SYSTEMD: Add "After=sssd.service" to the responders' sockets units

While debugging the whole breakage reported by Stric I've noticed that
the NSS socket has been starting up the NSS responder _before_ SSSD
being up. As libc does initgroups on pretty much any account and
initgroups checks all NSS modules in order to be precise, the nss_sss
triggers the NSS responder which would try talking to the data providers
which are not up uet (because SSSD is not up yet), causing the whole
process to hang until libc gives up (causing a timeout on services like
systemd-logind and on services depending on this one).

By adding this ordering explicitly we can avoid the reported situation.
Also, it has been recommend by Lukáš Nykrýn that "BindsTo", which is
used to tie up two services, and After must be used together in order to
avoid undefined/unexpected behavior (although it's still not mentioned
in the systemd documentation).

Related:
https://pagure.io/SSSD/sssd/issue/3298

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

7 files changed, 7 insertions, 0 deletions

diff --git a/src/sysv/systemd/sssd-autofs.socket.in b/src/sysv/systemd/sssd-autofs.socket.in
index 8e0e882aa..1665ed22c 100644
--- a/src/sysv/systemd/sssd-autofs.socket.in
+++ b/src/sysv/systemd/sssd-autofs.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD AutoFS Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-nss.socket.in b/src/sysv/systemd/sssd-nss.socket.in
index 530fa0c48..8228647df 100644
--- a/src/sysv/systemd/sssd-nss.socket.in
+++ b/src/sysv/systemd/sssd-nss.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD NSS Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-pac.socket.in b/src/sysv/systemd/sssd-pac.socket.in
index cb1bd68fa..e17879aa6 100644
--- a/src/sysv/systemd/sssd-pac.socket.in
+++ b/src/sysv/systemd/sssd-pac.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD PAC Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-pam-priv.socket.in b/src/sysv/systemd/sssd-pam-priv.socket.in
index 84b8caa04..d06fbc3b3 100644
--- a/src/sysv/systemd/sssd-pam-priv.socket.in
+++ b/src/sysv/systemd/sssd-pam-priv.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD PAM Service responder private socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam.socket
 
diff --git a/src/sysv/systemd/sssd-pam.socket.in b/src/sysv/systemd/sssd-pam.socket.in
index 9554785ca..cc731599d 100644
--- a/src/sysv/systemd/sssd-pam.socket.in
+++ b/src/sysv/systemd/sssd-pam.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD PAM Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 BindsTo=sssd-pam-priv.socket
 
diff --git a/src/sysv/systemd/sssd-ssh.socket.in b/src/sysv/systemd/sssd-ssh.socket.in
index b13c87c0b..3b8f65bc6 100644
--- a/src/sysv/systemd/sssd-ssh.socket.in
+++ b/src/sysv/systemd/sssd-ssh.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD SSH Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]
diff --git a/src/sysv/systemd/sssd-sudo.socket.in b/src/sysv/systemd/sssd-sudo.socket.in
index 0b6c0d9c1..346df6e47 100644
--- a/src/sysv/systemd/sssd-sudo.socket.in
+++ b/src/sysv/systemd/sssd-sudo.socket.in
@@ -1,6 +1,7 @@
 [Unit]
 Description=SSSD Sudo Service responder socket
 Documentation=man:sssd.conf(5)
+After=sssd.service
 BindsTo=sssd.service
 
 [Socket]