Bug#651558: NFS client initscripts for rpc.svcgssd?
merge 651558 684416
tags 651558 patch
thanks
Hi all!
I have prepared a patch that should fix this bug. It actually moves the
init part of rpc.svcgssd from nfs-kernel-server into nfs-common.
I have not added any break/replace field to debian/control but it
should be necessary (as well a notice of the change).
Now a small comment about the patch. Since the default configuration of
rpc.svcgssd is moved from /etc/default/nfs-kernel-server into
/etc/default/nfs-common, to avoid breaking server at upgrade, I have
implemented a small hack that sources /etc/default/nfs-kernel-server
when starting nfs-common if the case of:
1- statement about rpc.svcgssd are untouched in /etc/default/nfs-common
AND
2- there is a file /etc/default/nfs-kernel-server that contains
statement about rpc.svcgssd
Maybe this is really too hackish but I could not think of a better solution.
Please review/comment
Cheers,
Nicolas Bourdaud
>From 2e4c1cdecb575857bb32ae57d2d918de6de9d127 Mon Sep 17 00:00:00 2001
From: Nicolas Bourdaud <nicolas.bourdaud@gmail.com>
Date: Sat, 29 Sep 2012 00:08:24 +0200
Subject: [PATCH] Move init script for rpc.svcgssd into nfs-common
---
debian/nfs-common.default | 8 +++++
debian/nfs-common.init | 64 +++++++++++++++++++++++++++++++++++++
debian/nfs-common.manpages | 1 +
debian/nfs-kernel-server.default | 7 ----
debian/nfs-kernel-server.init | 25 ---------------
debian/nfs-kernel-server.manpages | 1 -
6 files changed, 73 insertions(+), 33 deletions(-)
diff --git a/debian/nfs-common.default b/debian/nfs-common.default
index 0e373e6..0abaf03 100644
--- a/debian/nfs-common.default
+++ b/debian/nfs-common.default
@@ -16,4 +16,12 @@ STATDOPTS=
NEED_IDMAPD=
# Do you want to start the gssd daemon? It is required for Kerberos mounts.
+# It is also necessary for a server exporting Kerberos mounts of NFSv4.
NEED_GSSD=
+
+# Do you want to start the svcgssd daemon? It is required for NFSv4 delegations
+# with Kerberos mounts or by a server exporting Kerberos mounts.
+NEED_SVCGSSD=
+
+# Options for rpc.svcgssd
+#RPCSVCGSSDOPTS=
diff --git a/debian/nfs-common.init b/debian/nfs-common.init
index 4076e31..fe5e238 100644
--- a/debian/nfs-common.init
+++ b/debian/nfs-common.init
@@ -17,16 +17,27 @@ DESC="NFS common utilities"
# Read config
DEFAULTFILE=/etc/default/nfs-common
+DEFAULTSERVERFILE=/etc/default/nfs-kernel-server
PREFIX=
NEED_STATD=
NEED_IDMAPD=
NEED_GSSD=
+NEED_SVCGSSD=
PIPEFS_MOUNTPOINT=/var/lib/nfs/rpc_pipefs
RPCGSSDOPTS=
+RPCSVCGSSDOPTS=
if [ -f $DEFAULTFILE ]; then
. $DEFAULTFILE
fi
+# Search default configuration of svcgssd in server configuration if none is
+# specified. Since svcgssd configuration has moved from nfs-kernel-server into
+# nfs-common, we can this way propagate the configuration and avoid breaking
+# at upgrade systems that use it.
+if [ -z "$NEED_SVCGSSD" ] && [ -f $DEFAULTSERVERFILE ] ; then
+ . $DEFAULTSERVERFILE
+fi
+
. /lib/lsb/init-functions
# Exit if required binaries are missing.
@@ -39,6 +50,7 @@ fi
#
AUTO_NEED_IDMAPD=no
AUTO_NEED_GSSD=no
+AUTO_NEED_SVCGSSD=no
if [ -f /etc/fstab ]; then
exec 9<&0 </etc/fstab
@@ -58,6 +70,8 @@ if [ -f /etc/fstab ]; then
sec=krb5|*,sec=krb5|sec=krb5,*|*,sec=krb5i,*|sec=krb5i|*,sec=krb5i|sec=krb5i,*|*,sec=krb5i,*|sec=krb5p|*,sec=krb5p|sec=krb5p,*|*,sec=krb5p,*)
AUTO_NEED_GSSD=yes
+ # rpc.svcgssd necessary for NFSv4 delegation with kerberos
+ AUTO_NEED_SVCGSSD=yes
;;
esac
done
@@ -78,6 +92,16 @@ if [ -f /etc/exports ] && grep -q '^[[:space:]]*[^#]*/' /etc/exports; then
AUTO_NEED_IDMAPD=yes
fi
+# Both svcgssd and gssd are necessary if we run an NFSv4 server using
+# kerberos. We detect the NFSv4 using the same trick as before. The guess on
+# whether it is using Kerberos or not is based on whether find a krb5 string
+# in a uncommented line.
+if [ -f /etc/exports ] && grep -q -E '^[[:space:]]*[^#].*krb5/' /etc/exports; then
+ AUTO_NEED_GSSD=yes
+ AUTO_NEED_SVCGSSD=yes
+fi
+
+
case "$NEED_STATD" in
yes|no)
;;
@@ -102,6 +126,14 @@ case "$NEED_GSSD" in
;;
esac
+case "$NEED_SVCGSSD" in
+ yes|no)
+ ;;
+ *)
+ NEED_SVCGSSD=$AUTO_NEED_SVCGSSD
+ ;;
+esac
+
do_modprobe() {
if [ -x /sbin/modprobe -a -f /proc/modules ]
then
@@ -206,6 +238,18 @@ case "$1" in
exit $RET
fi
fi
+ if [ "$NEED_SVCGSSD" = "yes" ]
+ then
+ do_modprobe rpcsec_gss_krb5
+ log_progress_msg "svcgssd"
+ start-stop-daemon --start --oknodo --quiet \
+ --exec /usr/sbin/rpc.svcgssd -- $RPCSVCGSSDOPTS
+ RET=$?
