http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c1 --- Comment #1 from Luiz Angelo Daros de Luca --- Created attachment 805904 --> http://bugzilla.suse.com/attachment.cgi?id=805904&action=edit sssd logs since boot until before workaround is done (and sssd is not working) -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c9 Samuel Cabrero changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(luizluca@tre-sc.j | |us.br) --- Comment #9 from Samuel Cabrero --- (In reply to Luiz Angelo Daros de Luca from comment #8)

sssd could read /etc/resolv.conf link and monitor both /etc/resolv.conf and "/etc/resolv.conf target" for changes (if inotify can monitor files before path is available).

I am still not able to reproduce. Could you attach the full autoinst.xml please? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c15 Samuel Cabrero changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |yast2-maintainers@suse.de Flags| |needinfo?(yast2-maintainers | |@suse.de) --- Comment #15 from Samuel Cabrero --- I tried again and after stage2 my /etc/resolv.conf is correctly pointing to /var/run/netconfig/resolv.conf I am setting need info from yast maintainers to comment about #12. Please provide a autoyast XML file to reproduce the issue, otherwise we can't move forward. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c18 --- Comment #18 from Samuel Cabrero --- Hi, I think I have found the problem. SSSD setup a inotify watch over resolv.conf and its parent directory to be notified even when resolv.conf is created or changed, but as it is not resolving the symlink it is watching the directory containing the symlink and not /var/run/netconfig. Could you try again with this new patched package please? https://build.opensuse.org/package/show/home:scabrero:branches:openSUSE:Leap... -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c20 Andrew Daugherity changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |adaugherity@tamu.edu --- Comment #20 from Andrew Daugherity --- (In reply to Samuel Cabrero from comment #18)

Could you try again with this new patched package please?

https://build.opensuse.org/package/show/home:scabrero:branches:openSUSE:Leap: 15.1:Update/sssd

I have also hit this bug, but unfortunately those packages do not fix the problem for me. Like the others' reports, restarting sssd or signaling with USR2 fixes it, but it fails on boot.

I think I have found the problem. SSSD setup a inotify watch over resolv.conf and its parent directory to be notified even when resolv.conf is created or changed, but as it is not resolving the symlink it is watching the directory containing the symlink and not /var/run/netconfig.

This is probably the right track, as I do not have this issue in Leap 15.0, which has the same version of sssd (1.16.1) but an older sysconfig-netconfig which writes /etc/resolv.conf as a normal file rather than a symlink. However, sssd debug logs do not indicate it re-reading resolv.conf after wicked has updated it. Rather, it still keeps trying lookups using an empty list of DNS servers, e.g.: ==== (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [resolv_discover_srv_done] (0x0040): SRV query failed [11]: Could not contact DNS servers (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [resolve_srv_done] (0x0040): Unable to resolve SRV [1432158237]: SRV lookup error (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'AD' as 'not resolved' (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned [1432158237]: SRV lookup error (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [be_resolve_server_process] (0x1000): Trying with the next one! (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'AD' (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [get_port_status] (0x1000): Port status of port 0 for server '(no name)' is 'not working' (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [get_port_status] (0x0080): SSSD is unable to complete the full connection request, this internal status does not necessarily indicate network port issues. (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [fo_resolve_service_send] (0x0020): No available servers for service 'AD' (Mon Jul 22 16:28:02 2019) [sssd[be[dor.tamu.edu]]] [be_resolve_server_done] (0x1000): Server resolution failed: [5]: Input/output error ==== But this is well after the network was up: # journalctl -u 'wicked*' -u sssd -- Logs begin at Mon 2019-07-22 16:26:54 CDT, end at Mon 2019-07-22 16:30:20 CDT. -- Jul 22 16:27:01 dhcp-125 sssd[648]: Starting up Jul 22 16:27:01 dhcp-125 sssd[be[762]: Starting up Jul 22 16:27:02 dhcp-125 sssd[766]: Starting up Jul 22 16:27:02 dhcp-125 sssd[764]: Starting up Jul 22 16:27:02 dhcp-125 sssd[765]: Starting up Jul 22 16:27:05 dhcp-125 sssd[be[762]: Backend is offline Jul 22 16:27:05 dhcp-125 wickedd-dhcp4[639]: eth0: Request to acquire DHCPv4 lease with UUID 292a365d-f0fd-0800-a602-000004000> Jul 22 16:27:06 dhcp-125 wickedd-dhcp4[639]: eth0: Committed DHCPv4 lease with address 10.95.0.125 (lease time 22576 sec, rene> Jul 22 16:27:11 dhcp-125 wicked[768]: lo up Jul 22 16:27:11 dhcp-125 wicked[768]: eth0 up And in fact: # stat $(readlink /etc/resolv.conf) File: /var/run/netconfig/resolv.conf [...] Modify: 2019-07-22 16:27:07.167912609 -0500 ---- This "replace resolv.conf with a symlink" change (for what benefit?) seems to have had unintended consequences. If I replace it with a normal file, sssd starts properly. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c22 --- Comment #22 from Andrew Daugherity --- FYI, the tmpfiles workaround from bug 1123699 solves the problem with sssd, in conjunction with the packages in comment 18. Both are needed, as tmpfiles + the (current) official sssd packages still fails. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |ibs:running:12146:moderate -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c28 --- Comment #28 from Swamp Workflow Management --- SUSE-RU-2019:2417-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1136139,1137380 CVE References: Sources used: SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): yast2-auth-client-4.1.2-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:11096:moderate -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c29 --- Comment #29 from Swamp Workflow Management --- openSUSE-RU-2019:2190-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1136139,1137380 CVE References: Sources used: openSUSE Leap 15.1 (src): yast2-auth-client-4.1.2-lp151.2.3.1 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c31 Samuel Cabrero changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(scabrero@suse.com | |) | --- Comment #31 from Samuel Cabrero --- (In reply to Knut Alejandro Anderssen González from comment #30)

Samuel,

The bug seems to be solved after last patches, do you still need something from us?.

Hi Knut, not at the moment but thanks for asking. I am still waiting for upstream to merge the patch, so I leave the bug open as a reminder. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|ibs:running:13030:moderate | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c33 --- Comment #33 from Swamp Workflow Management --- SUSE-RU-2019:2814-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1133168,1136139,1149597 CVE References: Sources used: SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): sssd-1.16.1-3.31.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): sssd-1.16.1-3.31.1 SUSE Linux Enterprise Module for Basesystem 15-SP1 (src): sssd-1.16.1-3.31.1 SUSE Linux Enterprise Module for Basesystem 15 (src): sssd-1.16.1-3.31.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c34 --- Comment #34 from Swamp Workflow Management --- openSUSE-RU-2019:2439-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1133168,1136139,1149597 CVE References: Sources used: openSUSE Leap 15.1 (src): sssd-1.16.1-lp151.7.9.1 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 http://bugzilla.suse.com/show_bug.cgi?id=1136139#c36 --- Comment #36 from Swamp Workflow Management --- openSUSE-RU-2019:2455-1: An update that has three recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1133168,1136139,1149597 CVE References: Sources used: openSUSE Leap 15.0 (src): sssd-1.16.1-lp150.2.22.1 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1136139 Knut Alejandro Anderssen González changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(knut.anderssen@su | |se.com) | -- You are receiving this mail because: You are on the CC list for the bug.