[CentOS] CentOS Stream 8 sssd.service failing part of sssd-common-2.8.1-1.el8.x86_64 baseos package

Tue Jan 3 12:41:57 UTC 2023
Simon Matter <simon.matter at invoca.ch>

> On 1/3/23 05:17, Orion Poplawski wrote:
>> On 12/30/22 04:06, Jelle de Jong wrote:
>>> On 12/27/22 22:55, Gordon Messmer wrote:
>>>> On 2022-12-25 07:44, Jelle de Jong wrote:
>>>>> A recent update of the sssd-common-2.8.1-1.el8.x86_64 package is
>>>>> causing sssd.service systemctl failures all over my CentosOS
>>>>> machines.
>>>> ...
>>>>> [sssd] [confdb_expand_app_domains] (0x0010): No domains configured,
>>>>> fatal error!
>>>> Were you previously using sssd?  Or is the problem merely that it is
>>>> now reporting an error starting a service that you don't use?
>>>> Are there any files in /etc/sssd/conf.d, or does /etc/sssd/sssd.conf
>>>> exist?  If so, what are the contents of those files?
>>>> What are the contents of /usr/lib/systemd/system/sssd.service?
>>>> If you run "journalctl -u sssd.service", are there any log entries
>>>> older than the package update?
>>> I got a monitoring system for failing services and I sudenly started
>>> getting dozens of notifications for all my CentOS systems that sssd
>>> was failing. This is after the sssd package updates, causing this
>>> regression. SSSD services where not really in use but some of the
>>> common libraries are used.
>>> # systemctl status sssd
>>> ● sssd.service - System Security Services Daemon
>>>     Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled;
>>> vendor preset: enabled)
>>>     Active: failed (Result: exit-code) since Sat 2022-12-24 06:14:10
>>> UTC; 6 days ago
>>> Condition: start condition failed at Fri 2022-12-30 11:02:01 UTC; 4s
>>> ago
>>>             ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met
>>>             └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met
>>>   Main PID: 3953157 (code=exited, status=4)
>>> Warning: Journal has been rotated since unit was started. Log output
>>> is incomplete or unavailable.
>>> # ls -halZ /etc/sssd/sssd.conf
>>> ls: cannot access '/etc/sssd/sssd.conf': No such file or directory
>> Looks like you need to figure out what happened to your
>> /etc/sssd/sssd.conf file.  FWIW - I've updated my one CS8 machine to
>> 2.8.1-1 and it seems to be fine.
> I did not do anything specific to the configuration file. I tried to
> reinstall the new sssd-common pacakge, but it will not install the
> /etc/sssd/sssd.conf file. I can not remove the package because it will
> remove a lot of packages that I do need. I still think something is
> wrong with the new sssd packages..
> [root at nginx01 ~]# rpm -qplc sssd-common-2.8.1-1.el8.x86_64.rpm
> /etc/logrotate.d/sssd
> /etc/pam.d/sssd-shadowutils
> /etc/rwtab.d/sssd
> /etc/sssd/sssd.conf

Most likely the file /etc/sssd/sssd.conf is a ghost file and therefore
it's not installed but only recognized as being part of the package.