Bug 5951 - [anolis23][noaarch][nightly]sssd 服务无法启动
Summary: [anolis23][noaarch][nightly]sssd 服务无法启动
Status: RESOLVED BYDESIGN
Alias: None
Product: Anolis OS 23
Classification: Anolis OS
Component: BaseOS Packages (show other bugs) BaseOS Packages
Version: 23.0
Hardware: All Linux
: P3-Medium S3-normal
Target Milestone: ---
Assignee: happy_orange
QA Contact: bolong_tbl
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-07-20 16:47 UTC by yunmeng365524
Modified: 2023-07-22 13:32 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description yunmeng365524 2023-07-20 16:47:17 UTC 
Description of problem:
sssd 服务无法启动

Version-Release number of selected component (if applicable):
[root@localhost ~]# cat /etc/os-release
NAME="Anolis OS"
VERSION="23"
ID="anolis"
VERSION_ID="23"
PLATFORM_ID="platform:an23"
PRETTY_NAME="Anolis OS 23"
ANSI_COLOR="0;31"
HOME_URL="https://openanolis.cn/"
BUG_REPORT_URL="https://bugzilla.openanolis.cn/"

[root@localhost ~]# uname -a
Linux localhost.localdomain 5.10.134-14.1.an23.aarch64 #1 SMP Thu May 25 19:50:35 CST 2023 aarch64 GNU/Linux
[root@localhost ~]#

How reproducible:
[root@localhost ~]# systemctl restart sssd
[root@localhost ~]# systemctl status sssd
○ sssd.service - System Security Services Daemon
     Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; preset: enabled)
     Active: inactive (dead)
  Condition: start condition failed at Thu 2023-07-20 16:42:30 CST; 6s ago
             ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
             └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met

Jul 20 16:30:37 localhost.localdomain systemd[1]: sssd.service - System Security Services Daemon was skipped because no tr>
Jul 20 16:42:30 localhost.localdomain systemd[1]: sssd.service - System Security Services Daemon was skipped because no tr>

从服务的提示信息可以看出,服务依赖无法满足。
  Condition: start condition failed at Thu 2023-07-20 16:30:37 CST; 6min ago
             ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
             └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met
查看服务的配置文件:
# cat /usr/lib/systemd/system/sssd.service
[Unit]
Description=System Security Services Daemon
# SSSD must be running before we permit user sessions
Before=systemd-user-sessions.service nss-user-lookup.target
Wants=nss-user-lookup.target
StartLimitIntervalSec=50s
StartLimitBurst=5
ConditionPathExists=|/etc/sssd/sssd.conf
ConditionDirectoryNotEmpty=|/etc/sssd/conf.d/

[Service]
Environment=DEBUG_LOGGER=--logger=files
EnvironmentFile=-/etc/sysconfig/sssd
ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER}
Type=notify
NotifyAccess=main
PIDFile=/run/sssd.pid
CapabilityBoundingSet= CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
Restart=on-abnormal

[Install]
WantedBy=multi-user.target
可以看到,unit中定义,需要/etc/sssd/sssd.conf 文件存在和/etc/sssd/conf.d/不为空。
但是安装sssd-common后,没有对应的文件。因此服务无法启动。
[root@localhost ~]# ll /etc/sssd/sssd.conf
ls: cannot access '/etc/sssd/sssd.conf': No such file or directory
[root@localhost ~]# yum provides /etc/sssd/sssd.conf
Last metadata expiration check: 0:05:17 ago on Thu 20 Jul 2023 04:32:39 PM CST.
sssd-common-2.8.2-1.an23.aarch64 : Common files for the SSSD
Repo        : @System
Matched from:
Filename    : /etc/sssd/sssd.conf

sssd-common-2.8.2-1.an23.aarch64 : Common files for the SSSD
Repo        : os
Matched from:
Filename    : /etc/sssd/sssd.conf

[root@localhost ~]# rpm -ql sssd-common | grep /etc/sssd/sssd.conf
/etc/sssd/sssd.conf
[root@localhost ~]# yum install sssd-common
Last metadata expiration check: 0:05:42 ago on Thu 20 Jul 2023 04:32:39 PM CST.
Package sssd-common-2.8.2-1.an23.aarch64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!


Steps to Reproduce:
如上

Actual results:
服务无法启动

Expected results:
服务正常启动

Additional info:
对比an8的结果:
# systemctl status sssd
* sssd.service - System Security Services Daemon
   Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2023-06-26 16:22:58 CST; 3 weeks 2 days ago
 Main PID: 670 (sssd)
    Tasks: 3 (limit: 47445)
   Memory: 56.0M
   CGroup: /system.slice/sssd.service
           |-670 /usr/sbin/sssd -i --logger=files
           |-752 /usr/libexec/sssd/sssd_be --domain implicit_files --uid 0 --gid 0 --logger=files
           `-779 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --logger=files

Jun 26 16:22:58 localhost.localdomain systemd[1]: Starting System Security Services Daemon...
Jun 26 16:22:58 localhost.localdomain sssd[670]: Starting up
Jun 26 16:22:58 localhost.localdomain sssd_be[752]: Starting up
Jun 26 16:22:58 localhost.localdomain sssd_nss[779]: Starting up
Jun 26 16:22:58 localhost.localdomain systemd[1]: Started System Security Services Daemon.

# cat /usr/lib/systemd/system/sssd.service
[Unit]
Description=System Security Services Daemon
# SSSD must be running before we permit user sessions
Before=systemd-user-sessions.service nss-user-lookup.target
Wants=nss-user-lookup.target


[Service]
Environment=DEBUG_LOGGER=--logger=files
EnvironmentFile=-/etc/sysconfig/sssd
ExecStart=/usr/sbin/sssd -i ${DEBUG_LOGGER}
Type=notify
NotifyAccess=main
PIDFile=/var/run/sssd.pid
CapabilityBoundingSet= CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_CHOWN CAP_DAC_READ_SEARCH CAP_KILL CAP_NET_ADMIN CAP_SYS_NICE CAP_FOWNER CAP_SETGID CAP_SETUID CAP_SYS_ADMIN CAP_SYS_RESOURCE CAP_BLOCK_SUSPEND
Restart=on-failure

[Install]
WantedBy=multi-user.target
Comment 1 扣肉 2023-07-22 13:32:32 UTC 
https://github.com/SSSD/sssd/commit/501e05f46252ba6e097983a871c92b3896b596f2

sssd 需要依赖一个配置文件才能运行。虽然这个commit是2.9.0的,an23 现在使用的是2.8.2,但是考虑到后续早晚都会更新到 2.9.0,这个依赖是合理的。