Bug ID 1496837: User-manager's ConfD socket getting closed.

Last Modified: Oct 21, 2024

Affected Product(s):
F5OS F5OS-A, F5OS-C(all modules)

Known Affected Versions:
F5OS-A 1.5.1

Fixed In:
F5OS-A 1.8.0, F5OS-A 1.5.2

Opened: Jan 29, 2024

Severity: 1-Blocking

Symptoms

After repeating the change of network type and device reboot, the device goes into a state where the user-manager is not interacting with ConfD.

Impact

Any ConfD configuration change that goes through user-manager fails. This includes any of the user’s password changes, or remote GID changes.

Conditions

- Change remote GID role and check '/etc/gid-map.txt' file if the value is reflected. - Switch network type and reboot the device. Repeat the above process until '/etc/gid-map.txt' file is not been updated correctly.

Workaround

Rebooting the system will get the correct GID value from the ConfD and update the '/etc/gid-map.txt' file.

Fix Information

The user-manager has no reason to use NSS to lookup any PW/group info, as it deals exclusively with the local user database. Additionally, there is a ZMQ service that belongs in authentication-mgr (which understands remote authentication) that is in the user-manager container. It forces user-manager to use an ‘/etc/resolv.conf’ that can reference remote sources. If the user-manager trips over a lookup that goes to LDAP (usually a local-db miss), it can be very slow and time out. The ConfD->user-manager channel is sensitive of slow responses, and shuts down subscriber/callpoint handler/daemon that takes over 15 to 30 seconds to respond. When this happens, the user-manager is going to see an EOF on its ConfD sockets. This fix forces the user-manager to only lookup on local databases.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips