https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c1 --- Comment #1 from Joschi Brauchle 2013-02-19 15:05:51 UTC --- Created an attachment (id=525278) --> (http://bugzilla.novell.com/attachment.cgi?id=525278) Statistics and config of NSCD -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c Xiaolong Li changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kukuk@suse.com |yast2-maintainers@suse.de -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c4 --- Comment #4 from Joschi Brauchle 2013-04-17 11:40:33 UTC --- Please see y2logs attached. As far as I can see, nscd is *not* being restarted. Here is the snipped from ldap auto: ---------------- 2013-04-17 07:04:00 <1> lab16(4529) [YCP] clients/inst_autoconfigure.ycp:144 current resource: ldap 2013-04-17 07:04:00 <1> lab16(4529) [YCP] clients/inst_autoconfigure.ycp:155 Writing configuration for ldap 2013-04-17 07:04:00 <1> lab16(4529) [YCP] clients/inst_autoconfigure.ycp:190 Calling auto client with: $["create_ldap":false, "file_server":false, "krb5_kdcip":"gemini.lnt.ei.tum.de", "krb5_realm":"LNT.EI.TUM.DE", "ldap_domain":"ou=users,dc=lnt,dc=ei,dc=tum,dc=de", "ldap_server":"gemini.lnt.ei.tum.de", "ldap_tls":false, "login_enabled":true, "member_attribute":"member", "mkhomedir":false, "nss_base_group":"ou=groups,dc=lnt,dc=ei,dc=tum,dc=de", "nss_base_passwd":"ou=users,dc=lnt,dc=ei,dc=tum,dc=de", "nss_base_shadow":"ou=users,dc=lnt,dc=ei,dc=tum,dc=de", "pam_password":"exop", "sssd":true, "sssd_ldap_schema":"rfc2307", "sssd_with_krb":true, "start_autofs":true, "start_ldap":true, "tls_cacertfile":"/etc/ssl/certs/LNT-CA.pem"] 2013-04-17 07:04:00 <1> lab16(4529) [YCP] clients/inst_autoconfigure.ycp:41 current step: 13 desc:Configuring ldap 2013-04-17 07:04:01 <1> lab16(4529) [wfm] Y2CCWFM.cc(createInLevel):148 Parsing finished 2013-04-17 07:04:01 <1> lab16(4529) [Interpreter] clients/ldap_auto.ycp:127 Calling YaST client ldap_auto 2013-04-17 07:04:01 <1> lab16(4529) [YCP] clients/ldap_auto.ycp:45 ---------------------------------------- 2013-04-17 07:04:01 <1> lab16(4529) [YCP] clients/ldap_auto.ycp:46 Ldap auto started 2013-04-17 07:04:01 <3> lab16(4529) [agent-ini] IniFile.cc(delValue):993 Delete: Invalid path .v."/etc/ldap.conf"."host" [1] 2013-04-17 07:04:01 <1> lab16(4529) [YCP] Ldap.ycp:2229 file /etc/openldap/ldap.conf was modified 2013-04-17 07:04:01 <3> lab16(4529) [bash] ShellCommand.cc(shellcommand):78 ln -s '/usr/lib/systemd/system/autofs.service' '/etc/systemd/system/multi-user.target.wants/autofs.service' 2013-04-17 07:04:01 <3> lab16(4529) [bash] ShellCommand.cc(shellcommand):78 ln -s '/usr/lib/systemd/system/sssd.service' '/etc/systemd/system/multi-user.target.wants/sssd.service' 2013-04-17 07:04:01 <1> lab16(4529) [YCP] clients/ldap_auto.ycp:126 Ldap auto finished 2013-04-17 07:04:01 <1> lab16(4529) [YCP] clients/ldap_auto.ycp:127 ---------------------------------------- 2013-04-17 07:04:01 <1> lab16(4529) [Interpreter] clients/ldap_auto.ycp:127 Called YaST client returned. ---------------- I have a post script running at 07:04:27 that will restart NSCD, hence the restart entries in /var/log/messages at that time. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c6 --- Comment #6 from Joschi Brauchle 2013-04-17 11:47:51 UTC --- It looks like /var/log/messages is not part of the saved y2logs. So at the time where the ldap auto client is running, there is no incident showing that nscd was restarted, see: --------------- 2013-04-17T07:04:01.703167+02:00 linux systemd[1]: Reloading. 2013-04-17T07:04:24.382621+02:00 linux systemd[1]: last message repeated 5 times 2013-04-17T07:04:24.382557+02:00 linux sntp[8992]: Started sntp 2013-04-17T07:04:24.380370+02:00 linux sntp[8992]: kod_init_kod_db(): Cannot open KoD db file /var/db/ntp-kod 2013-04-17T07:04:27.026898+02:00 linux systemd[1]: Stopping Name Service Cache Daemon... 2013-04-17T07:04:27.032224+02:00 linux systemd[1]: Starting Name Service Cache Daemon... 2013-04-17T07:04:27.034211+02:00 linux systemd[1]: Started Name Service Cache Daemon. --------------- The "reloading" at 07:04:01 comes from enabling autofs and sssd, I guess? The post script is started at 07:04:24, hence nscd restarts there... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c8 Thomas Fehr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |fehr@suse.com InfoProvider|fehr@suse.com | --- Comment #8 from Thomas Fehr 2013-04-17 12:38:33 UTC --- How should autoyast know something about correct status of services it installs. Autoyast does not interpret the data a module provides in any way. It simply calls "Import()", "Export()", "Read()" and "Write()" from the modules client. If we decided not to reload/restart services when called from autoyast, I can not see how this can be fixed without putting all knowledge about services dependent on each other into autoyast (which we certainly do not want to do). Would it not be possible for ldap_auto to simply restart nscd service if it is running? Autoyast does a "systemctl isolate default.target" at the end to start all services. Problem seems to be that the service is already running? Why is that the case? Who starts nscd service? I would simply tend to say in such cases final_reboot needs to be set to true. Alternately we can determine if it is possible to prevent in some way that nscd is running at all -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c10 --- Comment #10 from Thomas Fehr 2013-04-17 13:32:23 UTC ---

