Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Undefined
Fix Version/s: rhel-8.9.0
Affects Version/s: rhel-8.7.0
Component/s: sssd
Labels:
- Unset

Fixed in Build:
sssd-2.9.1-1.el8
Severity:
Normal
Keywords:

ZStream

Pool Team:

sst_idm_sssd

Blocked:
False
Blocked Reason:

Hide

None

Show
None

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

All
Bugzilla Bug:
RHBZ: 2195919

PX Priority Data:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

sssd-be tends to run out of system resources, hitting the maximum number of open files

(2023-05-04 9:26:39): [be[redhat.com]] [get_active_uid_linux] (0x4000): RID#148299 get_uid_from_pid() failed.
(2023-05-04 9:26:39): [be[redhat.com]] [get_uid_from_pid] (0x0020): RID#148299 open failed [/proc/4075832/status][24][Too many open files].
….
(2023-05-04 9:26:39): [be[redhat.com]] [be_resolve_server_process] (0x0200): RID#148299 Found address for server idm03.redhat.com: [10.x.x.x] TTL 1200
(2023-05-04 9:26:39): [be[redhat.com]] [sdap_kinit_kdc_resolved] (0x1000): RID#148299 KDC resolved, attempting to get TGT...
(2023-05-04 9:26:39): [be[redhat.com]] [create_tgt_req_send_buffer] (0x0400): RID#148299 buffer size: 86
(2023-05-04 9:26:39): [be[redhat.com]] [sdap_fork_child] (0x0020): RID#148299 pipe(from) failed [24][Too many open files].
(2023-05-04 9:26:39): [be[redhat.com]] [sdap_get_tgt_send] (0x0020): RID#148299 sdap_fork_child failed.
(2023-05-04 9:26:39): [be[redhat.com]] [sdap_kinit_done] (0x0020): RID#148299 child failed (24 [Too many open files])
(2023-05-04 9:26:39): [be[redhat.com]] [sdap_cli_kinit_done] (0x0400): RID#148299 Cannot get a TGT: ret [24](Too many open files)
(2023-05-04 9:26:39): [be[redhat.com]] [sdap_cli_connect_recv] (0x0040): RID#148299 Unable to establish connection [13]: Permission denied
$ cat etc/sssd/sssd.conf
[domain/redhat.com]

id_provider = ipa
dns_discovery_domain = redhat.com
default_shell = /bin/bash
override_shell = /bin/bash
ipa_server = srv, xxx.redhat.com
ipa_domain = redhat.com
ipa_hostname = xxx.redhat.com
auth_provider = ipa
chpass_provider = ipa
access_provider = ipa
cache_credentials = True
ldap_tls_cacert = /etc/ipa/ca.crt
krb5_store_password_if_offline = True
debug_level = 9
[sssd]
services = nss, pam, ssh, sudo
enable_files_domain=false

domains = redhat.com
default_domain_suffix = xxx.local
full_name_format = %1$s
debug_level = 9
[nss]
homedir_substring = /home
debug_level = 9
[pam]
debug_level = 9

$ cat lsof |grep sssd|wc -l
1954

WORKAROUND: Restart sssd service.

Version-Release number of selected component (if applicable):

sssd-2.7.3-4.el8_7.3.x86_64

How reproducible:

Steps to Reproduce:
1.
2.
3.

Actual results:

Expected results:

Additional info:

https://github.com/SSSD/sssd/blob/cd843dafe63589d0a77145445c454f6fc19dabae/src/providers/ldap/sdap_child_helpers.c#L86

ret = pipe(pipefd_to_child);
if (ret == -1)

{ ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "pipe(to) failed [%d][%s].\n", ret, strerror(ret)); <-- goto fail; }