URL: https://github.com/SSSD/sssd/pull/143 Author: fidencio Title: #143: Explicitly add ordering dependency for the responders' sockets Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/143/head:pr143 git checkout pr143
From 8da21df22becaab7e3ce67a4feda252a875ea709 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]> Date: Sat, 4 Feb 2017 18:12:22 +0100 Subject: [PATCH 1/2] SYSTEMD: Add "After=sssd.service" to the responders' sockets units MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While debugging the whole breakage reported by Stric I've noticed that the NSS socket has been starting up the NSS responder _before_ SSSD being up. Leading us to a chaotic situation. By adding this ordering explicitly we can avoid the reported situation. Interesting that I haven't seen the same behaviour when starting/stopping the socket after the system is up. I also haven't noticed any kind of problem caused by explicitly adding "After=sssd.service" to the unit files. Resolves: https://fedorahosted.org/sssd/ticket/3298 Signed-off-by: Fabiano FidĂȘncio <[email protected]> --- src/sysv/systemd/sssd-autofs.socket.in | 1 + src/sysv/systemd/sssd-nss.socket.in | 1 + src/sysv/systemd/sssd-pac.socket.in | 1 + src/sysv/systemd/sssd-pam-priv.socket.in | 1 + src/sysv/systemd/sssd-pam.socket.in | 1 + src/sysv/systemd/sssd-ssh.socket.in | 1 + src/sysv/systemd/sssd-sudo.socket.in | 1 + 7 files changed, 7 insertions(+) diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in index 8e0e882..e8451ff 100644 --- a/src/sysv/systemd/sssd-autofs.socket.in +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -2,6 +2,7 @@ Description=SSSD AutoFS Service responder socket Documentation=man:sssd.conf(5) BindsTo=sssd.service +After=sssd.service [Socket] ListenStream=@pipepath@/autofs diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in index 530fa0c..6965015 100644 --- a/src/sysv/systemd/sssd-nss.socket.in +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -2,6 +2,7 @@ Description=SSSD NSS Service responder socket Documentation=man:sssd.conf(5) BindsTo=sssd.service +After=sssd.service [Socket] ListenStream=@pipepath@/nss diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in index cb1bd68..df8c8c6 100644 --- a/src/sysv/systemd/sssd-pac.socket.in +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -2,6 +2,7 @@ Description=SSSD PAC Service responder socket Documentation=man:sssd.conf(5) BindsTo=sssd.service +After=sssd.service [Socket] ListenStream=@pipepath@/pac diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in index 84b8caa..c2ddca9 100644 --- a/src/sysv/systemd/sssd-pam-priv.socket.in +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -3,6 +3,7 @@ Description=SSSD PAM Service responder private socket Documentation=man:sssd.conf(5) BindsTo=sssd.service BindsTo=sssd-pam.socket +After=sssd.service [Socket] Service=sssd-pam.service diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in index 9554785..ad88be7 100644 --- a/src/sysv/systemd/sssd-pam.socket.in +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -3,6 +3,7 @@ Description=SSSD PAM Service responder socket Documentation=man:sssd.conf(5) BindsTo=sssd.service BindsTo=sssd-pam-priv.socket +After=sssd.service [Socket] ListenStream=@pipepath@/pam diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in index b13c87c..8f31d52 100644 --- a/src/sysv/systemd/sssd-ssh.socket.in +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -2,6 +2,7 @@ Description=SSSD SSH Service responder socket Documentation=man:sssd.conf(5) BindsTo=sssd.service +After=sssd.service [Socket] ListenStream=@pipepath@/ssh diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in index 0b6c0d9..d7b0c87 100644 --- a/src/sysv/systemd/sssd-sudo.socket.in +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -2,6 +2,7 @@ Description=SSSD Sudo Service responder socket Documentation=man:sssd.conf(5) BindsTo=sssd.service +After=sssd.service [Socket] ListenStream=@pipepath@/sudo From 8dd587615fd1c8715ee43bc3367d77943ba8cc6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]> Date: Sat, 4 Feb 2017 18:22:18 +0100 Subject: [PATCH 2/2] SYSTEMD: Add "WantedBy=sockets.target" to the responders' sockets units MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As far as I understand the responders' socket units should include "WantedBy=sockets.target"as sockets.target sets up all socket units that shall be active after boot (which is the case of SSSD responders' sockets in case SSSD enabled). Also, when taking this approach "Before=sockets.target" must be added to the sssd.service as it'll ensure that SSSD will be up before its sockets. We haven't got bitten by this yet, but better be safe than sorry here. Related: https://fedorahosted.org/sssd/ticket/3298 Signed-off-by: Fabiano FidĂȘncio <[email protected]> --- src/sysv/systemd/sssd-autofs.socket.in | 2 +- src/sysv/systemd/sssd-nss.socket.in | 2 +- src/sysv/systemd/sssd-pac.socket.in | 2 +- src/sysv/systemd/sssd-pam-priv.socket.in | 2 +- src/sysv/systemd/sssd-pam.socket.in | 2 +- src/sysv/systemd/sssd-ssh.socket.in | 2 +- src/sysv/systemd/sssd-sudo.socket.in | 2 +- src/sysv/systemd/sssd.service.in | 2 +- 8 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in index e8451ff..ce3e377 100644 --- a/src/sysv/systemd/sssd-autofs.socket.in +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -10,4 +10,4 @@ SocketUser=@SSSD_USER@ SocketGroup=@SSSD_USER@ [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in index 6965015..e59d674 100644 --- a/src/sysv/systemd/sssd-nss.socket.in +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -10,4 +10,4 @@ SocketUser=@SSSD_USER@ SocketGroup=@SSSD_USER@ [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in index df8c8c6..85d8449 100644 --- a/src/sysv/systemd/sssd-pac.socket.in +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -10,4 +10,4 @@ SocketUser=@SSSD_USER@ SocketGroup=@SSSD_USER@ [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in index c2ddca9..918d4b3 100644 --- a/src/sysv/systemd/sssd-pam-priv.socket.in +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -13,4 +13,4 @@ SocketGroup=root SocketMode=0600 [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in index ad88be7..e101232 100644 --- a/src/sysv/systemd/sssd-pam.socket.in +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -11,4 +11,4 @@ SocketUser=root SocketGroup=root [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in index 8f31d52..e333cc3 100644 --- a/src/sysv/systemd/sssd-ssh.socket.in +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -10,4 +10,4 @@ SocketUser=@SSSD_USER@ SocketGroup=@SSSD_USER@ [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in index d7b0c87..6abd8d6 100644 --- a/src/sysv/systemd/sssd-sudo.socket.in +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -10,4 +10,4 @@ SocketUser=@SSSD_USER@ SocketGroup=@SSSD_USER@ [Install] -WantedBy=sssd.service +WantedBy=sockets.target sssd.service diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in index 05cfd37..1d8e8e1 100644 --- a/src/sysv/systemd/sssd.service.in +++ b/src/sysv/systemd/sssd.service.in @@ -1,7 +1,7 @@ [Unit] Description=System Security Services Daemon # SSSD must be running before we permit user sessions -Before=systemd-user-sessions.service nss-user-lookup.target +Before=systemd-user-sessions.service nss-user-lookup.target sockets.target Wants=nss-user-lookup.target [Service]
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