It probably could, but it would be a hack against current autoYaST way of work.

But this "way of work" assumed services were not running (yet), which seems not to be true any more in 12.3.

So should we say that final_reboot is the correct answer here?

As long as we do not want to either introduce hacks like nscd restart or change something fundamentally, yes.

Or that nscd is to blame instead of YaST?

If nscd would recognize when its config file changes, this would also solve the problem, but I am sure if this is capability is really promised by the service. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c12 --- Comment #12 from Thomas Fehr 2013-04-17 16:32:34 UTC ---

So, this poses the question again: - why is nscd running and who starts it? - should it not be automatically restarted anyways, because it was running during installation and thus it is likely that its configuration has changed?

I just did a test install if you enable nscd in <runlevel> section, it gets started by systemd before YaST2-Second-Stage gets started.

I think this is somewhat similar to the network service, which also is started and required during installation, but later needs to be restarted to adapt to its final configuration...

Network is the exception here. It probably would work to add "nscd.service" to the "Before" list of YaST2-Second-Stage.service but we can hardly add all existing services there. Another solution would be to add network.target to "After" section of nscd.service. I am not sure if it even makes any sense to start nscd before network is up, in pre-Systemd times it was dependent on $remote-fs and therefore indirectly on network. yast2-runlevel correctly does not start services. From the y2log: RunlevelEd.ycp:768 All services will be started at the end, skipping for now...

Are there any other service that are both required during installation and configured during installation? How is it handled there?

So far these services were expected not to be running while YaST2-Second-Stage is executed unless yast2 start scripts starts them (as an excpetion like for network). With 12.3 this is not true any more and will most probably lead to lots of subtle problems. Therefore I would urge to use final_reboot=true. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c14 Thomas Fehr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED AssignedTo|jsuchome@suse.com |fehr@suse.com --- Comment #14 from Thomas Fehr 2013-04-18 12:34:51 UTC ---

Do you propose any deeper change in autoYaST logic based on current behavior?

I had a new idea this morning and am experimenting with it. While autoyast cannot know which services need to be restarted due to configuration changes, it could simply restart all services that are in running state. This should solve all potential problems with changed config files for services already running. No modules beside autoyast would be affected and so far I see no disadvantages (the system is not (yet) in a usable state at this time anyway), but I did not try it yet.

For now, I'd just close it with the offical 'use final_reboot' advice.

