[Bug 1616123] Re: rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS

Andreas Hasenack andreas at canonical.com
Thu May 9 13:00:27 UTC 2019 

Bionic verification

First, reproducing the bug:

ubuntu at bionic-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.3.4-2.1ubuntu5.1
  Candidate: 1:1.3.4-2.1ubuntu5.1
  Version table:
 *** 1:1.3.4-2.1ubuntu5.1 500
        500 http://br.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages


Confirming "-v" option is set:
ubuntu at bionic-nfs:~$ cat /run/sysconfig/nfs-utils
PIPEFS_MOUNTPOINT=/run/rpc_pipefs
RPCNFSDARGS=" 8"
RPCMOUNTDARGS="--manage-gids"
STATDARGS=""
RPCSVCGSSDARGS="-v"

But not given to the process:
ubuntu at bionic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 3681 ?        Ss     0:00 /usr/sbin/rpc.svcgssd


With the updated package:
ubuntu at bionic-nfs:~$ apt-cache policy nfs-kernel-server
nfs-kernel-server:
  Installed: 1:1.3.4-2.1ubuntu5.2
  Candidate: 1:1.3.4-2.1ubuntu5.2
  Version table:
 *** 1:1.3.4-2.1ubuntu5.2 500
        500 http://br.archive.ubuntu.com/ubuntu bionic-proposed/main amd64 Packages

It starts working right after the upgrade:
...
Setting up nfs-common (1:1.3.4-2.1ubuntu5.2) ...
nfs-utils.service is a disabled or a static unit not running, not starting it.
Setting up nfs-kernel-server (1:1.3.4-2.1ubuntu5.2) ...
Processing triggers for systemd (237-3ubuntu10.21) ...
Processing triggers for man-db (2.8.3-2ubuntu0.1) ...

ubuntu at bionic-nfs:~$ ps axw|grep svcgssd|grep -v grep
 5149 ?        Ss     0:00 /usr/sbin/rpc.svcgssd -v
ubuntu at bionic-nfs:~$ 


Bionic verification succeeded.

** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1616123

Title:
  rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS

Status in nfs-utils package in Ubuntu:
  Fix Released
Status in nfs-utils source package in Xenial:
  Fix Committed
Status in nfs-utils source package in Bionic:
  Fix Committed
Status in nfs-utils source package in Cosmic:
  Fix Committed
Status in nfs-utils package in Debian:
  Fix Committed

Bug description:
  [Impact]
  Command line options set for rpc.svcgssd in the /etc/default/nfs-kernel-server file are not passed on to the service, being ignored.

  [Test Case]
  * In a VM (LXD won't work), install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm, and "localhost" for the servers, when prompted:
  sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server

  * create the EXAMPLE.LOCAL realm. Use any password you want for the database master key, it won't be requested again:
  sudo krb5_newrealm

  * create a principal for the nfs service:
  sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)"

  * extract the key into the system wide keytab:
  sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)"

  * edit /etc/default/nfs-common and enable gssd:
  NEED_GSSD=y

  * edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS:
  RPCSVCGSSDOPTS="-v"

  * restart nfs-server
  sudo systemctl restart nfs-server

  * on xenial, you also have to restart nfs-config:
  sudo systemctl restart nfs-config

  * verify if /run/sysconfig/nfs-utils has the option we added above:
  $ cat /run/sysconfig/nfs-utils
  PIPEFS_MOUNTPOINT=/run/rpc_pipefs
  RPCNFSDARGS=" 8"
  RPCMOUNTDARGS="--manage-gids"
  STATDARGS=""
  RPCSVCGSSDARGS="-v"

  * Verify the running rpc.gssd process. Without the fix, it won't have the "-v" option:
  ps axw|grep svcgssd|grep -v grep
   4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd

  With the fix, right after installing the udpated packages, the option we added to /etc/default/nfs-kernel-server will show up:
  ps axw|grep svcgssd|grep -v grep
   5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v

  [Regression Potential]
  This is an old bug and whoever was affected by it probably worked around the problem by now. I tried to cope with one such scenario by not just renaming the variable we export, but exporting the correct one in addition to the old incorrect one, but that's it. I hope this, and the explanation added to the shell script wrapper nfs-utils.sh, is enough to help people with corner cases.
  idance to testers in regression-testing the SRU.

  [Other Info]
  This patch was accepted in debian: https://salsa.debian.org/debian/nfs-utils/merge_requests/2

  [Original Description]
  In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd:

  # Options for rpc.svcgssd.
  RPCSVCGSSDOPTS="-n"

  But the variable is named incorrectly in /lib/systemd/system/rpc-
  svcgssd.service:

  ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1616123/+subscriptions

More information about the foundations-bugs mailing list