rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS

Bug #1616123 reported by Jochen
44
This bug affects 7 people
Affects Status Importance Assigned to Milestone
nfs-utils (Debian)
Fix Released
Unknown
nfs-utils (Ubuntu)
Fix Released
High
Andreas Hasenack
Xenial
Fix Released
Undecided
Andreas Hasenack
Bionic
Fix Released
Undecided
Andreas Hasenack
Cosmic
Fix Released
Undecided
Andreas Hasenack

Bug Description

[Impact]
Command line options set for rpc.svcgssd in the /etc/default/nfs-kernel-server file are not passed on to the service, being ignored.

[Test Case]
* In a VM (LXD won't work), install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm, and "localhost" for the servers, when prompted:
sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server

* create the EXAMPLE.LOCAL realm. Use any password you want for the database master key, it won't be requested again:
sudo krb5_newrealm

* create a principal for the nfs service:
sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)"

* extract the key into the system wide keytab:
sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)"

* edit /etc/default/nfs-common and enable gssd:
NEED_GSSD=y

* edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS:
RPCSVCGSSDOPTS="-v"

* restart nfs-server
sudo systemctl restart nfs-server

* on xenial, you also have to restart nfs-config:
sudo systemctl restart nfs-config

* verify if /run/sysconfig/nfs-utils has the option we added above:
$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"

* Verify the running rpc.gssd process. Without the fix, it won't have the "-v" option:
ps axw|grep svcgssd|grep -v grep
 4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd

With the fix, right after installing the udpated packages, the option we added to /etc/default/nfs-kernel-server will show up:
ps axw|grep svcgssd|grep -v grep
 5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v

[Regression Potential]
This is an old bug and whoever was affected by it probably worked around the problem by now. I tried to cope with one such scenario by not just renaming the variable we export, but exporting the correct one in addition to the old incorrect one, but that's it. I hope this, and the explanation added to the shell script wrapper nfs-utils.sh, is enough to help people with corner cases.
idance to testers in regression-testing the SRU.

[Other Info]
This patch was accepted in debian: https://salsa.debian.org/debian/nfs-utils/merge_requests/2

[Original Description]
In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd:

# Options for rpc.svcgssd.
RPCSVCGSSDOPTS="-n"

But the variable is named incorrectly in /lib/systemd/system/rpc-svcgssd.service:

ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS

Related branches

Revision history for this message
Jochen (jradmacher) wrote :
affects: xubuntu-meta (Ubuntu) → nfs-utils (Ubuntu)
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "patch for rpc-svcgssd.service" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Jochen (jradmacher)
tags: added: nfs xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nfs-utils (Ubuntu):
status: New → Confirmed
tags: added: server-next
Changed in nfs-utils (Ubuntu):
importance: Undecided → High
Changed in nfs-utils (Ubuntu Xenial):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in nfs-utils (Ubuntu Bionic):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in nfs-utils (Ubuntu Cosmic):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in nfs-utils (Ubuntu):
assignee: nobody → Andreas Hasenack (ahasenack)
Changed in nfs-utils (Debian):
importance: Undecided → Unknown
status: New → Unknown
Changed in nfs-utils (Debian):
status: Unknown → New
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

I still plan to work on this, just didn't get to it yet.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Now that disco is in feature freeze, I hope to get to it as this is a bugfix.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in nfs-utils (Ubuntu Bionic):
status: New → Confirmed
Changed in nfs-utils (Ubuntu Cosmic):
status: New → Confirmed
Changed in nfs-utils (Ubuntu Xenial):
status: New → Confirmed
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Ok, this is the path the variable takes:

/etc/default/nfs-kernel-server:
RPCSVCGSSDOPTS

nfs-utils_env.sh: generates the config file sourced by rpc-svcgssd.service:
"export RPCSVCGSSDARGS=$RPCSVCGSSDOPTS" and others into /run/sysconfig/nfs-utils

(note the switch from ...OPTS to ...ARGS)

rpc-svcgssd.service:
sources /run/sysconfig/nfs-utils and runs /usr/sbin/rpc.svcgssd $SVCGSSDARGS

The .service file comes from the upstream tarball, whereas nfs-utils_env.sh comes from debian.

