[Bug 1918141] Re: nfs-server.service needs name resolution and network online

Niklas Edmundsson 1918141 at bugs.launchpad.net
Wed Mar 10 09:57:32 UTC 2021 

OK, getting the network delay got a little bit convoluted as you can't
clear dependencies with overrides but instead have to copy the unit file
and edit it.

I'm no systemd expert so this can probably be improved, but on a focal
VM host of ours (KVM/Ganeti) that uses systemd-networkd I needed to do
this, if you're using some other network setup scheme you'll need to
adapt accordingly:

* cp /lib/systemd/system/systemd-networkd.service /etc/systemd/system/systemd-networkd.service
** Edit /etc/systemd/system/systemd-networkd.service:
*** Comment out Before= and Wants=
*** Add in [Unit] section, Before= without network.target and After=/Wants= fakenet.service:
**** Before=multi-user.target shutdown.target
**** After=fakenet.service
**** Wants=fakenet.service
*** Add in [Service] section:
**** ExecStartPre=/bin/sleep 10
* Create /etc/systemd/system/fakenet.service with content as [1] (bottom of comment)
* systemctl daemon-reload
* systemctl enable fakenet
* It turned out that systemd-resolved also messed with network.target, so I just disabled it
** Edit /etc/resolv.conf to contain usable DNS resolver
** systemctl stop systemd-resolved
** systemctl mask systemd-resolved
** Check /etc/resolv.conf again and verify that you can do DNS lookups

reboot, and then verify with systemd-analyze plot > boot.svg that
timings are right, you should have network.target and then 10s or so
later network-online.target (I just load boot.svg into a browser and use
find to search in the file). If not you have to find the culprit that
has a Before=network.target and edit or disable.

You should also find that nfs-server starts a few seconds before the
network is available, and systemctl status nfs-server should show
exportfs: Failed to resolve errors.

Hope this helps to QA/reproduce.


[1] fakenet.service:
[Unit]
Description=Fake network.target
DefaultDependencies=no
After=systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
Before=network.target multi-user.target shutdown.target
Conflicts=shutdown.target
Wants=network.target

[Service]
Type=oneshot
ExecStart=/bin/true

[Install]
WantedBy=multi-user.target

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to nfs-utils in Ubuntu.
https://bugs.launchpad.net/bugs/1918141

Title:
  nfs-server.service needs name resolution and network online

Status in nfs-utils package in Ubuntu:
  Confirmed

Bug description:
  nfs-server.service has insufficient dependencies to start correctly in
  a setting where the nfs exports list contains DNS host names (not in
  local hosts file) or netgroups served via network (for example sssd).

  Typical failures listed by systemctl status nfs-server.service are:

  Mar 08 14:16:52 server.example.com exportfs[844]: exportfs: Failed to resolve client1.example.com
  Mar 08 14:16:52 server.example.com exportfs[844]: exportfs: Failed to resolve client2.example.com

  
  Our workaround is to add the appropriate dependecies in /etc/systemd/system/nfs-server.service.d/dependencies.conf like so:

  ----------------------8<----------------------------
  [Unit]
  # nfs-server.service runs exportfs on startup, thus we need to be able to
  # do host and netgroup lookups which requires network to be online.
  After=network-online.target nss-lookup.target nss-user-lookup.target
  ----------------------8<----------------------------

  While nfs-server.service do depend on network.target, that only means
  that the network has been configured. On physical hardware it can take
  significantly longer for the network to come online (8+ seconds for
  our 10G NICs). Also note that we configure static IP:s via systemd-
  networkd, things might behave differently when using DHCP, network-
  manager etc. In any case, depending on network.target is almost always
  wrong, and network-online.target is usually the right one.

  nss-lookup.target is needed to ensure that DNS resolution works, and
  nss-user-lookup.target is the best approximation to ensure that
  netgroup resolution via sssd or equivalent works. Usually things "just
  works" even without these dependencies, but to ensure correct startup
  they should be present.

  It should be noted that this seems to once have been fixed in Ubuntu,
  but has been lost along the way for quite some time. When googling I
  find for example https://code.launchpad.net/~ubuntu-
  branches/ubuntu/wily/nfs-utils/wily-201507271018/+merge/265946 that
  fixes the network.target vs network-online.target dependency, but it
  has since been lost in the wind it seems.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1918141/+subscriptions

More information about the foundations-bugs mailing list