On 05/12/16 10:26, Lukas Slebodnik wrote: > On (12/05/16 09:42), Harald Dunkel wrote: >> >> It happened again :-(.This *really* needs to be fixed. >> I wouldn't like to move back to ypbind. >> > I would like to If I knew what to fix and how to reliably reproduce. >
It would be very nice if sssd could become more reliable at startup time. It gives up to easy. And it is not restarted in case of a problem, which is fatal for a service providing access to a user database. >> Logfiles are attached. sssd is version 1.13.3. The server >> was rebooted at 05:56. At 06:03:18 sssd wrote the first >> logfile entries. >> > I cannot see in log files that sssd was started. : : (Thu May 12 05:56:12 2016) [sssd] [monitor_quit] (0x0020): Child [sudo] exited gracefully (Thu May 12 05:56:12 2016) [sssd] [monitor_quit] (0x0020): Terminating [nss][441] (Thu May 12 05:56:12 2016) [sssd] [monitor_quit] (0x0020): Child [nss] exited gracefully (Thu May 12 06:03:18 2016) [sssd] [sysdb_domain_init_internal] (0x0200): DB File for example.com: /var/lib/sss/db/cache_example.com.ldb (Thu May 12 06:03:20 2016) [sssd] [get_ping_config] (0x0100): Time between service pings for [example.com]: [10] (Thu May 12 06:03:20 2016) [sssd] [get_ping_config] (0x0100): Time between SIGTERM and SIGKILL for [example.com]: [60] (Thu May 12 06:03:20 2016) [sssd] [start_service] (0x0100): Queueing service example.com for startup (Thu May 12 06:03:22 2016) [sssd] [sbus_server_init_new_connection] (0x0200): Entering. : : > Log files seems to be truncated and there seems to be probllem > with network communication. > > [be_resolve_server_process] (0x0200): Found address for server > ipa2.example.com: [172.29.96.4] TTL 7200 > [init_timeout] (0x0040): Client timed out before Identification [0x12d50c0]! > [sdap_kinit_done] (0x0080): Communication with KDC timed out, trying the next > one > [fo_set_port_status] (0x0100): Marking port 389 of server 'ipa2.example.com' > as 'not working' > You have cut off the time stamps. Here they are: (Thu May 12 06:03:31 2016) [sssd[be[example.com]]] [be_resolve_server_process] (0x0200): Found address for server ipa2.example.com: [172.29.96.4] TTL 7200 (Thu May 12 06:03:36 2016) [sssd[be[example.com]]] [init_timeout] (0x0040): Client timed out before Identification [0x12d50c0]! (Thu May 12 06:03:37 2016) [sssd[be[example.com]]] [sdap_kinit_done] (0x0080): Communication with KDC timed out, trying the next one (Thu May 12 06:03:37 2016) [sssd[be[example.com]]] [fo_set_port_status] (0x0100): Marking port 389 of server 'ipa2.example.com' as 'not working' Obviously the 5 secs timeout is not sufficient for stable operation. I am not sure if thats the reason for sssd to go away, though. > Do you have mounted nfs on /var/log/ or anywhere else? Surely not. All mount points are local. > It can explain a lot if there are network related issues. > I don't see why there should be any network related issues. The ipa servers were available all the time. The network is configured static. Regards Harri -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
