Hi,
On 11/22/18 1:28 PM, Siegfried Eichhorn wrote:
Hi
see https://unix.stackexchange.com/questions/210604/how-to-write-a-systemd-servi... maybe that solves it.
I am not sure if waiting for the interface solves the problem. It should wait for DNS to succeed, shouldn't it?
Obviously I missed to add the backend log file. Here are the important parts, AFAICT:
: (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [sdap_id_setup_tasks] (0x0400): Setting up cleanup task for example.com (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_fo_set_srv_lookup_plugin] (0x0400): Trying to set SRV lookup plugin to DNS (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_fo_set_srv_lookup_plugin] (0x0400): SRV lookup plugin is now DNS (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [sysdb_get_certmap] (0x0400): No certificate maps found. (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option ipa_domain has value example.com (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option ipa_server has value _srv_, ipa0.example.com (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option ipa_backup_server has no value (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [dp_copy_options_ex] (0x0400): Option ipa_hostname has value srvl061.ac.example.com : : (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolve_srv_send] (0x0200): The status of SRV lookup is neutral (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_discover_srv_next_domain] (0x0400): SRV resolution of service 'ldap'. Will use DNS discovery domain 'example.com' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_getsrv_send] (0x0100): Trying to resolve SRV record of '_ldap._tcp.example.com' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_discover_srv_done] (0x0040): SRV query failed [11]: Could not contact DNS servers (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_set_port_status] (0x0100): Marking port 0 of server '(no name)' as 'not working' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolve_srv_done] (0x0040): Unable to resolve SRV [1432158237]: SRV lookup error (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [set_srv_data_status] (0x0100): Marking SRV lookup of service 'IPA' as 'not resolved' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (SRV lookup meta-server), resolver returned [1432158237]: SRV lookup error (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_resolve_service_send] (0x0100): Trying to resolve service 'IPA' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve A record of 'ipa0.example.com' in files (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [set_server_common_status] (0x0100): Marking server 'ipa0.example.com' as 'resolving name' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_files_send] (0x0100): Trying to resolve AAAA record of 'ipa0.example.com' in files (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_next] (0x0200): No more address families to retry (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_dns_query] (0x0100): Trying to resolve A record of 'ipa0.example.com' in DNS (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [request_watch_destructor] (0x0400): Deleting request watch (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [resolv_gethostbyname_done] (0x0040): querying hosts database failed [5]: Input/output error (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [fo_resolve_service_done] (0x0020): Failed to resolve server 'ipa0.example.com': Could not contact DNS servers (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [set_server_common_status] (0x0100): Marking server 'ipa0.example.com' as 'not working' (Thu Nov 22 11:57:31 2018) [sssd[be[example.com]]] [be_resolve_server_process] (0x0080): Couldn't resolve server (ipa0.example.com), resolver returned [5]: Input/output error
Most easy workaround seems to be to add ipa0.example.com to /etc/hosts. There is no problem with sysvinit, so changing init might be an option, too.
I would prefer if the backend waits for DNS a little bit longer, of course. Surely systemctl status sssd should not say "running", while the backend is dead.
Regards Harri