 18:21:34 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. (Wed Jul 12 18:21:34 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Adding connection 0x10c44a0. (Wed Jul 12 18:21:34 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Got a connection (Wed Jul 12 18:21:34 2017) [sssd] [svc_child_info] (0x0040): Child [117468] exited with code [3] (Wed Jul 12 18:21:34 2017) [sssd] [sbus_dispatch] (0x0080): Connection is not open for dispatching. (Wed Jul 12 18:21:38 2017) [sssd] [start_service] (0x0100): Queueing service nss for startup (Wed Jul 12 18:21:38 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. (Wed Jul 12 18:21:38 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Adding connection 0x10b29b0. (Wed Jul 12 18:21:38 2017) [sssd] [sbus_server_init_new_connection] (0x0200): Got a connection (Wed Jul 12 18:21:38 2017) [sssd] [svc_child_info] (0x0040): Child [117469] exited with code [3] (Wed Jul 12 18:21:38 2017) [sssd] [monitor_restart_service] (0x0010): Process [nss], definitely stopped! (Wed Jul 12 18:21:38 2017) [sssd] [monitor_quit] (0x0040): Returned with: 1 (Wed Jul 12 18:21:38 2017) [sssd] [monitor_quit] (0x0020): Terminating [example.de][117467] (Wed Jul 12 18:21:39 2017) [sssd] [monitor_quit] (0x0020): Child [example.de] exited gracefully (Wed Jul 12 18:21:39 2017) [sssd] [monitor_quit] (0x0020): Terminating [pac][1156] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [pac] terminated with a signal (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Terminating [ssh][1155] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [ssh] terminated with a signal (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Terminating [pam][1154] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [pam] terminated with a signal (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Terminating [sudo][1153] (Wed Jul 12 18:21:40 2017) [sssd] [monitor_quit] (0x0020): Child [sudo] exited gracefully (Wed Jul 12 19:12:37 2017) [sssd] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\]+)\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\]+)$))]. (Wed Jul 12 19:12:37 2017) [sssd] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s].
sssd_nss.log: (Wed Jul 12 18:21:29 2017) [sssd[nss]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Wed Jul 12 18:21:32 2017) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Wed Jul 12 18:21:32 2017) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Wed Jul 12 18:21:32 2017) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed (Wed Jul 12 18:21:34 2017) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Wed Jul 12 18:21:34 2017) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Wed Jul 12 18:21:34 2017) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed (Wed Jul 12 18:21:38 2017) [sssd[nss]] [sss_dp_init] (0x0010): Failed to connect to monitor services. (Wed Jul 12 18:21:38 2017) [sssd[nss]] [sss_process_init] (0x0010): fatal error setting up backend connector (Wed Jul 12 18:21:38 2017) [sssd[nss]] [nss_process_init] (0x0010): sss_process_init() failed
domain log: (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [dp_get_account_info_handler] (0x0200): Got request for [0x3][BE_REQ_INITGROUPS][name=juppschmitz@example.de] (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)] (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=helpdesk,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=User Administrator,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=IT Specialist,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=IT Security Specialist,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sdap_parse_deref] (0x0200): Dereferenced entry [cn=Security Architect,cn=roles,cn=accounts,dc=example,dc=de] has no attributes, skipping (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_cache_entry_attr] (0x0080): ldb_modify failed: [No such object](32)[ldb_wait: No such object (32)] (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0080): Cannot set ts attrs for name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [dp_pam_handler] (0x0100): Got request with the following data (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): command: SSS_PAM_AUTHENTICATE (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): domain: example.de (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): user: juppschmitz@example.de (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): service: dovecot (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): tty: dovecot (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): ruser: juppschmitz (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): rhost: 172.19.97.238 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): authtok type: 1 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): newauthtok type: 0 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): priv: 1 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): cli_pid: 117180 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [pam_print_data] (0x0100): logon name: not set (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [resolve_srv_send] (0x0200): The status of SRV lookup is resolved (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [be_resolve_server_process] (0x0200): Found address for server ipa2.example.de: [172.19.96.4] TTL 7200 (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ipa2.example.de' as 'working' (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [set_server_common_status] (0x0100): Marking server 'ipa2.example.de' as 'working' (Wed Jul 12 18:20:48 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0200): Entry [name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb] has set [ts_cache] attrs. (Wed Jul 12 18:21:29 2017) [sssd[be[example.de]]] [sysdb_set_entry_attr] (0x0200): Entry [name=juppschmitz@example.de,cn=users,cn=example.de,cn=sysdb] has set [cache, ts_cache] attrs. (Wed Jul 12 18:21:29 2017) [sssd[be[example.de]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.EXAMPLE.DE], [2][No such file or directory] (Wed Jul 12 18:21:29 2017) [sssd[be[example.de]]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): DB File for example.de: /var/lib/sss/db/cache_example.de.ldb (Wed Jul 12 18:21:33 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): Timestamp file for example.de: /var/lib/sss/db/timestamps_example.de.ldb (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [monitor_common_send_id] (0x0100): Sending ID: (%BE_example.de,1) (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_names_init_from_args] (0x0100): Using re [(((?P<domain>[^\]+)\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\]+)$))]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_fqnames_init] (0x0100): Using