Hi,
On 11/22/18 1:28 PM, Siegfried Eichhorn wrote:
I am not sure if waiting for the interface solves the problem. It
should wait for DNS to succeed, shouldn't it?
Obviously I missed to add the backend log file. Here are the important
parts, AFAICT:
:
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [sdap_id_setup_tasks] (0x0400): Setting
up cleanup task for
example.com
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_fo_set_srv_lookup_plugin] (0x0400):
Trying to set SRV lookup plugin to DNS
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_fo_set_srv_lookup_plugin] (0x0400):
SRV lookup plugin is now DNS
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [sysdb_get_certmap] (0x0400): No
certificate maps found.
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option
ipa_domain has value
example.com
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option
ipa_server has value _srv_,
ipa0.example.com
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option
ipa_backup_server has no value
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option
ipa_hostname has value
srvl061.ac.example.com
:
:
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolve_srv_send] (0x0200): The status
of SRV lookup is neutral
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_discover_srv_next_domain]
(0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain
'example.com'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_getsrv_send] (0x0100): Trying
to resolve SRV record of '_ldap._tcp.example.com'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_discover_srv_done] (0x0040):
SRV query failed [11]: Could not contact DNS servers
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_set_port_status] (0x0100): Marking
port 0 of server '(no name)' as 'not working'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolve_srv_done] (0x0040): Unable to
resolve SRV [1432158237]: SRV lookup error
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [set_srv_data_status] (0x0100): Marking
SRV lookup of service 'IPA' as 'not resolved'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_resolve_server_process] (0x0080):
Couldn't resolve server (SRV lookup meta-server), resolver returned [1432158237]: SRV
lookup error
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_resolve_service_send] (0x0100):
Trying to resolve service 'IPA'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve A record of 'ipa0.example.com' in files
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [set_server_common_status] (0x0100):
Marking server 'ipa0.example.com' as 'resolving name'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_files_send]
(0x0100): Trying to resolve AAAA record of 'ipa0.example.com' in files
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_next] (0x0200):
No more address families to retry
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_dns_query]
(0x0100): Trying to resolve A record of 'ipa0.example.com' in DNS
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [request_watch_destructor] (0x0400):
Deleting request watch
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_done] (0x0040):
querying hosts database failed [5]: Input/output error
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_resolve_service_done] (0x0020):
Failed to resolve server 'ipa0.example.com': Could not contact DNS servers
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [set_server_common_status] (0x0100):
Marking server 'ipa0.example.com' as 'not working'
(Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_resolve_server_process] (0x0080):
Couldn't resolve server (
ipa0.example.com), resolver returned [5]: Input/output error
Most easy workaround seems to be to add
ipa0.example.com to /etc/hosts.
There is no problem with sysvinit, so changing init might be an option,
too.
I would prefer if the backend waits for DNS a little bit longer, of course.
Surely systemctl status sssd should not say "running", while the backend
is dead.
Regards
Harri