Hi,
not sure if a bug or not but a quick warning that hopefully may save someone some time! We use puppet to install sssd based on a condition. we: - yum install -y sssd - authconfig --enablesssd --enablesssdauth --enablelocauthorize --enableldap --enableldapauth --enablemkhomedir --enablecachecreds --update ( to setup PAM and nsswitch - not sure if ALL of these are necessary? ) - copy over our private config ( as you can't do all of the config with authconfig that i can see? )
This didn't work - intermittently sssd was using a 'stale' config. After much headbutting issue was twofold: - sssd is started and activated by the authconfig command, this creates config.ldb and cache_default.ldb - puppet writes the config file immediately and sssd restarted - sssd compares modification time of /etc/sssd/sssd.conf with /var/lib/sss/db/config.ldb and, because the times are the same ( written in the same minute ), IT IGNORES the new config file
Solution: - add a '--nostart' to the authconfig to stop the initial start, this will prevent creation of the cache. Copy over the config and then start/enable ( which will create the cache ).
Not sure if related but there is a TODO in the code around this area (src/confdb/confdb_setup.c) ret = sss_ini_get_mtime(init_data, sizeof(timestr), timestr); if (ret <= 0 || ret >= (int)sizeof(timestr)) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to convert time_t to string ??\n"); ret = errno ? errno : EFAULT; }
/* FIXME: Determine if the conf file or any snippet has changed * since we last updated the confdb or if some snippet was * added or removed. */
Puppet then