Closed swallace21 closed 6 years ago
aukspriv and auksdrenewer are running good
Seems like an error while reading the 'auksd' section of the config file. It should not segv for that but it should be the origin of the issue. Please give the invalid conf if possible to understand the segv.
Le lun. 13 août 2018 à 16:20, Shaun Wallace notifications@github.com a écrit :
aukspriv and auksdrenewer are running good
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hautreux/auks/issues/25#issuecomment-412534905, or mute the thread https://github.com/notifications/unsubscribe-auth/AA2ppy3apDCm23SKVMW4uigb9JYTV9QMks5uQYtIgaJpZM4V6mIJ .
Using gdb to debug:
(gdb) run
Starting program: /sbin/auksd
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bc79d4 in config_GetNbBlocks () from /lib64/libauksapi.so.0
Missing separate debuginfos, use: debuginfo-install glibc-2.17-222.el7.x86_64 keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-19.el7.x86_64 libcom_err-1.42.9-12.el7_5.x86_64 libselinux-2.5-12.el7.x86_64 pcre-8.32-17.el7.x86_64
auks.conf file: real@REALM <- removed the url for our realm for security reasons. It is included in the actual conf file
#------------------------------------------------------------------------------
# auks client and server configuration file
#------------------------------------------------------------------------------
#-
# Common client/server elements
#-
common {
# Primary daemon configuration
PrimaryHost = "auks" ;
#PrimaryAddress = "" ;
PrimaryPort = 12345 ;
PrimaryPrincipal = "host/auks.real@REALM" ;
# Secondary daemon configuration
SecondaryHost = "auks2" ;
#SecondaryAddress = "" ;
SecondaryPort = "12345" ;
SecondaryPrincipal = "host/auks2." ;
# Enable/Disable NAT traversal support (yes/no)
# this value must be the same on every nodes
NAT = no ;
# max connection retries number
Retries = 3 ;
# connection timeout
Timeout = 10 ;
# delay in seconds between retries
Delay = 3 ;
}
#-
# API only elements
#-
api {
# log file and level
LogFile = "/tmp/auksapi.log" ;
LogLevel = "0" ;
# optional debug file and level
DebugFile = "/tmp/auksapi.log" ;
DebugLevel = "0" ;
}
#-
# Auks daemon only elements
#-
auksd {
# Primary daemon configuration
PrimaryKeytab = "/etc/krb5.keytab" ;
# Secondary daemon configuration
SecondaryKeytab = "/etc/krb5.keytab" ;
# log file and level
LogFile = "/var/log/auksd.log" ;
LogLevel = "1" ;
# optional debug file and level
DebugFile = "/var/log/auksd.log" ;
DebugLevel = "0" ;
# directory in which daemons store the creds
CacheDir = "/var/cache/auks" ;
# ACL file for cred repo access authorization rules
ACLFile = "/etc/auks/auksd.acl" ;
# default size of incoming requests queue
# it grows up dynamically
QueueSize = 50 ;
# default repository size (number fo creds)
# it grows up dynamicaly
RepoSize = 500 ;
# number of workers for incoming request processing
Workers = 10 ;
# delay in seconds between 2 repository clean stages
CleanDelay = 300 ;
# use kerberos replay cache system (slow down)
ReplayCache = yes ;
}
#-
# Auksd renewer only elements
#-
renewer {
# log file and level
LogFile = "/var/log/auksdrenewer.log" ;
LogLevel = "1" ;
# optional debug file and level
DebugFile = "/var/log/auksdrenewer.log" ;
DebugLevel = "0" ;
# delay between two renew loops
Delay = "60" ;
# Min Lifetime for credentials to be renewed
# This value is also used as the grace trigger to renew creds
MinLifeTime = "600" ;
}
Here is the backtrace from gdb:
(gdb) bt
#0 0x00007ffff7bc79d4 in config_GetNbBlocks () from /lib64/libauksapi.so.0
#1 0x00007ffff7bc14be in auks_acl_init_from_config_file () from /lib64/libauksapi.so.0
#2 0x00007ffff7bc295b in auksd_engine_init () from /lib64/libauksapi.so.0
#3 0x00007ffff7bc3cf6 in auksd_engine_init_from_config_file () from /lib64/libauksapi.so.0
#4 0x0000000000402d66 in main ()
In addition, running journalctl -xe
Aug 13 13:17:51 some.name kernel: auksd[1702]: segfault at 408 ip 00007f23a29bf9d4 sp 00007ffc7a589e20 error 4 in libauksapi.so.0.0.1[7f23a29ac000
Aug 13 13:18:35 some.name auksdrenewer[1682]: Mon Aug 13 13:18:35 2018 [INFO1] [euid=0,pid=1682] renewer: unable to dump auksd creds : auks api :
FIXED:
It was the 'auksd' section of the auks.conf file. It was referencing auksd.acl
Fix was to rename, auks.acl to auksd.acl. auksd.acl is what is referenced in the source code.
Receiving a segmentation fault error on CentOS 7 for auksd. Has anyone encountered something similar using AUKS?