autofs-5.1.2 - add sss master map wait config option From: Ian Kent When sssd is starting up it can sometimes return "no such entry" for a short time until it has read in the LDAP map information. This affects reading the master map at autofs startup and results in no automount mounts if sssd is the primary map source. This problem should be resolved in sssd but it's a problem for the moment so a configuration option, sss_master_map_wait, has been added to work around it. The internal program default is 0, don't wait. If the work around is needed try setting this to 10 seconds to work around it. Signed-off-by: Ian Kent --- CHANGELOG | 1 + include/defaults.h | 3 +++ lib/defaults.c | 18 ++++++++++++++++++ man/autofs.conf.5.in | 7 +++++++ modules/lookup_sss.c | 7 ++++--- redhat/autofs.conf.default.in | 10 ++++++++++ samples/autofs.conf.default.in | 10 ++++++++++ 7 files changed, 53 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5a808e8..e9c31b4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -25,6 +25,7 @@ xx/xx/2016 autofs-5.1.3 - wait for master map available at start. - add master read wait option. - work around sss startup delay. +- add sss master map wait config option. 15/06/2016 autofs-5.1.2 ======================= diff --git a/include/defaults.h b/include/defaults.h index 80db18d..1dea48c 100644 --- a/include/defaults.h +++ b/include/defaults.h @@ -51,6 +51,8 @@ #define DEFAULT_USE_HOSTNAME_FOR_MOUNTS "0" #define DEFAULT_DISABLE_NOT_FOUND_MESSAGE "0" +#define DEFAULT_SSS_MASTER_MAP_WAIT "0" + /* Config entry flags */ #define CONF_NONE 0x00000000 #define CONF_ENV 0x00000001 @@ -169,6 +171,7 @@ const char *defaults_get_auth_conf_file(void); unsigned int defaults_get_map_hash_table_size(void); unsigned int defaults_use_hostname_for_mounts(void); unsigned int defaults_disable_not_found_message(void); +unsigned int defaults_get_sss_master_map_wait(void); unsigned int conf_amd_mount_section_exists(const char *); char *conf_amd_get_arch(void); diff --git a/lib/defaults.c b/lib/defaults.c index 5fa4a2b..3ac231b 100644 --- a/lib/defaults.c +++ b/lib/defaults.c @@ -77,6 +77,8 @@ #define NAME_USE_HOSTNAME_FOR_MOUNTS "use_hostname_for_mounts" #define NAME_DISABLE_NOT_FOUND_MESSAGE "disable_not_found_message" +#define NAME_SSS_MASTER_MAP_WAIT "sss_master_map_wait" + #define NAME_AMD_ARCH "arch" #define NAME_AMD_AUTO_ATTRCACHE "auto_attrcache" #define NAME_AMD_AUTO_DIR "auto_dir" @@ -354,6 +356,11 @@ static int conf_load_autofs_defaults(void) if (ret == CFG_FAIL) goto error; + ret = conf_update(sec, NAME_SSS_MASTER_MAP_WAIT, + DEFAULT_SSS_MASTER_MAP_WAIT, CONF_ENV); + if (ret == CFG_FAIL) + goto error; + /* LDAP_URI and SEARCH_BASE can occur multiple times */ while ((co = conf_lookup(sec, NAME_LDAP_URI))) conf_delete(co->section, co->name); @@ -1753,6 +1760,17 @@ unsigned int defaults_disable_not_found_message(void) return res; } +unsigned int defaults_get_sss_master_map_wait(void) +{ + int res; + + res = conf_get_yesno(autofs_gbl_sec, NAME_SSS_MASTER_MAP_WAIT); + if (res < 0) + res = atoi(DEFAULT_SSS_MASTER_MAP_WAIT); + + return res; +} + unsigned int conf_amd_mount_section_exists(const char *section) { return conf_section_exists(section); diff --git a/man/autofs.conf.5.in b/man/autofs.conf.5.in index 466db10..93ff7af 100644 --- a/man/autofs.conf.5.in +++ b/man/autofs.conf.5.in @@ -141,6 +141,13 @@ The original request to add this log message needed it to be unconditional. That produces, IMHO, unnecessary noise in the log so a configuration option has been added to provide the ability to turn it off. The default is "no" to maintain the current behaviour. +.TP +.B sss_master_map_wait +.br +Set the time to wait and retry if sssd returns "no such entry" when starting +up. When sssd is starting up it can sometimes return "no such entry" for a +short time until it has read in the LDAP map information. Default is 0 seconds, +don't wait. .SS LDAP Configuration .P Configuration settings available are: diff --git a/modules/lookup_sss.c b/modules/lookup_sss.c index 702e7b5..ce4d0ed 100644 --- a/modules/lookup_sss.c +++ b/modules/lookup_sss.c @@ -32,8 +32,6 @@ /* Half a second between retries */ #define SETAUTOMOUNTENT_MASTER_INTERVAL 500000000 -/* Try for 10 seconds */ -#define SETAUTOMOUNTENT_MASTER_RETRIES 10 * 2 #define MODPREFIX "lookup(sss): " @@ -304,7 +302,10 @@ int lookup_read_master(struct master *master, time_t age, void *context) if (ret != ENOENT) return NSS_STATUS_UNAVAIL; - retries = SETAUTOMOUNTENT_MASTER_RETRIES; + retries = defaults_get_sss_master_map_wait() * 2; + if (retries <= 0) + return NSS_STATUS_NOTFOUND; + ret = setautomntent_wait(logopt, ctxt, ctxt->mapname, &sss_ctxt, retries); diff --git a/redhat/autofs.conf.default.in b/redhat/autofs.conf.default.in index 2fa8a4c..9bceab3 100644 --- a/redhat/autofs.conf.default.in +++ b/redhat/autofs.conf.default.in @@ -166,6 +166,16 @@ mount_nfs_default_protocol = 4 # #disable_not_found_message = "no" # +# sss_master_map_wait - When sssd is starting up it can sometimes return +# "no such entry" for a short time until it has read +# in the LDAP map information. Internal default is 0 +# seconds, don't wait but if there is a problem with +# autofs not finding the master map at startup (when +# it should) then try setting this to 10 to work +# around it. +# +#sss_master_map_wait = 0 +# # Otions for the amd parser within autofs. # # amd configuration options that are aren't used, haven't been diff --git a/samples/autofs.conf.default.in b/samples/autofs.conf.default.in index 77c5999..a275e08 100644 --- a/samples/autofs.conf.default.in +++ b/samples/autofs.conf.default.in @@ -165,6 +165,16 @@ browse_mode = no # #disable_not_found_message = "no" # +# sss_master_map_wait - When sssd is starting up it can sometimes return +# "no such entry" for a short time until it has read +# in the LDAP map information. Internal default is 0 +# seconds, don't wait but if there is a problem with +# autofs not finding the master map at startup (when +# it should) then try setting this to 10 to work +# around it. +# +#sss_master_map_wait = 0 +# # Otions for the amd parser within autofs. # # amd configuration options that are aren't used, haven't been