In bug #1614261 a patch was suggested that exports an additional variable:
--- /usr/lib/systemd/scripts/nfs-utils_env.sh 2017-06-08 22:08:18+01 1.1
+++ /usr/lib/systemd/scripts/nfs-utils_env.sh 2017-06-08 22:12:08+01
@@ -12,7 +12,7 @@
 echo RPCNFSDARGS=\"$RPCNFSDOPTS ${RPCNFSDCOUNT:-8}\"
 echo RPCMOUNTDARGS=\"$RPCMOUNTDOPTS\"
 echo STATDARGS=\"$STATDOPTS\"
-echo RPCSVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
+echo SVCGSSDARGS=\"$RPCSVCGSSDOPTS\"
 } > /run/sysconfig/nfs-utils

 # the following are supported by the systemd units, but not exposed in default files

I believe that is the last intrusive change, and we don't have to worry about updating config files that users might have changed.

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Oh, wait, it's replacing the wrong variable. That's also fine :)

Changed in nfs-utils (Ubuntu):
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nfs-utils - 1:1.3.4-2.3ubuntu2

---------------
nfs-utils (1:1.3.4-2.3ubuntu2) disco; urgency=medium

  * d/nfs-utils_env.sh: alongside RPCSVCGSSDARGS, also export SVCGSSDARGS,
    which is the variable name expected by the rpc-svcgssd systemd service.
    (LP: #1616123)

 -- Andreas Hasenack <email address hidden> Mon, 25 Mar 2019 09:24:29 -0300

Changed in nfs-utils (Ubuntu):
status: In Progress → Fix Released
Changed in nfs-utils (Debian):
status: New → Fix Committed
Changed in nfs-utils (Ubuntu Xenial):
status: Confirmed → In Progress
Changed in nfs-utils (Ubuntu Bionic):
status: Confirmed → In Progress
Changed in nfs-utils (Ubuntu Cosmic):
status: Confirmed → In Progress
description: updated
description: updated
description: updated
description: updated
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Jochen, or anyone else affected,

Accepted nfs-utils into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nfs-utils/1:1.3.4-2.2ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nfs-utils (Ubuntu Cosmic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Jochen, or anyone else affected,

Accepted nfs-utils into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nfs-utils/1:1.3.4-2.1ubuntu5.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in nfs-utils (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed-bionic
Changed in nfs-utils (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Revision history for this message
Brian Murray (brian-murray) wrote :

Hello Jochen, or anyone else affected,

Accepted nfs-utils into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/nfs-utils/1:1.2.8-9ubuntu12.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Mathew Hodson (mhodson)
tags: added: patch-accepted-debian
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

cosmic verification

First, reproducing the bug:

Cosmic packages:
ubuntu@cosmic-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.3.4-2.2ubuntu3.1
  Candidate: 1:1.3.4-2.2ubuntu3.1
  Version table:
 *** 1:1.3.4-2.2ubuntu3.1 500
        500 http://br.archive.ubuntu.com/ubuntu cosmic-updates/main amd64 Packages

"-v" is set:
ubuntu@cosmic-nfs:~$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"

but not in used:
ubuntu@cosmic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 4667 ? Ss 0:00 /usr/sbin/rpc.svcgssd

With the updated packages:
ubuntu@cosmic-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.3.4-2.2ubuntu3.2
  Candidate: 1:1.3.4-2.2ubuntu3.2
  Version table:
 *** 1:1.3.4-2.2ubuntu3.2 500
        500 http://br.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages

Right after the upgrade, the "-v" shows up in the process argument list:
...
Setting up nfs-common (1:1.3.4-2.2ubuntu3.2) ...
nfs-utils.service is a disabled or a static unit not running, not starting it.
Setting up nfs-kernel-server (1:1.3.4-2.2ubuntu3.2) ...
Processing triggers for systemd (239-7ubuntu10.13) ...
Processing triggers for man-db (2.8.4-2) ...

ubuntu@cosmic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 6041 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v

Cosmic verification succeeded.

