On 2 November 2017 at 19:44, Sumit Bose <sbose@redhat.com> wrote:
On Thu, Nov 02, 2017 at 08:20:49AM +1100, Lachlan Musicman wrote:
> Last night sssd shutdown on one of my servers.
>
> I had updated the IPA server earlier in the day - but only patches to
> 4.5.0, nothing major.
>
> The error I saw this AM was:
>
>
> (Wed Nov  1 17:08:22 2017) [sssd[be[unix.domain.com]]] [orderly_shutdown]
> (0x0010): SIGTERM: killing
> children
> (Wed Nov  1 17:08:50 2017) [sssd[be[unix.domain.com]]]
> [sysdb_domain_cache_connect] (0x0010): DB version too old [0.18], expected
> [0.19] for domain unix.domain.com!


Typically the cache is updated by the monitor process /usr/sbin/sssd.
Can you check /var/log/sssd/sssd.log if there are any errors indicating
a failure during the update?

Does it work after another restart or does it continue to fail?


IT did work after a restart, but only for about 5 hours before it failed again - although this time instead of shutting down, it just didn't query the IPA server any more?
Unfortunately debug had been set to 0 because everything had been working well for so long, so I have nothing to show yet - I'll be doing more forensics today.


We did find that rolling back the latest updates to the IPA server has worked for returning auth. My manager is focused on "the problems with the ipa server". I still think it was a problem on the specific client, since my test unit and all other servers have continued working as far as we can tell. It was unfortunate that the client in question was the cluster login node.

Cheers
L.




------
"The antidote to apocalypticism is apocalyptic civics. Apocalyptic civics is the insistence that we cannot ignore the truth, nor should we panic about it. It is a shared consciousness that our institutions have failed and our ecosystem is collapsing, yet we are still here — and we are creative agents who can shape our destinies. Apocalyptic civics is the conviction that the only way out is through, and the only way through is together. "

Greg Bloom @greggish https://twitter.com/greggish/status/873177525903609857