Merge ~ahasenack/ubuntu/+source/nfs-utils:disco-fix-rpc.svcgssd-args-1616123 into ubuntu/+source/nfs-utils:ubuntu/devel
Status: | Merged |
---|---|
Approved by: | Andreas Hasenack |
Approved revision: | da8c485b84decd0e0c51290fb1806993aa5426aa |
Merged at revision: | da8c485b84decd0e0c51290fb1806993aa5426aa |
Proposed branch: | ~ahasenack/ubuntu/+source/nfs-utils:disco-fix-rpc.svcgssd-args-1616123 |
Merge into: | ubuntu/+source/nfs-utils:ubuntu/devel |
Diff against target: |
36 lines (+16/-0) 2 files modified
debian/changelog (+8/-0) debian/nfs-utils_env.sh (+8/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Christian Ehrhardt (community) | Approve | ||
Canonical Server | Pending | ||
Robie Basak | Pending | ||
Review via email: mp+364923@code.launchpad.net |
Description of the change
There is a mismatch between a variable name defined in /etc/default/
/etc/default/
RPCSVCGSSDOPTS
nfs-utils_env.sh: generates the config file sourced by rpc-svcgssd.
"export RPCSVCGSSDARGS=
rpc-svcgssd.
sources /run/sysconfig/
The .service file comes from the upstream tarball, whereas nfs-utils_env.sh comes from debian.
The best place to fix this is in the nfs-utils_env.sh script.
PPA with test packages: https:/
TESTING (to be added to the bug once I start the SRU)
* install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm,
and "localhost" for the servers, when prompted:
sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server
* create the EXAMPLE.LOCAL realm. Use any password you want for the database
master key, it won't be requested again:
sudo krb5_newrealm
* create a principal for the nfs service:
sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)"
* extract the key into the system wide keytab:
sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)"
* edit /etc/default/
NEED_GSSD=y
* edit /etc/default/
RPCSVCGSSDOPTS="-v"
* restart nfs-server
sudo systemctl restart nfs-server
* verify if /run/sysconfig/
$ cat /run/sysconfig/
PIPEFS_
RPCNFSDARGS=" 8"
RPCMOUNTDARGS=
STATDARGS=""
RPCSVCGSSDARGS="-v"
* Verify the running rpc.gssd process. Without the fix, it won't have the "-v" option:
ps axw|grep svcgssd|grep -v grep
4285 ? Ss 0:00 /usr/sbin/
With the fix, right after installing the udpated packages, the option we added
to /etc/default/
ps axw|grep svcgssd|grep -v grep
5656 ? Ss 0:00 /usr/sbin/
The change itself seems fine, there is no changelog change thou ?!
In addition I have seen that you have tagged the bug for SRUs.
I've had such cases in the past and just wanted to share some lessons learned.
By default NEED_SVCGSSD= is "no" so it doesn't even start. And even if it is "yes" then RPCSVCGSSDOPTS= is empty to it would make no difference. That is good so all of it only matters for a small amount of people.
But if somebody played with the RPCSVCGSSDOPTS= option and left it in any state that is not "" then this SRU will suddenly change behavior for him.
I know that is exactly the fix you want to achieve, but just saying that for "regression potential" this has to be considered. You know better than I do what people usually put in there and if that might be a problem.
One thing that can be done is to parse the file on update and warn about changing behavior if it will be triggered (but people unfortuantely ignore such messages, so it is barely worth).
I checked and as you have already mentioned (it is generated) /etc/default/ nfs-kernel- server is no conffile. So I'm wondering how this will behave on an upgrade - is it only generated "once" on install - if so the fix will only help new installs (which is bad) but in return will not break existing setups (which is good).
The install path with the fix seems to be great and fixed, but I haven't looked deeper into the "how does this work on upgrades". Fortunately rbasak has grabbed the full review - so I'll leave that part for him :-P