[Bug 1616123] Re: rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS

Andreas Hasenack andreas at canonical.com
Thu May 9 12:49:27 UTC 2019 

cosmic verification

First, reproducing the bug:

Cosmic packages:
ubuntu at cosmic-nfs:~$ apt-cache policy nfs-kernel-server 
nfs-kernel-server:
  Installed: 1:1.3.4-2.2ubuntu3.1
  Candidate: 1:1.3.4-2.2ubuntu3.1
  Version table:
 *** 1:1.3.4-2.2ubuntu3.1 500
        500 http://br.archive.ubuntu.com/ubuntu cosmic-updates/main amd64 Packages


"-v" is set:
ubuntu at cosmic-nfs:~$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"

but not in used:
ubuntu at cosmic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 4667 ?        Ss     0:00 /usr/sbin/rpc.svcgssd


With the updated packages:
ubuntu at cosmic-nfs:~$ apt-cache policy nfs-kernel-server 
nfs-kernel-server:
  Installed: 1:1.3.4-2.2ubuntu3.2
  Candidate: 1:1.3.4-2.2ubuntu3.2
  Version table:
 *** 1:1.3.4-2.2ubuntu3.2 500
        500 http://br.archive.ubuntu.com/ubuntu cosmic-proposed/main amd64 Packages


Right after the upgrade, the "-v" shows up in the process argument list:
...
Setting up nfs-common (1:1.3.4-2.2ubuntu3.2) ...
nfs-utils.service is a disabled or a static unit not running, not starting it.
Setting up nfs-kernel-server (1:1.3.4-2.2ubuntu3.2) ...
Processing triggers for systemd (239-7ubuntu10.13) ...
Processing triggers for man-db (2.8.4-2) ...

ubuntu at cosmic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 6041 ?        Ss     0:00 /usr/sbin/rpc.svcgssd -v


Cosmic verification succeeded.

** Tags removed: verification-needed-cosmic
** Tags added: verification-done-cosmic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1616123

Title:
  rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS

Status in nfs-utils package in Ubuntu:
  Fix Released
Status in nfs-utils source package in Xenial:
  Fix Committed
Status in nfs-utils source package in Bionic:
  Fix Committed
Status in nfs-utils source package in Cosmic:
  Fix Committed
Status in nfs-utils package in Debian:
  Fix Committed

Bug description:
  [Impact]
  Command line options set for rpc.svcgssd in the /etc/default/nfs-kernel-server file are not passed on to the service, being ignored.

  [Test Case]
  * In a VM (LXD won't work), install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm, and "localhost" for the servers, when prompted:
  sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server

  * create the EXAMPLE.LOCAL realm. Use any password you want for the database master key, it won't be requested again:
  sudo krb5_newrealm

  * create a principal for the nfs service:
  sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)"

  * extract the key into the system wide keytab:
  sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)"

  * edit /etc/default/nfs-common and enable gssd:
  NEED_GSSD=y

  * edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS:
  RPCSVCGSSDOPTS="-v"

  * restart nfs-server
  sudo systemctl restart nfs-server

  * on xenial, you also have to restart nfs-config:
  sudo systemctl restart nfs-config

  * verify if /run/sysconfig/nfs-utils has the option we added above:
  $ cat /run/sysconfig/nfs-utils
  PIPEFS_MOUNTPOINT=/run/rpc_pipefs
  RPCNFSDARGS=" 8"
  RPCMOUNTDARGS="--manage-gids"
  STATDARGS=""
  RPCSVCGSSDARGS="-v"

  * Verify the running rpc.gssd process. Without the fix, it won't have the "-v" option:
  ps axw|grep svcgssd|grep -v grep
   4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd

  With the fix, right after installing the udpated packages, the option we added to /etc/default/nfs-kernel-server will show up:
  ps axw|grep svcgssd|grep -v grep
   5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v

  [Regression Potential]
  This is an old bug and whoever was affected by it probably worked around the problem by now. I tried to cope with one such scenario by not just renaming the variable we export, but exporting the correct one in addition to the old incorrect one, but that's it. I hope this, and the explanation added to the shell script wrapper nfs-utils.sh, is enough to help people with corner cases.
  idance to testers in regression-testing the SRU.

  [Other Info]
  This patch was accepted in debian: https://salsa.debian.org/debian/nfs-utils/merge_requests/2

  [Original Description]
  In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd:

  # Options for rpc.svcgssd.
  RPCSVCGSSDOPTS="-n"

  But the variable is named incorrectly in /lib/systemd/system/rpc-
  svcgssd.service:

  ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1616123/+subscriptions

More information about the foundations-bugs mailing list