URL: https://github.com/SSSD/sssd/pull/143 Author: fidencio Title: #143: Explicitly add ordering dependency for the responders' sockets Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/143/head:pr143 git checkout pr143
From 275bc16b1f5ce681493cfcdd803fb385fdd57db6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]> Date: Sat, 4 Feb 2017 18:12:22 +0100 Subject: [PATCH 1/2] SYSTEMD: Add "After=sssd.service" to the responders' sockets units MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While debugging the whole breakage reported by Stric I've noticed that the NSS socket has been starting up the NSS responder _before_ SSSD being up, leading us to a chaotic situation. By adding this ordering explicitly we can avoid the reported situation. Also, it has been recommend by Lukáš Nykrýn that BindsTo and After must be used together (although it's still not mentioned yet in the systemd documentation). Related: https://fedorahosted.org/sssd/ticket/3298 Signed-off-by: Fabiano Fidêncio <[email protected]> --- src/sysv/systemd/sssd-autofs.socket.in | 1 + src/sysv/systemd/sssd-nss.socket.in | 1 + src/sysv/systemd/sssd-pac.socket.in | 1 + src/sysv/systemd/sssd-pam-priv.socket.in | 1 + src/sysv/systemd/sssd-pam.socket.in | 1 + src/sysv/systemd/sssd-ssh.socket.in | 1 + src/sysv/systemd/sssd-sudo.socket.in | 1 + 7 files changed, 7 insertions(+) diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in index 8e0e882..1665ed2 100644 --- a/src/sysv/systemd/sssd-autofs.socket.in +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD AutoFS Service responder socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service [Socket] diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in index 530fa0c..8228647 100644 --- a/src/sysv/systemd/sssd-nss.socket.in +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD NSS Service responder socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service [Socket] diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in index cb1bd68..e17879a 100644 --- a/src/sysv/systemd/sssd-pac.socket.in +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD PAC Service responder socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service [Socket] diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in index 84b8caa..d06fbc3 100644 --- a/src/sysv/systemd/sssd-pam-priv.socket.in +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD PAM Service responder private socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service BindsTo=sssd-pam.socket diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in index 9554785..cc73159 100644 --- a/src/sysv/systemd/sssd-pam.socket.in +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD PAM Service responder socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service BindsTo=sssd-pam-priv.socket diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in index b13c87c..3b8f65b 100644 --- a/src/sysv/systemd/sssd-ssh.socket.in +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD SSH Service responder socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service [Socket] diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in index 0b6c0d9..346df6e 100644 --- a/src/sysv/systemd/sssd-sudo.socket.in +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -1,6 +1,7 @@ [Unit] Description=SSSD Sudo Service responder socket Documentation=man:sssd.conf(5) +After=sssd.service BindsTo=sssd.service [Socket] From dcc490d9fa537b373ea5b1d8369a18074b2ad733 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]> Date: Mon, 6 Feb 2017 19:05:29 +0100 Subject: [PATCH 2/2] SYSTEMD: Avoid starting a responder socket in case SSSD is not started MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit As systemd adds "Before=sockets.target" to any socket unit by default, during the startup of the system we can end up having a responder socket up, being contacted while SSSD is shutdown. By using "DefaultDependencies=no" we ensure that sockets.target won't trigger the sockets' startup and that it only will be done when SSSD is up. The downside of using "DefaultDependencies=no" is that we have to deal with conflicts and add "Conflicts=shutdown.target" to each of the sockets unit. This patch has been suggested by Lukáš Nykrýn. Related: https://fedorahosted.org/sssd/ticket/3298 Signed-off-by: Fabiano Fidêncio <[email protected]> --- src/sysv/systemd/sssd-autofs.socket.in | 2 ++ src/sysv/systemd/sssd-nss.socket.in | 2 ++ src/sysv/systemd/sssd-pac.socket.in | 2 ++ src/sysv/systemd/sssd-pam-priv.socket.in | 2 ++ src/sysv/systemd/sssd-pam.socket.in | 2 ++ src/sysv/systemd/sssd-ssh.socket.in | 2 ++ src/sysv/systemd/sssd-sudo.socket.in | 2 ++ 7 files changed, 14 insertions(+) diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in index 1665ed2..48b651f 100644 --- a/src/sysv/systemd/sssd-autofs.socket.in +++ b/src/sysv/systemd/sssd-autofs.socket.in @@ -3,6 +3,8 @@ Description=SSSD AutoFS Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/autofs diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in index 8228647..d0af6b0 100644 --- a/src/sysv/systemd/sssd-nss.socket.in +++ b/src/sysv/systemd/sssd-nss.socket.in @@ -3,6 +3,8 @@ Description=SSSD NSS Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/nss diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in index e17879a..fc77824 100644 --- a/src/sysv/systemd/sssd-pac.socket.in +++ b/src/sysv/systemd/sssd-pac.socket.in @@ -3,6 +3,8 @@ Description=SSSD PAC Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/pac diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in index d06fbc3..490fd0d 100644 --- a/src/sysv/systemd/sssd-pam-priv.socket.in +++ b/src/sysv/systemd/sssd-pam-priv.socket.in @@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service BindsTo=sssd-pam.socket +DefaultDependencies=no +Conflicts=shutdown.target [Socket] Service=sssd-pam.service diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in index cc73159..d278bcc 100644 --- a/src/sysv/systemd/sssd-pam.socket.in +++ b/src/sysv/systemd/sssd-pam.socket.in @@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service BindsTo=sssd-pam-priv.socket +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/pam diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in index 3b8f65b..727b6c4 100644 --- a/src/sysv/systemd/sssd-ssh.socket.in +++ b/src/sysv/systemd/sssd-ssh.socket.in @@ -3,6 +3,8 @@ Description=SSSD SSH Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/ssh diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in index 346df6e..359f6f2 100644 --- a/src/sysv/systemd/sssd-sudo.socket.in +++ b/src/sysv/systemd/sssd-sudo.socket.in @@ -3,6 +3,8 @@ Description=SSSD Sudo Service responder socket Documentation=man:sssd.conf(5) After=sssd.service BindsTo=sssd.service +DefaultDependencies=no +Conflicts=shutdown.target [Socket] ListenStream=@pipepath@/sudo
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
