[SSSD] Re: [sssd PR#32][comment] Requesting a pull to SSSD:master from fidencio:wip/#3138

On Wed, Sep 28, 2016 at 10:32 AM, jhrozek <sssd-github-notification(a)fedorahosted.org&gt; wrote: > URL: https://github.com/SSSD/sssd/pull/32 > Title: #32: Requesting a pull to SSSD:master from fidencio:wip/#3138 > > jhrozek commented: > """ > Hi, thank you for working on this. I think there are two "architectural" questions we should answer. > > 1) Lukas raised the suggestion of using PreExec with `sssd --genconf` on #sssd on IRC. Did you explore this or did you not like this solution because of race-conditions? I do believe it may work, but I would have to adapt sssd --genconf logic, in order to avoid race-conditions.Shall I go for it? I was thinking about waiting a little bit before doing any changes to let people raise their questions/comments so I won't spend one week on something that's not going to be used at all. There are still the suggestions/questions raised by Pavel in the bug report, where Dmitri jumped in as well, that just makes me think that people are not in sync about the confdb itself and any kind of effort on this area must have some agreement beforehand. What do you think about this? > 2) If we don't use `sssd --genconf`, I wonder if it would be actually better to add the new socket to the monitor process rather than a new service (sorry, I realize it was me who lead you down this path of adding a new service...I only remembered this idea now once @simo5 mentioned it on IRC). IMO this would have one advantage which is that the sssd process is already permitted by SELinux to read sssd.conf and write to confdb. And long-term we wanted to make the sssd process only initialize sssd and then exit since the services would (in the ideal case of a modern Linux system) self-monitor themselves. I really don't know what's the best approach and I completely opened for suggestions.