-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/27/2016 05:27 AM, Jakub Hrozek wrote:
On Wed, Jan 27, 2016 at 09:43:21AM +0000, John Hodrien wrote:
On Wed, 27 Jan 2016, Jakub Hrozek wrote:
I'm glad it helped. FWIW, we're considering adding a nosync option to the cache as well at some point, which should have the same performance effect as using tmpfs except the cache would be persistent (otoh, if sssd was killed during the transaction, the cache might got corrupt..which is why always sync by default)
Sounds like a great option to add. If you can't sanity check it, just deleting it if you don't know that it's been cleanly written may work?
Yes, that might be one idea, write some 'canary' on shutdown and start fresh if the canary was not there.
Coming up in 1.14..
The problem is that when the cache is deleted, it's not just losing the remote data. The cache also maintains the cached credentials, so it would break in the following common scenario:
Road warrior is out at a customer site and forgets their power cable. By unfortunate chance, the battery runs out while the cache is being written to (for any of a thousand reasons). Once the machine is plugged back in and powered on, SSSD starts up and sees that the cache canary is missing, so it deletes the cache and starts anew. Now the user cannot log in because their cached credentials are no longer there (and since they're sitting in a hotel somewhere far from a direct hookup to their company network, they can't get back in).
This... would not be a good thing.
Now, I can certainly see an argument for having such a nosync (or deferred sync) option for machines that are expected to always be connected to the identity network (and as such are using SSSD mostly for performance and surviving the occasional outage hiccup). But I'd say that such an option, if added, should be VERY carefully documented to explain all of the things that could go wrong.
As an aside, there are plenty of other things that can go wrong when the cache is deleted, including manual overrides from the sss_override command as well as ID ranges if any of them had hash collisions or were using the autorid compat mode.