-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[gssproxy] Try to load the auth_rpcgss module before starting #84
Conversation
If you install gssproxy before nfs-kernel-server (or whatever the equivalent package is named on non-Debian distros), the auth_rpcgss module will typically not be loaded. This leads to output like this: systemd[1]: Starting gssproxy.service - GSSAPI Proxy Daemon... gssproxy[1519]: [2023/10/16 20:47:33]: Debug Level changed to 3 gssproxy[1519]: k5tracer_thread started! gssproxy[1519]: [2023/10/16 20:47:33]: Service: nfs-server, Keytab: <some_path>, Enctype: 18 gssproxy[1521]: [2023/10/16 20:47:33]: Kernel doesn't support GSS-Proxy (can't open /proc/net/rpc/use-gss-proxy: 2 (No such file or directory)) gssproxy[1521]: [2023/10/16 20:47:33]: Problem with kernel communication! NFS server will not work systemd[1]: Started gssproxy.service - GSSAPI Proxy Daemon. gssproxy[1521]: [2023/10/16 20:47:33]: Initialization complete. And gssproxy won't work properly until the nfs kernel server package(s) have been installed and gssproxy has been restarted (which is kind of difficult to debug) since it won't try opening /proc/net/rpc/use-gss-proxy again. Signed-off-by: David Härdeman <david@hardeman.nu>
067622f
to
42a33bf
Compare
Was there a recent change in nfs-utils? |
Anyway, doesn't this force rpc_authgss to always be loaded even if the NFS server is not being used? |
It's only an issue if you take a fresh system (a future NFS server) and install/configure/start |
Yeah, that's true, not sure what the best way to approach this would be. Having Adding an
|
Adding some retry logic for opening |
Maybe we reopen on a SIGHUP and change the nfs util service file to ping the gss-proxy ? |
Looking at the code, a SIGHUP already causes a new attempt to poke Lines 255 to 280 in f52e60f
Perhaps an As an alternative, I've prepared a separate PR with changes to |
I agree the latter is saner, I would pursue that within nfs-utils on top of your proposed #85 |
Replaced by #85 |
If you install gssproxy before nfs-kernel-server (or whatever the equivalent package is named on non-Debian distros), the auth_rpcgss module will typically not be loaded.
This leads to output like this:
systemd[1]: Starting gssproxy.service - GSSAPI Proxy Daemon...
gssproxy[1519]: [2023/10/16 20:47:33]: Debug Level changed to 3
gssproxy[1519]: k5tracer_thread started!
gssproxy[1519]: [2023/10/16 20:47:33]: Service: nfs-server, Keytab: <some_path>, Enctype: 18
gssproxy[1521]: [2023/10/16 20:47:33]: Kernel doesn't support GSS-Proxy (can't open /proc/net/rpc/use-gss-proxy: 2 (No such file or directory))
gssproxy[1521]: [2023/10/16 20:47:33]: Problem with kernel communication! NFS server will not work
systemd[1]: Started gssproxy.service - GSSAPI Proxy Daemon.
gssproxy[1521]: [2023/10/16 20:47:33]: Initialization complete.
And gssproxy won't work properly until the nfs kernel server package(s) have been installed and gssproxy has been restarted (which is kind of difficult to debug) since it won't try opening /proc/net/rpc/use-gss-proxy again.
Signed-off-by: David Härdeman david@hardeman.nu