Hi there,
I'm trying to update the sssd package in ubuntu to 2.2.0, and while the upstream tests pass, and our integration tests pass too, I get this warning (error?) with the socket services right after installation:
(https://pastebin.ubuntu.com/p/ZzW8BG2fpm/)
root@eoan-sssd2:~# systemctl status sssd-autofs.service ● sssd-autofs.service - SSSD AutoFS Service responder Loaded: loaded (/lib/systemd/system/sssd-autofs.service; indirect; vendor preset: enabled) Active: inactive (dead) Docs: man:sssd.conf(5)
root@eoan-sssd2:~# systemctl status sssd-nss.socket ● sssd-nss.socket - SSSD NSS Service responder socket Loaded: loaded (/lib/systemd/system/sssd-nss.socket; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2019-08-01 12:49:07 UTC; 16min ago Docs: man:sssd.conf(5) Listen: /var/lib/sss/pipes/nss (Stream)
Aug 01 12:49:07 eoan-sssd2 systemd[1]: Starting SSSD NSS Service responder socket. Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: (Thu Aug 1 12:49:07:354960 2019) [sssd] [check_socket_activated_responder] (0x0020): ini_config_file_open() failed [2][No such file or directory] Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: (Thu Aug 1 12:49:07:355071 2019) [sssd] [main] (0x0010): Misconfiguration found for the nss responder. Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by calling: Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: "systemctl disable sssd-nss.socket" Aug 01 12:49:07 eoan-sssd2 systemd[1]: sssd-nss.socket: Control process exited, code=exited, status=2/INVALIDARGUMENT Aug 01 12:49:07 eoan-sssd2 systemd[1]: sssd-nss.socket: Failed with result 'exit-code'. Aug 01 12:49:07 eoan-sssd2 systemd[1]: Failed to listen on SSSD NSS Service responder socket.
There is no /etc/sssd/sssd.conf file present, so I think it assumes some defaults. What are these?
After install I get these services running: 1871 ? Ss 0:00 /usr/sbin/sssd -i --logger=files 1872 ? S 0:00 _ /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files 1873 ? S 0:00 _ /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
So here is my assumption: there is an implicit sssd.conf configuration that is taken in since there is no actual sssd.conf file, and that just starts sssd_nss, and at the *same* *time* we are trying to use socket activation, which then says "why are you starting the socket listener, since you are already starting nss?" I'm guessing only debian-based systems see this, because we start the services right after installation, and don't have a default sssd.conf file shipped with the package.
Hi,
As discussed on irc, the fallback config enables 'services=nss', and check_socket_activated_responder() bails out if there's no conffile.
So both should be fixed to allow sssd to start without extra noise when socket activation is enabled and no conffile around (the default case when the package is installed).
On 1.8.2019 16.56, Andreas Hasenack wrote:
Hi there,
I'm trying to update the sssd package in ubuntu to 2.2.0, and while the upstream tests pass, and our integration tests pass too, I get this warning (error?) with the socket services right after installation:
(https://pastebin.ubuntu.com/p/ZzW8BG2fpm/)
root@eoan-sssd2:~# systemctl status sssd-autofs.service ● sssd-autofs.service - SSSD AutoFS Service responder Loaded: loaded (/lib/systemd/system/sssd-autofs.service; indirect; vendor preset: enabled) Active: inactive (dead) Docs: man:sssd.conf(5)
root@eoan-sssd2:~# systemctl status sssd-nss.socket ● sssd-nss.socket - SSSD NSS Service responder socket Loaded: loaded (/lib/systemd/system/sssd-nss.socket; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since Thu 2019-08-01 12:49:07 UTC; 16min ago Docs: man:sssd.conf(5) Listen: /var/lib/sss/pipes/nss (Stream)
Aug 01 12:49:07 eoan-sssd2 systemd[1]: Starting SSSD NSS Service responder socket. Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: (Thu Aug 1 12:49:07:354960 2019) [sssd] [check_socket_activated_responder] (0x0020): ini_config_file_open() failed [2][No such file or directory] Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: (Thu Aug 1 12:49:07:355071 2019) [sssd] [main] (0x0010): Misconfiguration found for the nss responder. Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: The nss responder has been configured to be socket-activated but it's still mentioned in the services' line in /etc/sssd/sssd.conf. Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: Please, consider either adjusting your services' line in /etc/sssd/sssd.conf or disabling the nss's socket by calling: Aug 01 12:49:07 eoan-sssd2 sssd_check_socket_activated_responders[3012]: "systemctl disable sssd-nss.socket" Aug 01 12:49:07 eoan-sssd2 systemd[1]: sssd-nss.socket: Control process exited, code=exited, status=2/INVALIDARGUMENT Aug 01 12:49:07 eoan-sssd2 systemd[1]: sssd-nss.socket: Failed with result 'exit-code'. Aug 01 12:49:07 eoan-sssd2 systemd[1]: Failed to listen on SSSD NSS Service responder socket.
There is no /etc/sssd/sssd.conf file present, so I think it assumes some defaults. What are these?
After install I get these services running: 1871 ? Ss 0:00 /usr/sbin/sssd -i --logger=files 1872 ? S 0:00 _ /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files 1873 ? S 0:00 _ /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files
So here is my assumption: there is an implicit sssd.conf configuration that is taken in since there is no actual sssd.conf file, and that just starts sssd_nss, and at the *same* *time* we are trying to use socket activation, which then says "why are you starting the socket listener, since you are already starting nss?" I'm guessing only debian-based systems see this, because we start the services right after installation, and don't have a default sssd.conf file shipped with the package. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
On Thu, Aug 01, 2019 at 07:50:09PM +0300, Timo Aaltonen wrote:
Hi,
As discussed on irc, the fallback config enables 'services=nss', and check_socket_activated_responder() bails out if there's no conffile.
So both should be fixed to allow sssd to start without extra noise when socket activation is enabled and no conffile around (the default case when the package is installed).
Can you file tickets?
Hello
On Sat, Aug 3, 2019 at 2:17 PM Jakub Hrozek jhrozek@redhat.com wrote:
On Thu, Aug 01, 2019 at 07:50:09PM +0300, Timo Aaltonen wrote:
Hi,
As discussed on irc, the fallback config enables 'services=nss', and check_socket_activated_responder() bails out if there's no conffile.
So both should be fixed to allow sssd to start without extra noise when socket activation is enabled and no conffile around (the default case when the package is installed).
Can you file tickets?
Sure, I filed this ticket: https://pagure.io/SSSD/sssd/issue/4054
Thanks!
sssd-users@lists.fedorahosted.org