diff -Nru nfs-utils-1.2.8/debian/changelog nfs-utils-1.2.8/debian/changelog --- nfs-utils-1.2.8/debian/changelog 2016-09-12 21:18:00.000000000 +0000 +++ nfs-utils-1.2.8/debian/changelog 2017-03-01 20:55:02.000000000 +0000 @@ -1,3 +1,11 @@ +nfs-utils (1:1.2.8-9.2ubuntu2) zesty; urgency=medium + + * Fixing nfs-mountd dependency on rpcbind (race condition) (LP: #1590799) + - Add systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch + - Add systemd-unit-files-fix-up-dependencies-on-rpcbind.patch + + -- Rafael David Tinoco Wed, 01 Mar 2017 20:55:02 +0000 + nfs-utils (1:1.2.8-9.2ubuntu1) yakkety; urgency=medium * Merge fixes from Debian. diff -Nru nfs-utils-1.2.8/debian/patches/series nfs-utils-1.2.8/debian/patches/series --- nfs-utils-1.2.8/debian/patches/series 2016-09-12 21:17:04.000000000 +0000 +++ nfs-utils-1.2.8/debian/patches/series 2017-03-01 20:44:29.000000000 +0000 @@ -20,3 +20,5 @@ unbreak-gssd-rpc_pipefs-run.patch 90-gss-free-lucid-sec-context.patch remove-gssproxy.patch +systemd-unit-files-fix-up-dependencies-on-rpcbind.patch +systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch diff -Nru nfs-utils-1.2.8/debian/patches/systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch nfs-utils-1.2.8/debian/patches/systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch --- nfs-utils-1.2.8/debian/patches/systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch 1970-01-01 00:00:00.000000000 +0000 +++ nfs-utils-1.2.8/debian/patches/systemd-Fix-nfs-mountd-dependency-on-rpcbind.patch 2017-03-01 20:46:53.000000000 +0000 @@ -0,0 +1,44 @@ +Description: systemd: Fix nfs-mountd dependency on rpcbind + +Following commit 91da135f - it replaced "rpcbind.target" by "rpcbind.socket" in +some unit files - "rpcbind.socket" should also be added to "nfs-mountd.service" +as a dependency to avoid race conditions. + +Usually "rpcbind.socket" is either started as a "sockets.target" dependency, or +as a dependency for "nfs-server.service", when unit files include it in +"BindsTo" or "After". Unfortunately there is a possilibility to have +"nfs-mountd.service" started when the rpcbind socket is not yet created: + +systemd[1]: Starting NFS Mount Daemon... +systemd[1]: nfs-mountd.service: Control process exited, code=exited status=1 +systemd[1]: Failed to start NFS Mount Daemon. +systemd[1]: nfs-mountd.service: Unit entered failed state. +systemd[1]: nfs-mountd.service: Failed with result 'exit-code'. + +Nowadays "nfs-mountd.service" uses "BindTo" directive to "nfs-server.service". +That, per se, doesn't guarantee ordering for NFS server to start rpcbind and for +nfs-mountd to depend on it. + +https://bugs.launchpad.net/bugs/1590799 + +Reviewed-by: NeilBrown +Signed-off-by: Rafael David Tinoco +Signed-off-by: Steve Dickson +- +Author: Rafael David Tinoco +Origin: upstream, commit: 907426b00bdcd69d9a56ac1870990e8ae8c6fe9f +Bug-Debian: https://bugs.debian.org/856328 +Bug-Ubuntu: https://launchpad.net/bugs/1590799 +Reviewed-By: Rafael David Tinoco +Last-Update: 2017-03-01 + +--- nfs-utils-1.2.8.orig/systemd/nfs-mountd.service ++++ nfs-utils-1.2.8/systemd/nfs-mountd.service +@@ -4,6 +4,7 @@ DefaultDependencies=no + Requires=proc-fs-nfsd.mount + After=proc-fs-nfsd.mount + After=network.target local-fs.target ++After=rpcbind.socket + BindsTo=nfs-server.service + + Wants=nfs-config.service diff -Nru nfs-utils-1.2.8/debian/patches/systemd-unit-files-fix-up-dependencies-on-rpcbind.patch nfs-utils-1.2.8/debian/patches/systemd-unit-files-fix-up-dependencies-on-rpcbind.patch --- nfs-utils-1.2.8/debian/patches/systemd-unit-files-fix-up-dependencies-on-rpcbind.patch 1970-01-01 00:00:00.000000000 +0000 +++ nfs-utils-1.2.8/debian/patches/systemd-unit-files-fix-up-dependencies-on-rpcbind.patch 2017-03-01 20:43:27.000000000 +0000 @@ -0,0 +1,123 @@ +Description: systemd unit files: fix up dependencies on rpcbind. + +The dependencies on rpcbind have been changed a few times and I think +they are still wrong. So I'll go into some detail to justify this +change. + +Firstly: rpcbind.target