Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-10039

sssd-be tends to run out of system resources, hitting the maximum number of open files

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • rhel-8.9.0
    • rhel-8.7.0
    • sssd
    • sssd-2.9.1-1.el8
    • None
    • Moderate
    • ZStream
    • rhel-sst-idm-sssd
    • 0
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • If docs needed, set a value
    • None

      Description of problem:

      sssd-be tends to run out of system resources, hitting the maximum number of open files

      (2023-05-04 9:26:39): [be[redhat.com]] [get_active_uid_linux] (0x4000): RID#148299 get_uid_from_pid() failed.
      (2023-05-04 9:26:39): [be[redhat.com]] [get_uid_from_pid] (0x0020): RID#148299 open failed [/proc/4075832/status][24][Too many open files].
      ….
      (2023-05-04 9:26:39): [be[redhat.com]] [be_resolve_server_process] (0x0200): RID#148299 Found address for server idm03.redhat.com: [10.x.x.x] TTL 1200
      (2023-05-04 9:26:39): [be[redhat.com]] [sdap_kinit_kdc_resolved] (0x1000): RID#148299 KDC resolved, attempting to get TGT...
      (2023-05-04 9:26:39): [be[redhat.com]] [create_tgt_req_send_buffer] (0x0400): RID#148299 buffer size: 86
      (2023-05-04 9:26:39): [be[redhat.com]] [sdap_fork_child] (0x0020): RID#148299 pipe(from) failed [24][Too many open files].
      (2023-05-04 9:26:39): [be[redhat.com]] [sdap_get_tgt_send] (0x0020): RID#148299 sdap_fork_child failed.
      (2023-05-04 9:26:39): [be[redhat.com]] [sdap_kinit_done] (0x0020): RID#148299 child failed (24 [Too many open files])
      (2023-05-04 9:26:39): [be[redhat.com]] [sdap_cli_kinit_done] (0x0400): RID#148299 Cannot get a TGT: ret [24](Too many open files)
      (2023-05-04 9:26:39): [be[redhat.com]] [sdap_cli_connect_recv] (0x0040): RID#148299 Unable to establish connection [13]: Permission denied
      $ cat etc/sssd/sssd.conf
      [domain/redhat.com]

      id_provider = ipa
      dns_discovery_domain = redhat.com
      default_shell = /bin/bash
      override_shell = /bin/bash
      ipa_server = srv, xxx.redhat.com
      ipa_domain = redhat.com
      ipa_hostname = xxx.redhat.com
      auth_provider = ipa
      chpass_provider = ipa
      access_provider = ipa
      cache_credentials = True
      ldap_tls_cacert = /etc/ipa/ca.crt
      krb5_store_password_if_offline = True
      debug_level = 9
      [sssd]
      services = nss, pam, ssh, sudo
      enable_files_domain=false

      domains = redhat.com
      default_domain_suffix = xxx.local
      full_name_format = %1$s
      debug_level = 9
      [nss]
      homedir_substring = /home
      debug_level = 9
      [pam]
      debug_level = 9

      $ cat lsof |grep sssd|wc -l
      1954

      WORKAROUND: Restart sssd service.

      Version-Release number of selected component (if applicable):

      sssd-2.7.3-4.el8_7.3.x86_64

      How reproducible:

      Steps to Reproduce:
      1.
      2.
      3.

      Actual results:

      Expected results:

      Additional info:

      https://github.com/SSSD/sssd/blob/cd843dafe63589d0a77145445c454f6fc19dabae/src/providers/ldap/sdap_child_helpers.c#L86

      ret = pipe(pipefd_to_child);
      if (ret == -1)

      { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "pipe(to) failed [%d][%s].\n", ret, strerror(ret)); <-- goto fail; }

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-abroy Abhijit Roy
              RH Bugzilla Integration RH Bugzilla Integration
              SSSD QE SSSD QE
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: