Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1574778
| Summary: | sssd fails to download known_hosts from freeipa | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | bgstack15 | ||||||||
| Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | ||||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||||
| Severity: | urgent | Docs Contact: | |||||||||
| Priority: | high | ||||||||||
| Version: | 27 | CC: | abokovoy, bgstack15, fidencio, james, jhrozek, lslebodn, mhjacks, mzidek, nalin, pbrezina, rharwood, sbose, ssorce | ||||||||
| Target Milestone: | --- | Keywords: | Regression | ||||||||
| Target Release: | --- | ||||||||||
| Hardware: | x86_64 | ||||||||||
| OS: | Unspecified | ||||||||||
| Whiteboard: | |||||||||||
| Fixed In Version: | sssd-1.16.1-4.fc28 sssd-1.16.1-4.fc27 sssd-1.16.1-4.fc26 | Doc Type: | If docs needed, set a value | ||||||||
| Doc Text: | Story Points: | --- | |||||||||
| Clone Of: | Environment: | ||||||||||
| Last Closed: | 2018-05-09 21:25:41 UTC | Type: | Bug | ||||||||
| Regression: | --- | Mount Type: | --- | ||||||||
| Documentation: | --- | CRM: | |||||||||
| Verified Versions: | Category: | --- | |||||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||||
| Embargoed: | |||||||||||
| Attachments: |
|
||||||||||
Just for the record and without spending any time properly trying to reproduce the issue I wonder whether this is related to https://github.com/SSSD/sssd/commit/0f6b5b02afb35caae774ff4d52854a844d49f52e (In reply to Fabiano Fidêncio from comment #1) > Just for the record and without spending any time properly trying to > reproduce the issue I wonder whether this is related to > https://github.com/SSSD/sssd/commit/0f6b5b02afb35caae774ff4d52854a844d49f52e Ah, no, nevermind. For some reason I got confused with ssh and sudo. I'll setup an environment here and try to reproduce the issue. Meanwhile, would be really nice if the reporter could provide sssd logs with a high enough debug_level set. Please, add debug_level = 9 in both [ssh] and [domain] sections. Also, please, mind to sanitize the logs before uploading it here. (In reply to bgstack15 from comment #0) > Created attachment 1430995 [details] > Lists of upgrades and downgrades that cause and remove the bug > > Description of problem: > After upgrading to sssd 1.16.1-3.fc27 and its dependencies, file > /var/lib/sss/pubconf/known_hosts is empty. The fc27s hosts are joined to a > freeipa 4.5.0 domain. > I'm so sorry for issues. Could you test following scratch build? https://koji.fedoraproject.org/koji/taskinfo?taskID=26762976 (In reply to Lukas Slebodnik from comment #3) > (In reply to bgstack15 from comment #0) > > Created attachment 1430995 [details] > > Lists of upgrades and downgrades that cause and remove the bug > > > > Description of problem: > > After upgrading to sssd 1.16.1-3.fc27 and its dependencies, file > > /var/lib/sss/pubconf/known_hosts is empty. The fc27s hosts are joined to a > > freeipa 4.5.0 domain. > > > > I'm so sorry for issues. > Could you test following scratch build? > > https://koji.fedoraproject.org/koji/taskinfo?taskID=26762976 Lukas, Thanks for jumping in. May I ask what's the patch you're providing? Adding back the needinfo to Lukas according to https://bugzilla.redhat.com/show_bug.cgi?id=1574778#c4 Created attachment 1431273 [details]
sssd.log since restarting daemon with debug_level=9
dns1.ipa.example.com is the openssh target host, as well as the dns provider on the network.
Created attachment 1431274 [details]
sssd_ssh.log
(In reply to Lukas Slebodnik from comment #3) > (In reply to bgstack15 from comment #0) > > Created attachment 1430995 [details] > > Lists of upgrades and downgrades that cause and remove the bug > > > > Description of problem: > > After upgrading to sssd 1.16.1-3.fc27 and its dependencies, file > > /var/lib/sss/pubconf/known_hosts is empty. The fc27s hosts are joined to a > > freeipa 4.5.0 domain. > > > > I'm so sorry for issues. > Could you test following scratch build? > > https://koji.fedoraproject.org/koji/taskinfo?taskID=26762976 I have just tested with the packages from the koji link. I could not figure out a clever way to connect to a dnf repository, so I just downloaded the requisite files manually and used dnf to install them. Running with these packages, my known_hosts populates correctly from ipa! Downgrading: libipa_hbac x86_64 1.16.1-3_bz1574778.fc27 @commandline 86 k libsss_autofs x86_64 1.15.3-5.fc27 fedora 83 k libsss_certmap x86_64 1.15.3-5.fc27 fedora 104 k libsss_idmap x86_64 1.16.1-3_bz1574778.fc27 @commandline 90 k libsss_sudo x86_64 1.15.3-5.fc27 fedora 81 k python3-libipa_hbac x86_64 1.16.1-3_bz1574778.fc27 @commandline 78 k python3-sssdconfig noarch 1.16.1-3_bz1574778.fc27 @commandline 103 k sssd x86_64 1.16.1-3_bz1574778.fc27 @commandline 78 k sssd-ad x86_64 1.16.1-3_bz1574778.fc27 @commandline 208 k sssd-client x86_64 1.16.1-3_bz1574778.fc27 @commandline 146 k sssd-common x86_64 1.16.1-3_bz1574778.fc27 @commandline 1.3 M sssd-common-pac x86_64 1.16.1-3_bz1574778.fc27 @commandline 150 k sssd-ipa x86_64 1.16.1-3_bz1574778.fc27 @commandline 299 k sssd-kcm x86_64 1.16.1-3_bz1574778.fc27 @commandline 196 k sssd-krb5 x86_64 1.16.1-3_bz1574778.fc27 @commandline 119 k sssd-krb5-common x86_64 1.16.1-3_bz1574778.fc27 @commandline 156 k sssd-ldap x86_64 1.16.1-3_bz1574778.fc27 @commandline 171 k sssd-nfs-idmap x86_64 1.15.3-5.fc27 fedora 79 k sssd-proxy x86_64 1.16.1-3_bz1574778.fc27 @commandline 114 k Okay, that's good to know. Lukáš removed Patch0018: 0018-sysdb-custom-completely-replace-old-object-instead-o.patch on his build, which is: https://github.com/SSSD/sssd/commit/cd4590de2a84b8143a6c75b5198f5e1b3c0a6d63 Pavel, would you mind taking a look on this? Last but not least ... Lukáš, nice catch! *** Bug 1575264 has been marked as a duplicate of this bug. *** sssd-1.16.1-4.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-29e4d12fa1 sssd-1.16.1-4.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-900d2b7675 sssd-1.16.1-4.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2018-7efba18539 sssd-1.16.1-4.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-900d2b7675 sssd-1.16.1-4.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-29e4d12fa1 sssd-1.16.1-4.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-7efba18539 sssd-1.16.1-4.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. sssd-1.16.1-4.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. sssd-1.16.1-4.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. Clearing need info. I will work on the original ticket which commit was reverted. |
Created attachment 1430995 [details] Lists of upgrades and downgrades that cause and remove the bug Description of problem: After upgrading to sssd 1.16.1-3.fc27 and its dependencies, file /var/lib/sss/pubconf/known_hosts is empty. The fc27s hosts are joined to a freeipa 4.5.0 domain. Version-Release number of selected component (if applicable): sssd-1.16.1-3.fc27.x86_64 How reproducible: Happens every time sssd is updated to version 1.16.1-3 Steps to Reproduce: 1. Upgrade to sssd-1.16.1-3.fc27.x86_64 and associated packages 2. Try to ssh to another ipa-joined host that has an SSH host key trusted in ipa Actual results: Running "ssh hostname2.ipa.example.com" prompts the user to accept a new SSH host key. Expected results: No prompt about trusting the host ssh key should appear, because the host key is trusted in ipa already. Additional info: Running "dnf downgrade sssd" resumes the normal behavior of receiving the known_hosts from the freeipa domain.