rpcbind.socket or rpcbind.service? + +The systemd documentation talks about targets as "synchronization +points" and likens them to SysV init run levels. Run levels are about +ordering but not dependencies. + +The systemd.special man page describes rpcbind.target as intended +explicitly for ordering sysvinit scripts, with "After=" dependencies. + +So while I think it is valid to use rpcbind.target for ordering +(before/after) it shouldn't be used for dependencies (Wants/Requires). +The rpcbind.target file included in systemd does not "Require" the +actual service, so requiring rpcbind.target itself is pointless. + +I think we shouldn't use rpcbind.target at all. Leave it for sysvinit +synchronization. + +So: .socket or .service? + +I think nfs only needs the socket to be active. On first connection +the service will be started. But nfs does not need to wait for the +service to start, only the socket. So I think we should exclusively +use rpcbind.socket. + +Next: Wants or Requires. + +rpc.statd definitely Requires rpcbind. It needs to register to be +useful, and without rpcbind it cannot register. + +nfs-server does not necesarily require rpcbind. Specifically if +configured for NFSv4 only, nfs-server will work quite happily without +rpcbind. + +Someone with an NFSv4 only setup who wants rpcbind to not run can use + systemctl mask rpcbind.socket +to ensure it never runs. +So nfs-server should only "Wants: rpcbind.socket". +I think + Commit: 4fabfcd08206 ("systemd: Decouple the starting and stopping of +rpcbind/nfs-server") +should have changed "Requires" to "Wants" rather than "server" to +"target" +to fix the dependency problem. + +Finally: After? + +It only makes sense to declare an ordering relation as "After:" +something that will actually be started. If "foo.service" is not part +of the systemd transaction, then "After: foo.service" has no effect. +So having: + Requires: rpcbind.target + After: rpcbind.socket + +doesn't make much sense unless there is some relationship between +rpcbind.target and rpcbind.socket, and there is no general guarantee +of that (though what individual distros do, I don't know). +So the "After" should match the "Wants" or "Requires". + +It might make sense to + Requires: rpcbind.socket + After: rpcbind.target + +as it is reasonable to assume that rpcbind.target will be ordered with +rpcbind.socket, but as we can use rpcbind.socket explictly, that is +clearer. + +So my conclusion is that nfs-server should: + Wants: rpcbind.socket + After: rpcbind.socket + +and rpc-statd should + Requires: rpcbind.socket + After: rpcbind.socket + +which is what this patch puts into effect. + +Signed-off-by: NeilBrown +Signed-off-by: Steve Dickson +- +Author: NeilBrown +Origin: upsteam, commit: 91da135f243d6f87fcea8b8a3ce28a589917b0e4 +Bug-Debian: https://bugs.debian.org/856328 +Bug-Ubuntu: https://launchpad.net/bugs/1590799 +Reviewed-By: Rafael David Tinoco +Last-Update: 2017-03-01 + +--- nfs-utils-1.2.8.orig/systemd/nfs-server.service ++++ nfs-utils-1.2.8/systemd/nfs-server.service +@@ -1,12 +1,13 @@ + [Unit] + Description=NFS server and services + DefaultDependencies=no +-Requires= network.target proc-fs-nfsd.mount rpcbind.target ++Requires= network.target proc-fs-nfsd.mount + Requires= nfs-mountd.service ++Wants=rpcbind.socket + Wants=nfs-idmapd.service + + After= local-fs.target +-After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service ++After= network.target proc-fs-nfsd.mount rpcbind.socket nfs-mountd.service + After= nfs-idmapd.service rpc-statd.service + Before= rpc-statd-notify.service + +--- nfs-utils-1.2.8.orig/systemd/rpc-statd.service ++++ nfs-utils-1.2.8/systemd/rpc-statd.service +@@ -2,8 +2,8 @@ + Description=NFS status monitor for NFSv2/3 locking. + DefaultDependencies=no + Conflicts=umount.target +-Requires=nss-lookup.target rpcbind.target +-After=network.target nss-lookup.target rpcbind.target ++Requires=nss-lookup.target rpcbind.socket ++After=network.target nss-lookup.target rpcbind.socket + + PartOf=nfs-utils.service +