Bug 40371

Summary: server_password_change stuck at restarting nscd
Product: UCS Reporter: Michael Grandjean <grandjean>
Component: GeneralAssignee: Lukas Oyen <oyen>
Status: CLOSED FIXED QA Contact: Arvid Requate <requate>
Severity: normal    
Priority: P5 CC: gohmann, requate
Version: UCS 4.0Flags: oyen: Patch_Available+
Target Milestone: UCS 4.2-2-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?: Yes
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:
Attachments: Move cache invalidation after daemon restart

Description Michael Grandjean univentionstaff 2016-01-05 22:10:39 CET 
root@gydwag-opsi:~# ucr search --brief ^version
version/erratalevel: 342
version/patchlevel: 2
version/releasename: Walle
version/version: 4.0

server/role: memberserver

Installed 3rd party applications: opsi4ucs

> root@gydwag-opsi:~# ps auxf | grep '[n]scd'
> root      9707  0.0  0.0   4188   468 ?        S     2015   0:00                  \_ /bin/sh /usr/lib/univention-server/server_password_change.d/univention-nscd postchange
> root      9708  0.0  0.0   4188  1308 ?        S     2015   0:00                      \_ /bin/sh /etc/init.d/nscd restart
> root      9711  0.0  0.0  10588   768 ?        S     2015   0:00                          \_ /usr/sbin/nscd --invalidate passwd
> root      9895 27.8  4.4 540396 179432 ?       Rsl   2015 15211:18 /usr/sbin/nscd


Last lines of server_password_change.log on that day:

> [...]
> run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-libnss-ldap postchange
> W: failed to convert the username messagebus to the uid
> File: /etc/libnss-ldap.conf
> run-parts: executing /usr/lib/univention-server/server_password_change.d/univention-nscd postchange
> Restarting Name Service Cache Daemon: nscd

Next day:
> Starting server password change (Tue Dec 22 01:02:04 CET 2015)
> No server password change scheduled for today, terminating without a change
Comment 1 Michael Grandjean univentionstaff 2016-01-05 22:13:26 CET 
Workaround: Kill the oldest running nscd process (PID 9895 in the example above). "univention-nscd postchange" will then finish successfully.
Comment 2 Arvid Requate univentionstaff 2016-01-06 21:24:15 CET 
IMHO we definitely should make /etc/init.d/nscd restart more robust against this.

It does  nscd --invalidate $table   and then stop_nscd. It must not hang in the first steps of this, ever. We should assure that it gets restarted reliably.
Comment 3 Michael Grandjean univentionstaff 2016-02-04 20:51:32 CET 
2016012621000729 - same customer, other server
Comment 4 Lukas Oyen univentionstaff 2016-12-13 16:32:45 CET 
Created attachment 8304 [details]
Move cache invalidation after daemon restart
Comment 5 Florian Best univentionstaff 2017-06-28 14:53:01 CEST 
There is a Customer ID set so I set the flag "Enterprise Customer affected".
Comment 6 Lukas Oyen univentionstaff 2017-08-01 17:20:02 CEST 
Committed in r81656 - r81657 (advisory r81658).
Comment 7 Arvid Requate univentionstaff 2017-08-28 19:52:07 CEST 
Ok, works.
Comment 8 Arvid Requate univentionstaff 2017-09-13 16:35:04 CEST 
<http://errata.software-univention.de/ucs/4.2/161.html>