fq format [%1$s@%2$s]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [id] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [auth] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [access] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [chpass] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [sudo] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [autofs] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [selinux] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [hostid] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [dp_load_configuration] (0x0100): Using [ipa] provider for [subdomains] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [DEFAULT][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sdap_set_sasl_options] (0x0100): Will look for srvvm01.ac.example.de@EXAMPLE.DE in default keytab (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [select_principal_from_keytab] (0x0200): trying to select the most appropriate principal from keytab (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [select_principal_from_keytab] (0x0200): Selected primary: host/srvvm01.ac.example.de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [select_principal_from_keytab] (0x0200): Selected realm: EXAMPLE.DE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_authid set to host/srvvm01.ac.example.de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sdap_set_sasl_options] (0x0100): Option ldap_sasl_realm set to EXAMPLE.DE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [USER][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [GROUP][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [NETGROUP][cn=ng,cn=alt,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_host_search_base set to cn=accounts,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HOST][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_HBAC][cn=hbac,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_selinux_search_base set to cn=selinux,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SELINUX][cn=selinux,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [SERVICE][cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_subdomains_search_base set to cn=trusts,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_SUBDOMAINS][cn=trusts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_master_domain_search_base set to cn=ad,cn=etc,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_MASTER_DOMAIN][cn=ad,cn=etc,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_ranges_search_base set to cn=ranges,cn=etc,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_RANGES][cn=ranges,cn=etc,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_id_options] (0x0100): Option ipa_views_search_base set to cn=views,cn=accounts,dc=example,dc=de (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [IPA_VIEWS][cn=views,cn=accounts,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_init_dyndns] (0x0100): Dynamic DNS updates are off. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [krb5_try_kdcip] (0x0100): No KDC found in configuration, trying legacy option (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_auth_options] (0x0100): Option krb5_fast_principal set to host/srvvm01.ac.example.de@EXAMPLE.DE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [ipa_get_auth_options] (0x0100): Option krb5_use_kdcinfo set to true (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [check_lifetime] (0x0200): No lifetime configured. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [check_lifetime] (0x0200): No lifetime configured. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_krb5_check_options] (0x0100): No KDC explicitly configured, using defaults. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_krb5_check_options] (0x0100): No kpasswd server explicitly configured, using the KDC or defaults. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_krb5_check_options] (0x0100): ccache is of type FILE (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [parse_krb5_map_user] (0x0100): krb5_map_user is empty! (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [SUDO][cn=sudo,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [common_parse_search_base] (0x0100): Search base added: [AUTOFS][cn=default,cn=automount,dc=example,dc=de][SUBTREE][] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sssm_ipa_selinux_init] (0x0080): SELinux init handler called but SSSD is built without SSH support, ignoring (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_write_krb5_localauth_snippet] (0x0200): File for localauth plugin configuration is [/var/lib/sss/pubconf/krb5.include.d/localauth_plugin] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_write_krb5_libdefaults_snippet] (0x0200): File for KRB5 kibdefaults configuration is [/var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [sss_write_domain_mappings] (0x0200): Mapping file for domain [example.de] is [/var/lib/sss/pubconf/krb5.include.d/domain_realm_example_de] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [become_user] (0x0200): Trying to become user [0][0]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [become_user] (0x0200): Already user [0]. (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kdcinfo.EXAMPLE.DE], [2][No such file or directory] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [remove_krb5_info_files] (0x0200): Could not remove [/var/lib/sss/pubconf/kpasswdinfo.EXAMPLE.DE], [2][No such file or directory] (Wed Jul 12 18:21:39 2017) [sssd[be[example.de]]] [orderly_shutdown] (0x0010): SIGTERM: killing children (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [be_res_get_opts] (0x0100): Lookup order: ipv4_first (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [recreate_ares_channel] (0x0100): Initializing new c-ares channel (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): DB File for example.de: /var/lib/sss/db/cache_example.de.ldb (Wed Jul 12 19:12:37 2017) [sssd[be[example.de]]] [sysdb_domain_init_internal] (0x0200): Timestamp file for example.de: /var/lib/sss/db/timestamps_example.de.ldb
In future we would like to make heavier use of systemd features, we need to socket-activate the parts as a first step. Using systemd's watchdog would also be nice, but we're not there yet.
Sorry to say, but having "nice" features is irrelevant, if you loose 1 hour EMail traffic.
I highly appreciate that there are many many volunteers out there writing open source software because they like to (I do, too), but in the office we don't run these servers for fun.
Regards Harri
freeipa-users@lists.fedorahosted.org