I just reassigned it to me. I hope I will have something which Joschi Brauchle could test either today or early next week. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c16 Thomas Fehr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |joschibrauchle@gmx.de --- Comment #16 from Thomas Fehr 2013-04-18 14:49:08 UTC --- Attached updated version of inst_autoconfigure.ycp. This restarts all services in state "running" after all auto clients of modules have been run. I tested it and it worked as expected. Additional delay for my installations was about 15 seconds. Joschi, could you please try with this version if your problem with nscd demon having wrong configuration is fixed? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c18 Joschi Brauchle changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #535545|0 |1 is obsolete| | --- Comment #18 from Joschi Brauchle 2013-04-18 15:30:43 UTC --- Created an attachment (id=535853) --> (http://bugzilla.novell.com/attachment.cgi?id=535853) y2logs w/o autoyast -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c20 --- Comment #20 from Joschi Brauchle 2013-04-18 16:15:55 UTC --- Yes it works on the commandline, but on my test install, the caching was enabled. I can also see that try-restart was running successfully! ------ /var/log/messages ------ 2013-04-18T11:19:52.416256-04:00 linux systemd[1]: Reloading. 2013-04-18T11:19:52.451038-04:00 linux systemd[1]: Starting System Security Services Daemon... 2013-04-18T11:19:52.578251-04:00 linux sssd: nscd socket was detected. Nscd caching capabilities may conflict with SSSD for users and groups. It is recommended not to run nscd in parallel with SSSD, unless nscd is configured not to cache the passwd, group and netgroup nsswitch maps. 2013-04-18T11:19:52.809894-04:00 linux sssd: Starting up 2013-04-18T11:19:53.057601-04:00 linux sssd[be[default]]: Starting up 2013-04-18T11:19:53.187171-04:00 linux sssd[pam]: Starting up 2013-04-18T11:19:53.190964-04:00 linux sssd[nss]: Starting up 2013-04-18T11:19:53.210196-04:00 linux systemd[1]: Started System Security Services Daemon. 2013-04-18T11:19:53.247817-04:00 linux systemd[1]: Stopping Name Service Cache Daemon... 2013-04-18T11:19:53.252838-04:00 linux systemd[1]: Starting Name Service Cache Daemon... 2013-04-18T11:19:53.254634-04:00 linux systemd[1]: Started Name Service Cache Daemon. ------ /var/log/messages ------ But look at this: ------------ # l /etc/nscd.conf -rw-r--r-- 1 root root 2343 Apr 18 11:20 /etc/nscd.conf ------------ The modify timestamp suggest that the nscd.conf was modified AFTER the try-restart! Hence nscd is still running with an incorrect config. Hence there seems to be some problem in the Yast code with the order of things? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c22 Thomas Fehr changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jsuchome@suse.com --- Comment #22 from Thomas Fehr 2013-04-18 16:26:15 UTC --- I grepped trogh sources of yast2-kerberos-client and they do not mention nscd at all. Ok, if nscd.conf is written after call to "nscd try-restart" (which happened at 11:19:53) this is a problem within ldap module and needs to be handled by Jiri Suchomel. So we have basically two different problems here. - one regarding autoyast setup after auto-clients modified config files (should be addressed by attached inst_autoconfgure.ycp) - one regarding yast2-ldap with order of file writes and call to nscd restart Maybe it would be best to clone the bug. Adding Jiri Suchomel too CC: again. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c24 --- Comment #24 from Jiří Suchomel 2013-04-19 06:42:07 UTC --- Created an attachment (id=535989) --> (http://bugzilla.novell.com/attachment.cgi?id=535989) patch for /usr/share/YaST2/modules/Ldap.ycp (In reply to comment #23)

Jiri, I think there is some call "SCR::Write(.etc.nscd_conf, nil))" in function WriteNscdCache missing, otherwise SCR seems to delay the write until end of client invocation and during the "nscd try-restart" the filesystem still has old content of /etc/nscd.conf.

That makes sense. Try attached patch. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c26 --- Comment #26 from Joschi Brauchle 2013-04-19 12:58:30 UTC --- New ldap-client package looks good. Test installation had nscd caching disabled for passwd and groups! I will report back about autoyast later. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c28 --- Comment #28 from Thomas Fehr 2013-04-23 12:14:36 UTC --- The problem with systemd-logind.service does not happen always, therefore I did not catch it in my tests. I now add a list of services not to restart which currently contains only systemd-logind.service. I now have an additional delay of about 5 seconds. If you still have 30 seconds delay with new version I would be interested in y2log file, maybe some more tweaking is needed. I attach updated version of inst_autoconfigure.ycp. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c30 Thomas Fehr changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED --- Comment #30 from Thomas Fehr 2013-04-25 12:55:27 UTC --- Considering this as fixed for factory. So far I will not backport this for 12.3 but still would advise to set "final_reboot" to "true" in 12.3 when such problems show up. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

https://bugzilla.novell.com/show_bug.cgi?id=804454 https://bugzilla.novell.com/show_bug.cgi?id=804454#c32 --- Comment #32 from Thomas Fehr 2013-06-24 03:56:16 UTC --- The problem occurs during second stage of yast2 installation. So releasing an update would only help if the user installs the updates together with original medium in initial install. This can of course be done, e.g. by adding http://download.opensuse.org/update/12.3/ as add-on product. But I doubt many autoyast setups use such a setup, mostly they will install from original medium and simply do a online update afterward. For such a scenario, releasing an update for autoyast would not help since autoyast package from original medium is used and the bug is already triggered in YaST2 second stage of autoyast install. Therefore I would assume that after releasing an online update there would be more confusion under which install scenarios the new autoyast would be in place already during initial install. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.