[SSSD] [sssd PR#143][synchronized] Explicitly add ordering dependency for the responders' sockets

Wed, 01 Mar 2017 02:08:48 -0800 

   URL: https://github.com/SSSD/sssd/pull/143
Author: fidencio
 Title: #143: Explicitly add ordering dependency for the responders' sockets
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/143/head:pr143
git checkout pr143

From 82559e1646e8bf1b24a122af5efd140d39f93519 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]>
Date: Sat, 4 Feb 2017 18:12:22 +0100
Subject: [PATCH 1/2] SYSTEMD: Add "After=sssd.service" to the responders'
 sockets units
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

While debugging the whole breakage reported by Stric I've noticed that
the NSS socket has been starting up the NSS responder _before_ SSSD
being up. As libc does initgroups on pretty much any account and
initgroups checks all NSS modules in order to be precise, the nss_sss
triggers the NSS responder which would try talking to the data providers
which are not up uet (because SSSD is not up yet), causing the whole
process to hang until libc gives up (causing a timeout on services like
systemd-logind and on services depending on this one).

By adding this ordering explicitly we can avoid the reported situation.
Also, it has been recommend by Lukáš Nykrýn that "BindsTo", which is
used to tie up two services, and After must be used together in order to
avoid undefined/unexpected behavior (although it's still not mentioned
in the systemd documentation).

Related:
https://pagure.io/SSSD/sssd/issue/3298

Signed-off-by: Fabiano Fidêncio <[email protected]>
---
 src/sysv/systemd/sssd-autofs.socket.in   | 1 +
 src/sysv/systemd/sssd-nss.socket.in      | 1 +
 src/sysv/systemd/sssd-pac.socket.in      | 1 +
 src/sysv/systemd/sssd-pam-priv.socket.in | 1 +
 src/sysv/systemd/sssd-pam.socket.in      | 1 +
 src/sysv/systemd/sssd-ssh.socket.in      | 1 +
 src/sysv/systemd/sssd-sudo.socket.in     | 1 +
 7 files changed, 7 insertions(+)

diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in
index 8e0e882..1665ed2 100644
--- a/src/sysv/systemd/sssd-autofs.socket.in
+++ b/src/sysv/systemd/sssd-autofs.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD AutoFS Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in
index 530fa0c..8228647 100644
--- a/src/sysv/systemd/sssd-nss.socket.in
+++ b/src/sysv/systemd/sssd-nss.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD NSS Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
index cb1bd68..e17879a 100644
--- a/src/sysv/systemd/sssd-pac.socket.in
+++ b/src/sysv/systemd/sssd-pac.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD PAC Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in
index 84b8caa..d06fbc3 100644
--- a/src/sysv/systemd/sssd-pam-priv.socket.in
+++ b/src/sysv/systemd/sssd-pam-priv.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD PAM Service responder private socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam.socket
 
diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in
index 9554785..cc73159 100644
--- a/src/sysv/systemd/sssd-pam.socket.in
+++ b/src/sysv/systemd/sssd-pam.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD PAM Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam-priv.socket
 
diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in
index b13c87c..3b8f65b 100644
--- a/src/sysv/systemd/sssd-ssh.socket.in
+++ b/src/sysv/systemd/sssd-ssh.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD SSH Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
index 0b6c0d9..346df6e 100644
--- a/src/sysv/systemd/sssd-sudo.socket.in
+++ b/src/sysv/systemd/sssd-sudo.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD Sudo Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]

From d8abf8a23643f4fc5bed9f2d2c6f83a931a094c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]>
Date: Mon, 6 Feb 2017 19:05:29 +0100
Subject: [PATCH 2/2] SYSTEMD: Avoid starting a responder socket in case SSSD
 is not started
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As systemd adds "Before=sockets.target" to any socket unit by default,
during the startup of the system we can end up having a responder socket
up, being contacted while SSSD is shutdown.

By using "DefaultDependencies=no" we ensure that sockets.target won't
trigger the sockets' startup and that it only will be done when SSSD is
up. The downside of using "DefaultDependencies=no" is that we have to
deal with conflicts and add "Conflicts=shutdown.target" to each of the
sockets unit.

This patch has been suggested by Lukáš Nykrýn.

Related:
https://pagure.io/SSSD/sssd/issue/3298

Signed-off-by: Fabiano Fidêncio <[email protected]>
---
 src/sysv/systemd/sssd-autofs.socket.in   | 2 ++
 src/sysv/systemd/sssd-nss.socket.in      | 2 ++
 src/sysv/systemd/sssd-pac.socket.in      | 2 ++
 src/sysv/systemd/sssd-pam-priv.socket.in | 2 ++
 src/sysv/systemd/sssd-pam.socket.in      | 2 ++
 src/sysv/systemd/sssd-ssh.socket.in      | 2 ++
 src/sysv/systemd/sssd-sudo.socket.in     | 2 ++
 7 files changed, 14 insertions(+)

diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in
index 1665ed2..48b651f 100644
--- a/src/sysv/systemd/sssd-autofs.socket.in
+++ b/src/sysv/systemd/sssd-autofs.socket.in
@@ -3,6 +3,8 @@ Description=SSSD AutoFS Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/autofs
diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in
index 8228647..d0af6b0 100644
--- a/src/sysv/systemd/sssd-nss.socket.in
+++ b/src/sysv/systemd/sssd-nss.socket.in
@@ -3,6 +3,8 @@ Description=SSSD NSS Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/nss
diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
index e17879a..fc77824 100644
--- a/src/sysv/systemd/sssd-pac.socket.in
+++ b/src/sysv/systemd/sssd-pac.socket.in
@@ -3,6 +3,8 @@ Description=SSSD PAC Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/pac
diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in
index d06fbc3..490fd0d 100644
--- a/src/sysv/systemd/sssd-pam-priv.socket.in
+++ b/src/sysv/systemd/sssd-pam-priv.socket.in
@@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 Service=sssd-pam.service
diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in
index cc73159..d278bcc 100644
--- a/src/sysv/systemd/sssd-pam.socket.in
+++ b/src/sysv/systemd/sssd-pam.socket.in
@@ -4,6 +4,8 @@ Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam-priv.socket
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/pam
diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in
index 3b8f65b..727b6c4 100644
--- a/src/sysv/systemd/sssd-ssh.socket.in
+++ b/src/sysv/systemd/sssd-ssh.socket.in
@@ -3,6 +3,8 @@ Description=SSSD SSH Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/ssh
diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
index 346df6e..359f6f2 100644
--- a/src/sysv/systemd/sssd-sudo.socket.in
+++ b/src/sysv/systemd/sssd-sudo.socket.in
@@ -3,6 +3,8 @@ Description=SSSD Sudo Service responder socket
 Documentation=man:sssd.conf(5)
 After=sssd.service
 BindsTo=sssd.service
+DefaultDependencies=no
+Conflicts=shutdown.target
 
 [Socket]
 ListenStream=@pipepath@/sudo

_______________________________________________
sssd-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to