Folks,

I just stumbled on an odd issue. I have an OpenShift deployment with 2 brokers, 2 nodes, 1 rhc client all running RHEL 6.5. I also have 2 IPA servers (1 server, 1 replica), 1 IPA admin (tools) client all running RHEL 7.0. All OpenShift hosts, client and IPA client are members of IPA domain 'interop.example.com'.


After creating ssh public keys on the IPA admin client for user 'ose-admin1' and uploading them into IPA, I am able to ssh with the key to all IPA domain hosts as user 'ose-admin1' except the 2 node hosts. In looking closer at the 2 node hosts I noticed that SSSD keeps failing on start:

# service sssd restart
Stopping sssd: cat: /var/run/sssd.pid: No such file or directory [FAILED]
Starting sssd: [FAILED]

Starting with debug mode shows:

  [root@node1/2 ~]# sssd -d9
(Sun Jul 27 22:12:29:527689 2014) [sssd] [check_file] (0x0400): lstat for [/var/run/nscd/socket] failed: [2][No such file or directory]. (Sun Jul 27 22:12:29:529293 2014) [sssd] [ldb] (0x0400): server_sort:Unable to register control with rootdse! (Sun Jul 27 22:12:29:529596 2014) [sssd] [confdb_get_domain_internal] (0x0400): No enumeration for [interop.example.com]! (Sun Jul 27 22:12:29:529646 2014) [sssd] [confdb_get_domain_internal] (0x1000): pwd_expiration_warning is -1 (Sun Jul 27 22:12:29:529686 2014) [sssd] [server_setup] (0x0040): Becoming a daemon.

The logs show show nothing useful but this problem started during the ipa-client-install - the log shows:

2014-07-23T18:40:22Z DEBUG args=/usr/sbin/authconfig --enablesssdauth --enablemkhomedir --update --enablesssd
  2014-07-23T18:40:22Z DEBUG stdout=Starting oddjobd:        [  OK ]
  2014-07-23T18:40:22Z DEBUG stderr=
  2014-07-23T18:40:22Z INFO SSSD enabled
  2014-07-23T18:40:29Z DEBUG args=/sbin/service sssd restart
  2014-07-23T18:40:29Z DEBUG stdout=Stopping sssd: [FAILED]
  Starting sssd:                                [FAILED]

2014-07-23T18:40:29Z DEBUG stderr=cat: /var/run/sssd.pid: No such file or directory

  2014-07-23T18:40:29Z WARNING SSSD service restart was unsuccessful.
  2014-07-23T18:40:29Z DEBUG args=/sbin/chkconfig sssd on
  2014-07-23T18:40:29Z DEBUG stdout=

Any ideas? Have we seen this before? I suppose I could uninstall the ipa client and re-install but I didn't want
to touch anything until I hear back.

Thanks!

-m

btw - All systems have been updated as of this evening. Kerberos works fine but anything requiring
lookups is toast.





--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to