[Freeipa-users] cron reports "ORPHAN (no passwd entry)" for the @reboot jobs

Harald Dunkel harald.dunkel at aixigo.de
Tue May 3 05:35:15 UTC 2016 

Hi Lukas,

On 05/02/16 17:59, Lukas Slebodnik wrote:
> Could you provide output of "systemctl cat sssd.service"?
> In my case, it should be started before nss-user-lookup.target
> 
>     # /usr/lib/systemd/system/sssd.service
>     [Unit]
>     Description=System Security Services Daemon
>     # SSSD must be running before we permit user sessions
>     Before=systemd-user-sessions.service nss-user-lookup.target
>     Wants=nss-user-lookup.target
> 
>     [Service]
>     EnvironmentFile=-/etc/sysconfig/sssd
>     ExecStart=/usr/sbin/sssd -D -f
>     # These two should be used with traditional UNIX forking daemons
>     # consult systemd.service(5) for more details
>     Type=forking
>     PIDFile=/var/run/sssd.pid
> 
>     [Install]
>     WantedBy=multi-user.target

I got

	# /lib/systemd/system/sssd.service
	[Unit]
	Description=System Security Services Daemon
	# SSSD must be running before we permit user sessions
	Before=systemd-user-sessions.service nss-user-lookup.target
	Wants=nss-user-lookup.target

	[Service]
	EnvironmentFile=-/etc/sysconfig/sssd
	ExecStart=/usr/sbin/sssd -D -f
	# These two should be used with traditional UNIX forking daemons
	# consult systemd.service(5) for more details
	Type=forking
	PIDFile=/var/run/sssd.pid

	[Install]
	WantedBy=multi-user.target

Except for the first comment line diff doesn't show a
difference.

Maybe there is a misunderstanding: IMHO its not sufficient to start
sssd before systemd-user-sessions.service and nss-user-lookup.target.
sssd and all its internal sssd_something services must have
completed their initialization (including the user database) before
these services can be started.

Here is the output of "ps -ef", created by the "@reboot" crontab
entry:

UID         PID   PPID  C STIME TTY          TIME CMD
root          1      0  0 14:27 ?        00:00:00 /sbin/init
root         23      1  0 14:27 ?        00:00:00 /lib/systemd/systemd-journald
root        159      1  0 14:28 ?        00:00:00 dhclient -v -pf /run/dhclient.eth0.pid -lf /var/lib/dhcp/dhclient.eth0.leases eth0
daemon      193      1  0 14:28 ?        00:00:00 /usr/sbin/atd -f
root        194      1  0 14:28 ?        00:00:00 /usr/sbin/cron -f
root        195      1  0 14:28 ?        00:00:00 /usr/sbin/ModemManager
root        198      1  0 14:28 ?        00:00:00 /usr/sbin/inetd -i
root        199      1  0 14:28 ?        00:00:00 /usr/sbin/sshd -D
root        200      1  0 14:28 ?        00:00:00 lldpd: monitor
root        201      1  0 14:28 ?        00:00:00 /usr/sbin/sssd -D -f
message+    206      1  0 14:28 ?        00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
lp          218      1  0 14:28 ?        00:00:00 /usr/sbin/lpd -s
root        220      1  0 14:28 ?        00:00:00 /usr/sbin/ntpd -p /var/run/ntpd.pid -c /var/lib/ntp/ntp.conf.dhcp -u 112:121
root        226      1  0 14:28 ?        00:00:00 /usr/sbin/certmonger -S -p /var/run/certmonger.pid -n
root        227      1  0 14:28 ?        00:00:00 /usr/sbin/rsyslogd -n
_lldpd      229    200  0 14:28 ?        00:00:00 lldpd: no neighbor
root        262      1  0 14:28 ?        00:00:00 /usr/lib/policykit-1/polkitd --no-debug
root        263    194  0 14:28 ?        00:00:00 /usr/sbin/CRON -f
zabbix      271      1  0 14:28 ?        00:00:00 /usr/sbin/zabbix_agentd
zabbix      274    271  0 14:28 ?        00:00:00 /usr/sbin/zabbix_agentd: collector [idle 1 sec]
zabbix      275    271  0 14:28 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #1 [waiting for connection]
zabbix      276    271  0 14:28 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #2 [waiting for connection]
zabbix      277    271  0 14:28 ?        00:00:00 /usr/sbin/zabbix_agentd: listener #3 [waiting for connection]
zabbix      278    271  0 14:28 ?        00:00:00 /usr/sbin/zabbix_agentd: active checks #1 [idle 1 sec]
root        492    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/ipa-submit
root        502    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/ipa-submit
Debian-+    504      1  0 14:28 ?        00:00:00 /usr/sbin/exim4 -bd -q30m
root        505    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/ipa-submit
root        506    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/ipa-submit
root        507    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/ipa-submit
root        508    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/ipa-submit
root        509    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/certmaster-submit
root        510    263  0 14:28 ?        00:00:00 /bin/sh -c ( ps -ef; ls -al /home ) >/var/tmp/ls.log
root        511    510  0 14:28 ?        00:00:00 /bin/sh -c ( ps -ef; ls -al /home ) >/var/tmp/ls.log
root        512    201  0 14:28 ?        00:00:00 /usr/sbin/sssd -D -f
root        515    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/certmaster-submit
root        516    511  0 14:28 ?        00:00:00 ps -ef
root        517    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/certmaster-submit
root        518    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/certmaster-submit
root        519    512  0 14:28 ?        00:00:00 /usr/sbin/sssd -D -f
root        520    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/certmaster-submit
root        521    226  0 14:28 ?        00:00:00 /usr/lib/x86_64-linux-gnu/certmonger/certmaster-submit

Please note that the sssd_* jobs are missing, and yet the
cron service has been started to run this cron job.


Regards
Harri

More information about the Freeipa-users mailing list