+ if [ $RET != 0 ]; then
+ log_end_msg $RET
+ exit $RET
+ fi
+ fi
fi
fi
log_end_msg 0
@@ -214,6 +258,17 @@ case "$1" in
stop)
log_daemon_msg "Stopping $DESC"
+ if [ "$NEED_SVCGSSD" = yes ]
+ then
+ log_progress_msg "svcgssd"
+ start-stop-daemon --stop --oknodo --quiet \
+ --name rpc.svcgssd
+ RET=$?
+ if [ $RET != 0 ]; then
+ log_end_msg $RET
+ exit $RET
+ fi
+ fi
if [ "$NEED_GSSD" = yes ]
then
log_progress_msg "gssd"
@@ -270,6 +325,15 @@ case "$1" in
fi
fi
+ if [ "$NEED_SVCGSSD" = yes ]
+ then
+ if ! pidof rpc.svcgssd >/dev/null
+ then
+ echo "rpc.svcgssd not running"
+ exit 3
+ fi
+ fi
+
if [ "$NEED_IDMAPD" = yes ]
then
if ! pidof rpc.idmapd >/dev/null
diff --git a/debian/nfs-common.manpages b/debian/nfs-common.manpages
index 569498b..d86cd7f 100644
--- a/debian/nfs-common.manpages
+++ b/debian/nfs-common.manpages
@@ -3,6 +3,7 @@ utils/mount/nfsmount.conf.man
debian/tmp/usr/share/man/man5/nfs.5
debian/tmp/usr/share/man/man8/blkmapd.8
debian/tmp/usr/share/man/man8/gssd.8
+debian/tmp/usr/share/man/man8/svcgssd.8
debian/tmp/usr/share/man/man8/idmapd.8
debian/tmp/usr/share/man/man8/statd.8
debian/tmp/usr/share/man/man8/sm-notify.8
diff --git a/debian/nfs-kernel-server.default b/debian/nfs-kernel-server.default
index 16c0532..a2401a3 100644
--- a/debian/nfs-kernel-server.default
+++ b/debian/nfs-kernel-server.default
@@ -10,10 +10,3 @@ RPCNFSDPRIORITY=0
# see rpc.mountd(8) or http://wiki.debian.org/SecuringNFS
# To disable NFSv4 on the server, specify '--no-nfs-version 4' here
RPCMOUNTDOPTS=--manage-gids
-
-# Do you want to start the svcgssd daemon? It is only required for Kerberos
-# exports. Valid alternatives are "yes" and "no"; the default is "no".
-NEED_SVCGSSD=
-
-# Options for rpc.svcgssd.
-RPCSVCGSSDOPTS=
diff --git a/debian/nfs-kernel-server.init b/debian/nfs-kernel-server.init
index d00b2ec..8a9b02c 100644
--- a/debian/nfs-kernel-server.init
+++ b/debian/nfs-kernel-server.init
@@ -28,8 +28,6 @@ DEFAULTFILE=/etc/default/nfs-kernel-server
RPCNFSDCOUNT=8
RPCNFSDPRIORITY=0
RPCMOUNTDOPTS=
-NEED_SVCGSSD=no
-RPCSVCGSSDOPTS=
PROCNFSD_MOUNTPOINT=/proc/fs/nfsd
if [ -f $DEFAULTFILE ]; then
. $DEFAULTFILE
@@ -122,18 +120,6 @@ case "$1" in
[ -z "$ClearAddr" ] || echo "nfsd 127.0.0.1 1" >/proc/net/rpc/auth.unix.ip/channel
- if [ "$NEED_SVCGSSD" = "yes" ]; then
- do_modprobe rpcsec_gss_krb5
- log_progress_msg "svcgssd"
- start-stop-daemon --start --oknodo --quiet \
- --exec $PREFIX/sbin/rpc.svcgssd -- $RPCSVCGSSDOPTS
- RET=$?
- if [ $RET != 0 ]; then
- log_end_msg $RET
- exit $RET
- fi
- fi
-
log_progress_msg "mountd"
start-stop-daemon --start --oknodo --quiet \
--exec $PREFIX/sbin/rpc.mountd -- $RPCMOUNTDOPTS
@@ -161,17 +147,6 @@ case "$1" in
exit $RET
fi
- if [ "$NEED_SVCGSSD" = "yes" ]; then
- log_progress_msg "svcgssd"
- start-stop-daemon --stop --oknodo --quiet \
- --name rpc.svcgssd --user 0
- RET=$?
- if [ $RET != 0 ]; then
- log_end_msg $RET
- exit $RET
- fi
- fi
-
log_progress_msg "nfsd"
start-stop-daemon --stop --oknodo --quiet \
--name nfsd --user 0 --signal 2
diff --git a/debian/nfs-kernel-server.manpages b/debian/nfs-kernel-server.manpages
index f8edbae..d7c33aa 100644
--- a/debian/nfs-kernel-server.manpages
+++ b/debian/nfs-kernel-server.manpages
@@ -3,4 +3,3 @@ debian/tmp/usr/share/man/man7/nfsd.7
debian/tmp/usr/share/man/man8/mountd.8
debian/tmp/usr/share/man/man8/exportfs.8
debian/tmp/usr/share/man/man8/nfsd.8
-debian/tmp/usr/share/man/man8/svcgssd.8
--
1.7.10.4
Reply to: