Learn more about these different git repos.
Other Git URLs
Currently NSS responder doesn't clear negative cache as the result of SIGHUP signal sent from 'sss_cache' to sssd.
This renders shadows-utils patch to be not fully functional. E.g. example given in the PR description is NOT fixed: "combination of commands like this: getent passwd user || useradd user; getent passwd user can result in the second getent passwd not finding the newly added user as the racy behaviour might still return the cached negative hit from the first getent passwd."
getent passwd user || useradd user; getent passwd user
getent passwd
Also in the comments to this ticket @sbose wrote: "I wonder if an easy solution might be to completely remove the negative cache e.g. during a clearMemcache SBUS request."
So I think it is a good idea to clear negative cache at the same time as memcache is cleared. @jhrozek agreed but told it would be good to hear other opinions.
Take a note, this issue might be blocked by #3637 as negative cache impl and its API may change as a result.
Metadata Update from @atikhonov: - Issue marked as depending on: #3637
I would see it the other way round. Clearing the negative after SIGHUP would free they stale entries in the negative cache as well. So even this is still only a mitigation, it is better than having to do a full restart.
What I meant: I know Michal is working on a new negative cache implementation (not libtdb based). So, from my point of view, it doesn't worth an effort to figure out how to clear libtdb properly (you wrote earlier it can be tricky).
I would see it the other way round. Clearing the negative after SIGHUP would free they stale entries in the negative cache as well. So even this is still only a mitigation, it is better than having to do a full restart. What I meant: I know Michal is working on a new negative cache implementation (not libtdb based). So, from my point of view, it doesn't worth an effort to figure out how to clear libtdb properly (you wrote earlier it can be tricky).
Hi,
you should check with @mzidek about his plans.
About the tricky part, the memory used by the in-memory tdb is not freed if individual entries are removed so you have to close and open the tbd to get back the memory. Now you should not forget to add the permanent entries again, but calling sss_ncache_reset_repopulate_permanent() should be sufficient here.
HTH
bye, Sumit
Metadata Update from @pbrezina: - Issue tagged with: Future milestone
Hm, at the very least we should not clear permanent entries in negative cache (see https://bugzilla.redhat.com/show_bug.cgi?id=1824323)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4973
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.