URL: https://github.com/SSSD/sssd/pull/143 Title: #143: Explicitly add ordering dependency for the responders' sockets
jhrozek commented: """ On Wed, Mar 01, 2017 at 01:30:15AM -0800, fidencio wrote: > On Wed, Mar 1, 2017 at 9:46 AM, lslebodn <[email protected]> wrote: > > > On (28/02/17 13:01), fidencio wrote: > > >I've talked to Lukáš on the office before replying the email :-) > > >Anyways, no, it won't be enough. BindsTo and After *must* *go* *together*. > > >We use BindsTo on all services' sockets and not using After as well may > > >lead to unexpected behaviour. > > > > > > > The main problem is that commit message is not clear enough > > and contain unclear statemets e.g. > > > While debugging the whole breakage reported by Stric I've noticed that > > > the NSS socket has been starting up the NSS responder _before_ SSSD > > > being up, leading us to a chaotic situation. > > > > What does chaotic situation mean here? > > > > As far as I remember, that some services like systemd-logind will try to > start and will time out. It will cause other services to timeout. So the > boot will take a really long time and so services won't be working after > the boot is completed. This is probably caused by libc doing initgroups on pretty much any account. Since initgroups must check all NSS modules in order to be precise and talking to nss_sss would trigger talking to the NSS responder. Then, if the account wasn't from SSSD, the NSS responder would try talking to the Data Provider which is not up yet, because SSSD is not up, so the whole process hangs until libc gives up which takes 2 minutes by default. > > Would be enough adding this info? If not, may I ask you for some suggestion > as well? > > > > > There is also a missing context about "BindsTo". > > > > >By adding this ordering explicitly we can avoid the reported situation. > > >Also, it has been recommend by Lukáš Nykrýn that BindsTo and After must > > >be used together (although it's still not mentioned yet in the systemd > > >documentation). > > > > IIUC "BindsTo" is a stricter relation between units then "Requires" > > and therefore "After" need to be used to avoid unuexpected/undefined > > behaviour. > > > > I added something similar to your suggestion to the commit message. > Thanks. > > Best Regards, > -- > Fabiano Fidêncio > > > -- > You are receiving this because you were assigned. > Reply to this email directly or view it on GitHub: > https://github.com/SSSD/sssd/pull/143#issuecomment-283289617 """ See the full comment at https://github.com/SSSD/sssd/pull/143#issuecomment-283292747
_______________________________________________ sssd-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
