Il sintomo è che il sistema non consente la gestione degli utenti (creazione, modifica...) e nel messages viene loggato il messaggio:
Dec 15 09:28:26 mail esmith::event[21865]: Event: user-create pietro Pietro Gambadilegno /usr/libexec/openssh/sftp-server Dec 15 09:28:27 mail esmith::event[21865]: Failed to get machine PTY: No such file or directory Dec 15 09:28:27 mail esmith::event[21865]: [ERROR] User pietro creation failed
Sembra che questo problema, legato all'allocazione di terminali (PTY) da parte di systemd affligga gli utenti esperti che si collegano in SSH e dimenticano sessioni aperte in giro (capita): è opportuno ricordarsi di chiudere tutte le sessioni che si ha attivato durante una sessione di supporto!
Altro sintomo del problema è il fallimento del backup della configurazione con errori come questo:
Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/share.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/secrets.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/hklm.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/privilege.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/idmap.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb.d/metadata.tdb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb.d/DC=AD,DC=REA,DC=IT.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=AD,DC=REA,DC=IT.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb.d/CN=SCHEMA,CN=CONFIGURATION,DC=AD,DC=REA,DC=IT.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=AD,DC=REA,DC=IT.ldb! Dec 15 15:47:13 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/sam.ldb.d/DC=FORESTDNSZONES,DC=AD,DC=REA,DC=IT.ldb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/secrets.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/schannel_store.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/private/netlogon_creds_cli.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/account_policy.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/registry.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/share_info.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Error while backing up /var/lib/machines/nsdc/var/lib/samba/winbindd_cache.tdb! Dec 15 15:47:14 nethservice esmith::event[19732]: Action: /etc/e-smith/events/pre-backup-config/S40nethserver-dc-pre-backup FAILED: 1 [0.247799]
Come ulteriore conferma si può provare ad accedere alla shell del container:
systemd-run -M nsdc -t bash
probabilmente si riceverà in risposta dal sistema:
Failed to get machine PTY: No such file or directory
Il workaround è il seguente:
1) Verificare le sessioni aperte (in particolare di root)
~]# loginctl SESSION UID USER SEAT c43 147211012 pippo@disney.org c42 147211114 pluto@disney.org 24255 0 root 4189 0 root c38 147211082 topolino@disney.org c36 147211114 etabeta@disney.org 24237 0 root
~]# systemctl status │ └─user-0.slice │ ├─session-24267.scope │ │ ├─22589 /usr/sbin/CROND -n │ │ ├─22603 /usr/bin/flock -n -E 0 /var/lib/getmail/info@disney.org.cfg -c /usr/bin/getmail --getmaildir /var/lib/getmail/ --rcfile /var/lib/getmail/info@disney.org.cfg --quiet │ │ ├─22619 /usr/bin/python /usr/bin/getmail --getmaildir /var/lib/getmail/ --rcfile /var/lib/getmail/info@disney.org.cfg --quiet │ │ └─22654 /usr/bin/spamc -E -s 250000 │ ├─session-24255.scope │ │ ├─22554 sshd: root@pts/3 │ │ ├─22556 -bash │ │ ├─22665 systemctl status │ │ └─22666 less │ ├─session-24237.scope │ │ ├─22244 sshd: root@pts/2 │ │ └─22248 -bash │ └─session-4189.scope │ └─17088 tail -f /var/log/asterisk/nethcti.log
Evidentemente è rimasta aperta la sessione root col processo:
~]# loginctl session-status 4189 4189 - root (0) Since: Thu 2017-12-14 14:38:46 CET; 3 days ago Leader: 15216 Remote: nethsecurity.nethesis.it Service: sshd; type tty; class user State: closing Unit: session-4189.scope └─17088 tail -f /var/log/asterisk/nethcti.log
2) Killare tutte le sessioni di root (ammesso che sia safe, come in questo caso)
~]# loginctl terminate-user root (disconnesso)
oppure killare la specifica sessione:
~]# loginctl kill-session 4189
3) Ricollegarsi e verificare che il fix abbia funzionato collegandosi al container:
~]# systemd-run -M nsdc -t /bin/bash Running as unit run-1183.service. Press ^] three times within 1s to disconnect TTY.
La gestione degli utenti dovrebbe essere ora funzionante.