#2269 [RFE] SSSD configuration file test tool (sssd_check)
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1072458

Description of problem:

The sssd.conf file has many parameters and options but no clean, efficient way
to check the file for correctness - typos, incorrect parameter contexts,
leading spaces, etc. Some checking is done when sssd is started but if problems
are encountered, the usual result is sssd fails to start and any warnings,
errors are logged but not always useful.

Having a stand-alone utility "sssd_check" (similar to the testparm tool
included with Samba) has the potential to save much troubleshooting time for
all. This makes good business sense given the fact that SSSD is installed by
default on RHEL, and its interest and use continues to grow.


Version-Release number of selected component (if applicable):
RHEL 6.5+, RHEL 7+

How reproducible:
n/a

Steps to Reproduce:
1. n/a
2.
3.

Actual results:
n/a

Expected results:
n/a

Additional info:

From a high level sssd_check could operate (similar to Samba testparm) as
follows:

# sssd_check --help

Usage:  [OPTION...] <config_file>
  -v, --verbose        Show default options
  -l, --skip-logic-checks         Skip the global checks
      --show-all-parameters       Show the parameters, type, possible values
      --parameter-name=STRING     Limit testparm to a named parameter
      --section-name=STRING       Limit testparm to a named section

Help options:
  -?, --help                      Show this help message
      --usage                     Display brief usage message

Common sssd options:
  -V, --version                   Print version

Common sssd debugging:
  -d, --debuglevel=DEBUGLEVEL     Set debug level

Common sssd commandline config:
      --option=name=value         Set sssd.conf option from command line


Notes:
 1. If no config_file is specified then the default /etc/sssd/sssd.conf is used
 2. Comments are stripped out of the output


Using the following file as an example:

[sssd]
config_file_version = 2
debug_level = 0
domains = refarch-ad.cloud.lab.eng.bos.redhat.com
services = nss, pam

# Uncomment/adjust as needed if IMU is not used:
#override_homedir = /home/%d/%u
#default_shell = /bin/bash

[domain/refarch-ad.cloud.lab.eng.bos.redhat.com]
id_provider = ad
access_provider = ad

# Permits offline logins:
# cache_credentials = true

# Use when service discovery not working:
# ad_server = win-srv1.refarch-ad.cloud.lab.eng.bos.redhat.com

# Enables use of POSIX UID's and GID's:
ldap_id_mapping = false

the examples below demonstrate it usage and output.

----------------------------
Example 1 - display version:
----------------------------

# check_sssd --version
Version 1.2.3-456.el6.5

-------------------------------
Example 2 - check on good file:
-------------------------------

# check_sssd
Loading sssd config file from /etc/sssd/sssd.conf
Loaded file OK.
Server role: DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[sssd]
config_file_version = 2
debug_level = 0
domains = refarch-ad.cloud.lab.eng.bos.redhat.com
services = nss, pam

[domain/refarch-ad.cloud.lab.eng.bos.redhat.com]
id_provider = ad
access_provider = ad

ldap_id_mapping = false

---------------------------------------------------------------------
Example 3 - check on non-default file with bad parameter (foo = bar):
---------------------------------------------------------------------

# check_sssd -f  /etc/sssd/sssd.conf.bad
Loading sssd config file from /etc/sssd/sssd.conf.bad
Unknown parameter encountered: "foo"
Ignoring unknown parameter "foo"
Loaded file OK.
Server role: DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[sssd]
config_file_version = 2
debug_level = 0
domains = refarch-ad.cloud.lab.eng.bos.redhat.com
services = nss, pam

[domain/refarch-ad.cloud.lab.eng.bos.redhat.com]
id_provider = ad
access_provider = ad

ldap_id_mapping = false

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
review: True => 0
selected: =>
testsupdated: => 0

Ticket #416 was marked as duplicate of this ticket.

mark: => 0

Ticket #1621 was marked as duplicate of this ticket.

Fields changed

cc: => mzidek@redhat.com
sensitive: => 0

Fields changed

milestone: SSSD 1.14 beta => SSSD 1.14 alpha
owner: somebody => mzidek

I need to release the Alpha tarball today, moving to Beta.

milestone: SSSD 1.14 alpha => SSSD 1.14 beta

The config checks themselves will be part of the beta, but not the tool.

milestone: SSSD 1.14 beta => SSSD 1.14.0

Downstream BZ -> increase in priority.

priority: major => critical

Fields changed

patch: 0 => 1

We decided to not create a separate tool with this functionality, but add it as a new command for the sssctl tool.

master:

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue assigned to mzidek
- Issue set to the milestone: SSSD 1.14.0

3 years ago

since no sssd_check is created, but we plan to update sssctl, I feel it should be closed=>wontfix instead of closed=>fixed.

@amitkumar25nov. It is implemented in sssctl config-check

Metadata Update from @lslebodn:
- Custom field design_review reset
- Custom field mark reset
- Custom field patch adjusted to on (was: 1)
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3311

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata