Portal:Cloud VPS/Admin/Runbooks/Refresh sssd caches

The procedures in this runbook require root (sudo) permissions to complete.

How to clear sssd caches (hosts, groups, etc).

Overview

If DNS or LDAP change needs a quick update on a Cloud VPS VM that runs sssd, sometimes waiting for the cache to expire is not something you want to do for whatever reason. This applies if the host is not running the nscd or a similar OTHER cache for this kind of information. If you are running nscd, you'll have to clear that instead and/or as well (eg. nscd -i hosts). Anyone operating a Cloud VPS instance with sudo permissions can accomplish this.

Fixing

Make sure the Debian package sssd-tools is installed. If it is not installed on this VM, run sudo apt-get install sssd-tools Requires root/sudo permissions
Run sudo -i sss_cache -E to invalidate all caches. Requires root/sudo permissions

The programmatic cache purge does not always work -- in extreme cases you might also need to actively delete the cache files:

$ sudo systemctl stop sssd
$ sudo rm -rf /var/lib/sss/db/*
$ sudo systemctl restart sssd

Communication and support

Support and administration of the WMCS resources is provided by the Wikimedia Foundation Cloud Services team and Wikimedia movement volunteers. Please reach out with questions and join the conversation:

Discuss and receive general support

Chat in real time in the IRC channel #wikimedia-cloud ^connect or the bridged Telegram group
Discuss via email after you have subscribed to the cloud@ mailing list

Stay aware of critical changes and plans

Subscribe to the cloud-announce@ mailing list (all messages are also mirrored to the cloud@ list)
Read the News wiki page

Track work tasks and report bugs

Use a subproject of the #Cloud-Services Phabricator project to track confirmed bug reports and feature requests about the Cloud Services infrastructure itself

Read stories and WMCS blog posts

Read the Cloud Services Blog (for the broader Wikimedia movement, see the Wikimedia Technical Blog)