[Pkg-sssd-devel] Bug#892315: sssd: secrets service does not work due to lack of /var/lib/sss/secrets
Andreas Hasenack
andreas at canonical.com
Thu Mar 8 08:04:30 UTC 2018
Package: sssd
Version: 1.16.0-5
Severity: normal
Dear Maintainer,
The (socket activated) secrets service doesn't work because it can't
create a secrets database due to the lack of the /var/lib/sss/secrets
directory.
Right after installation, if you try to access it like this for example:
$ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>500 Internal Server Error</title></head>
<body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error.</p>
/var/log/syslog log shows:
Mar 8 07:38:58 sid-sssd sssd_secrets[6272]: ltdb: tdb(/var/lib/sss/secrets/secrets.ldb): tdb_open_ex: could not open file /var/lib/sss/secrets/secrets.ldb: No such file or directory
Mar 8 07:38:58 sid-sssd sssd_secrets[6272]: Unable to open tdb '/var/lib/sss/secrets/secrets.ldb': No such file or directory
Mar 8 07:38:58 sid-sssd sssd_secrets[6272]: Failed to connect to '/var/lib/sss/secrets/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/lib/sss/secrets/secrets.ldb': No such file or directory
Once that directory is created, the service works:
# mkdir -m 0700 /var/lib/sss/secrets
$ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>404 Not Found</title></head>
<body>
<h1>Not Found</h1>
<p>The requested resource was not found.</p>
And you can create secrets:
$ curl -H "Content-Type: application/json" --unix-socket /var/run/secrets.socket -XPUT http://localhost/secrets/foo -d'{"type":"simple","value":"foosecret"}'
<html>
<head>
<title>200 OK</title></head>
<body>
<h1>OK</h1>
<p>Success</p>
root at sid-sssd:~# ls -lah /var/lib/sss/secrets/
total 5.5K
drwx------ 2 root root 4 Mar 8 08:02 .
drwxr-xr-x 9 root root 9 Mar 8 08:02 ..
-rw------- 1 root root 32 Mar 8 08:02 .secrets.mkey
-rw------- 1 root root 1.3M Mar 8 08:03 secrets.ldb
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-36-generic (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sssd depends on:
ii python3-sss 1.16.0-5
ii sssd-ad 1.16.0-5
ii sssd-common 1.16.0-5
ii sssd-ipa 1.16.0-5
ii sssd-krb5 1.16.0-5
ii sssd-ldap 1.16.0-5
ii sssd-proxy 1.16.0-5
sssd recommends no packages.
sssd suggests no packages.
-- no debconf information
More information about the Pkg-sssd-devel
mailing list