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Bionic verification

First, reproducing the bug:

ubuntu@bionic-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.3.4-2.1ubuntu5.1
  Candidate: 1:1.3.4-2.1ubuntu5.1
  Version table:
 *** 1:1.3.4-2.1ubuntu5.1 500
        500 http://br.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages

Confirming "-v" option is set:
ubuntu@bionic-nfs:~$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"

But not given to the process:
ubuntu@bionic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 3681 ? Ss 0:00 /usr/sbin/rpc.svcgssd

With the updated package:
ubuntu@bionic-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.3.4-2.1ubuntu5.2
  Candidate: 1:1.3.4-2.1ubuntu5.2
  Version table:
 *** 1:1.3.4-2.1ubuntu5.2 500
        500 http://br.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages

It starts working right after the upgrade:
...
Setting up nfs-common (1:1.3.4-2.1ubuntu5.2) ...
nfs-utils.service is a disabled or a static unit not running, not starting it.
Setting up nfs-kernel-server (1:1.3.4-2.1ubuntu5.2) ...
Processing triggers for systemd (237-3ubuntu10.21) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

ubuntu@bionic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 5149 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v
ubuntu@bionic-nfs:~$

Bionic verification succeeded.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

xenial verification

First, reproducing the bug:

ubuntu@xenial-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.2.8-9ubuntu12.1
  Candidate: 1:1.2.8-9ubuntu12.1
  Version table:
 *** 1:1.2.8-9ubuntu12.1 500
        500 http://br.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages

"-v" option it set:
ubuntu@xenial-nfs:~$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"

But unused:
ubuntu@xenial-nfs:~$ ps axw|grep svcgssd|grep -v grep
 1500 ? Ss 0:00 /usr/sbin/rpc.svcgssd

With the updated packages:
ubuntu@xenial-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.2.8-9ubuntu12.2
  Candidate: 1:1.2.8-9ubuntu12.2
  Version table:
 *** 1:1.2.8-9ubuntu12.2 500
        500 http://br.archive.ubuntu.com/ubuntu xenial-proposed/main amd64 Packages

It's not fixed right after the upgrade:
...
Unpacking nfs-kernel-server (1:1.2.8-9ubuntu12.2) over (1:1.2.8-9ubuntu12.1) ...
Processing triggers for ureadahead (0.100.0-19.1) ...
Processing triggers for systemd (229-4ubuntu21.21) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up nfs-common (1:1.2.8-9ubuntu12.2) ...
Setting up nfs-kernel-server (1:1.2.8-9ubuntu12.2) ...
ubuntu@xenial-nfs:~$ ps axw|grep svcgssd|grep -v grep
 3022 ? Ss 0:00 /usr/sbin/rpc.svcgssd

But a restart is needed, same one used during the test:
ubuntu@xenial-nfs:~$ sudo systemctl restart nfs-config
ubuntu@xenial-nfs:~$ sudo systemctl restart nfs-server
ubuntu@xenial-nfs:~$ ps axw|grep svcgssd|grep -v grep
 3159 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v

xenial verification succeeded.

tags: added: verification-done-xenial
removed: verification-needed-xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nfs-utils - 1:1.3.4-2.2ubuntu3.2

---------------
nfs-utils (1:1.3.4-2.2ubuntu3.2) cosmic; urgency=medium

  * d/nfs-utils_env.sh: alongside RPCSVCGSSDARGS, also export SVCGSSDARGS,
    which is the variable name expected by the rpc-svcgssd systemd service.
    (LP: #1616123)

 -- Andreas Hasenack <email address hidden> Thu, 25 Apr 2019 17:13:13 -0300

Changed in nfs-utils (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for nfs-utils has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nfs-utils - 1:1.3.4-2.1ubuntu5.2

---------------
nfs-utils (1:1.3.4-2.1ubuntu5.2) bionic; urgency=medium

  * d/nfs-utils_env.sh: alongside RPCSVCGSSDARGS, also export SVCGSSDARGS,
    which is the variable name expected by the rpc-svcgssd systemd service.
    (LP: #1616123)

 -- Andreas Hasenack <email address hidden> Thu, 25 Apr 2019 17:17:31 -0300

Changed in nfs-utils (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nfs-utils - 1:1.2.8-9ubuntu12.2

---------------
nfs-utils (1:1.2.8-9ubuntu12.2) xenial; urgency=medium

  * d/nfs-utils_env.sh: alongside RPCSVCGSSDARGS, also export SVCGSSDARGS,
    which is the variable name expected by the rpc-svcgssd systemd service.
    (LP: #1616123)

 -- Andreas Hasenack <email address hidden> Thu, 25 Apr 2019 17:23:49 -0300

Changed in nfs-utils (Ubuntu Xenial):
status: Fix Committed → Fix Released
Revision history for this message
Philippe Clérié (pclerie) wrote :

The fix only takes care of the server side arguments. May I suggest we do the same for the client side by exposing $GSSDARGS used in rpc-gssd.service.

Thanks

Changed in nfs-utils (Debian):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.