** Description changed: [Impact] Command line options set for rpc.svcgssd in the /etc/default/nfs-kernel-server file are not passed on to the service, being ignored. [Test Case] - * install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm, and "localhost" for the servers, when prompted: + * In a VM (LXD won't work), install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm, and "localhost" for the servers, when prompted: sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server * create the EXAMPLE.LOCAL realm. Use any password you want for the database master key, it won't be requested again: sudo krb5_newrealm * create a principal for the nfs service: sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)" * extract the key into the system wide keytab: sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)" * edit /etc/default/nfs-common and enable gssd: NEED_GSSD=y * edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS: RPCSVCGSSDOPTS="-v" * restart nfs-server sudo systemctl restart nfs-server * verify if /run/sysconfig/nfs-utils has the option we added above: $ cat /run/sysconfig/nfs-utils PIPEFS_MOUNTPOINT=/run/rpc_pipefs RPCNFSDARGS=" 8" RPCMOUNTDARGS="--manage-gids" STATDARGS="" RPCSVCGSSDARGS="-v" * Verify the running rpc.gssd process. Without the fix, it won't have the "-v" option: ps axw|grep svcgssd|grep -v grep 4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd With the fix, right after installing the udpated packages, the option we added to /etc/default/nfs-kernel-server will show up: ps axw|grep svcgssd|grep -v grep 5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v [Regression Potential] This is an old bug and whoever was affected by it probably worked around the problem by now. I tried to cope with one such scenario by not just renaming the variable we export, but exporting the correct one in addition to the old incorrect one, but that's it. I hope this, and the explanation added to the shell script wrapper nfs-utils.sh, is enough to help people with corner cases. idance to testers in regression-testing the SRU. [Other Info] This patch was accepted in debian: https://salsa.debian.org/debian/nfs-utils/merge_requests/2 [Original Description] In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd: # Options for rpc.svcgssd. RPCSVCGSSDOPTS="-n" But the variable is named incorrectly in /lib/systemd/system/rpc- svcgssd.service: ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS
** Description changed: [Impact] Command line options set for rpc.svcgssd in the /etc/default/nfs-kernel-server file are not passed on to the service, being ignored. [Test Case] * In a VM (LXD won't work), install nfs-server and a kerberos server. Use "EXAMPLE.LOCAL" for the realm, and "localhost" for the servers, when prompted: sudo apt install nfs-server krb5-kdc krb5-user krb5-admin-server * create the EXAMPLE.LOCAL realm. Use any password you want for the database master key, it won't be requested again: sudo krb5_newrealm * create a principal for the nfs service: sudo kadmin.local -q "addprinc -randkey nfs/$(hostname -f)" * extract the key into the system wide keytab: sudo kadmin.local -q "ktadd -k /etc/krb5.keytab nfs/$(hostname -f)" * edit /etc/default/nfs-common and enable gssd: NEED_GSSD=y * edit /etc/default/nfs-kernel-server and add an option to RPCSVCGSSDOPTS: RPCSVCGSSDOPTS="-v" * restart nfs-server sudo systemctl restart nfs-server + + * on xenial, you also have to restart nfs-config: + sudo systemctl restart nfs-config * verify if /run/sysconfig/nfs-utils has the option we added above: $ cat /run/sysconfig/nfs-utils PIPEFS_MOUNTPOINT=/run/rpc_pipefs RPCNFSDARGS=" 8" RPCMOUNTDARGS="--manage-gids" STATDARGS="" RPCSVCGSSDARGS="-v" * Verify the running rpc.gssd process. Without the fix, it won't have the "-v" option: ps axw|grep svcgssd|grep -v grep 4285 ? Ss 0:00 /usr/sbin/rpc.svcgssd With the fix, right after installing the udpated packages, the option we added to /etc/default/nfs-kernel-server will show up: ps axw|grep svcgssd|grep -v grep 5656 ? Ss 0:00 /usr/sbin/rpc.svcgssd -v [Regression Potential] This is an old bug and whoever was affected by it probably worked around the problem by now. I tried to cope with one such scenario by not just renaming the variable we export, but exporting the correct one in addition to the old incorrect one, but that's it. I hope this, and the explanation added to the shell script wrapper nfs-utils.sh, is enough to help people with corner cases. idance to testers in regression-testing the SRU. [Other Info] This patch was accepted in debian: https://salsa.debian.org/debian/nfs-utils/merge_requests/2 [Original Description] In /etc/default/nfs-kernel-server you can specify parameters for rpc.svcgssd: # Options for rpc.svcgssd. RPCSVCGSSDOPTS="-n" But the variable is named incorrectly in /lib/systemd/system/rpc- svcgssd.service: ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS -- You received this bug notification because you are a member of Ubuntu Server, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1616123 Title: rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1616123/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
