On Tue, Sep 8, 2020, at 10:53 AM, Andreas Hasenack wrote:
Hi,
This is more of a realmd question than sssd, but closely related.
Debian and Ubuntu defaulted to socket activated systemd services for
all the sssd-* daemons. So they are started on demand.
realmd currently always adds a "services = nss, pam" line (or augments
it if it's there already). sssd will then start nss and pam, but so
will systemd, and that creates a (apparently harmless) conflict and
logs errors to the logs.
I don't know if there is a way for realmd to detect this scenario and
not add that services line, or if there should be a command-line
option for it? Or maybe something in realm-<distro>.conf even?
At the moment I'm just disabling adding the services line. Is this too horrible?
In my experience on RHEL 8, some of the services are unreliable when activated in this
manner. The services line never fails. I believe the .service (or .socket) files on RHEL 8
are written to avoid any collision. Specially, I think the socket activated version is a
no op if the services line one is running.
V/r,
James Cassell
>
> --- a/service/realm-sssd-config.c
> +++ b/service/realm-sssd-config.c
> @@ -154,8 +154,6 @@
> g_strfreev (already);
>
> /* Setup a default sssd section */
> - if (!realm_ini_config_have (config, "section", "services"))
> - realm_ini_config_set (config, "sssd", "services",
"nss, pam", NULL);
> if (!realm_ini_config_have (config, "sssd",
"config_file_version"))
> realm_ini_config_set (config, "sssd",
"config_file_version", "2", NULL);
>
> --- a/tests/test-sssd-config.c
> +++ b/tests/test-sssd-config.c
> @@ -90,7 +90,7 @@
> gconstpointer unused)
> {
> const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
> - const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one,
> two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos
> = 2\n";
> + const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one,
> two\nconfig_file_version = 2\n\n[domain/two]\ndos = 2\n";
> GError *error = NULL;
> gchar *output;
> gboolean ret;
> @@ -140,7 +140,7 @@
> test_add_domain_only (Test *test,
> gconstpointer unused)
> {
> - const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version
> = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
> + const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version
> = 2\n\n[domain/two]\ndos = 2\n";
> GError *error = NULL;
> gchar *output;
> gboolean ret;