sssd failover leads to delayed and failed logins #5075

sssd-bot · 2020-05-02T14:01:00Z

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/4114

Created at 2019-11-07 13:27:39 by sbose
Closed at 2019-11-29 11:26:09 as Fixed
Assigned to sbose
Associated bugzillas
- https://bugzilla.redhat.com/show_bug.cgi?id=1769755

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1769755

Description of problem:
During testing IPA deployment in my customers environment and running various
fail over test scenarios, we recognized that under some circumstances, fail
over didn't work as expected and resulted in failed or delayed (~ 60 - 70
seconds) logins.

Version-Release number of selected component (if applicable): 1.16.4


How reproducible: Always.


Steps to Reproduce:
1. Client connected to two IPA servers (A and B)
2. Cut connection to server A
3. Login to client
4. Allow connection to server A
5. Cut connection to server B

If you keep doing this repeatedly, at some point the fail back from B to A
doesn't work; SSSD takes a very long time to recognize the connection to server
A is restored and uses it again.

Actual results: Logins delayed or not working at all


Expected results: Fail over + fail back work smoothly


Additional info:
* This was already analysed by Sumit Bose and he has a fix for it available.
* Customer case will be linked.
* Exception set to ?
* We'll need this fix in 7.7 z-stream (for EUS) later as well
* It also applies to RHEL 8 AFAIK

Comments

Comment from sbose at 2019-11-07 13:27:41

Metadata Update from @sbose:

Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1769755

Comment from sbose at 2019-11-07 17:13:53

Metadata Update from @sbose:

Issue assigned to sbose

Comment from sbose at 2019-11-15 16:31:37

PR: #941

Comment from sbose at 2019-11-15 16:31:59

Metadata Update from @sbose:

Custom field patch adjusted to on

Comment from pbrezina at 2019-11-29 11:26:10

Commit 707fdf04 relates to this ticket

Comment from pbrezina at 2019-11-29 11:26:10

Commit b9a53cfc relates to this ticket

Comment from pbrezina at 2019-11-29 11:26:11

master
- 707fdf0 - ipa: add failover to access checks
- b9a53cf - ipa: add failover to override lookups

Comment from pbrezina at 2019-11-29 11:26:11

Metadata Update from @pbrezina:

Issue close_status updated to: Fixed
Issue status updated to: Closed (was: Open)

Comment from pbrezina at 2019-11-29 12:16:02

sssd-1-16
- 4897063 - ipa: add failover to override lookups
- a4dd1eb - ipa: add failover to access checks

The text was updated successfully, but these errors were encountered:

In the ipa_subdomain_account request failover handling was missing. Related to SSSD#5075 (was https://pagure.io/SSSD/sssd/issue/4114)

alexey-tikhonov · 2020-06-10T12:16:21Z

Additional RHBZs:

In the ipa_subdomain_account request failover handling was missing. Related to #5075 (was https://pagure.io/SSSD/sssd/issue/4114) Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>

In the ipa_subdomain_account request failover handling was missing. Related to #5075 (was https://pagure.io/SSSD/sssd/issue/4114) Reviewed-by: Pawel Polawski <ppolawsk@redhat.com> (cherry picked from commit df632ee)

sssd-bot added Bugzilla Closed: Fixed Issue was closed as fixed. labels May 2, 2020

sssd-bot closed this as completed May 2, 2020

sssd-bot assigned sumit-bose May 2, 2020

sumit-bose added a commit to sumit-bose/sssd that referenced this issue Jun 5, 2020

ipa: add failover to subdomain override lookups

5cf7e53

In the ipa_subdomain_account request failover handling was missing. Related to SSSD#5075 (was https://pagure.io/SSSD/sssd/issue/4114)

sumit-bose mentioned this issue Jun 5, 2020

ipa: add failover to subdomain override lookups #5196

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sssd failover leads to delayed and failed logins #5075

sssd failover leads to delayed and failed logins #5075

sssd-bot commented May 2, 2020

alexey-tikhonov commented Jun 10, 2020