| 2021-03-08 14:06:16 |
Niklas Edmundsson |
bug |
|
|
added bug |
| 2021-03-08 14:10:04 |
Launchpad Janitor |
nfs-utils (Ubuntu): status |
New |
Confirmed |
|
| 2021-03-08 23:26:38 |
Dan Streetman |
bug |
|
|
added subscriber Dan Streetman |
| 2021-03-09 21:45:09 |
Sergio Durigan Junior |
bug |
|
|
added subscriber Sergio Durigan Junior |
| 2021-03-12 18:43:23 |
Brian Murray |
tags |
|
rls-hh-incoming |
|
| 2021-03-15 22:26:53 |
Sergio Durigan Junior |
nfs-utils (Ubuntu): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2021-03-15 23:34:08 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/nfs-utils/+git/nfs-utils/+merge/399688 |
|
| 2021-03-16 21:04:35 |
Sergio Durigan Junior |
description |
nfs-server.service has insufficient dependencies to start correctly in a setting where the nfs exports list contains DNS host names (not in local hosts file) or netgroups served via network (for example sssd).
Typical failures listed by systemctl status nfs-server.service are:
Mar 08 14:16:52 server.example.com exportfs[844]: exportfs: Failed to resolve client1.example.com
Mar 08 14:16:52 server.example.com exportfs[844]: exportfs: Failed to resolve client2.example.com
Our workaround is to add the appropriate dependecies in /etc/systemd/system/nfs-server.service.d/dependencies.conf like so:
----------------------8<----------------------------
[Unit]
# nfs-server.service runs exportfs on startup, thus we need to be able to
# do host and netgroup lookups which requires network to be online.
After=network-online.target nss-lookup.target nss-user-lookup.target
----------------------8<----------------------------
While nfs-server.service do depend on network.target, that only means that the network has been configured. On physical hardware it can take significantly longer for the network to come online (8+ seconds for our 10G NICs). Also note that we configure static IP:s via systemd-networkd, things might behave differently when using DHCP, network-manager etc. In any case, depending on network.target is almost always wrong, and network-online.target is usually the right one.
nss-lookup.target is needed to ensure that DNS resolution works, and nss-user-lookup.target is the best approximation to ensure that netgroup resolution via sssd or equivalent works. Usually things "just works" even without these dependencies, but to ensure correct startup they should be present.
It should be noted that this seems to once have been fixed in Ubuntu, but has been lost along the way for quite some time. When googling I find for example https://code.launchpad.net/~ubuntu-branches/ubuntu/wily/nfs-utils/wily-201507271018/+merge/265946 that fixes the network.target vs network-online.target dependency, but it has since been lost in the wind it seems. |
[ Impact ]
nfs-server.service (part of the nfs-utils package) has insufficient dependencies to start correctly in a setting where the NFS exports list contains DNS hostnames (not in local hosts file) or netgroups served via network (for example sssd).
This issue can negatively impact users that, for example, cannot easily resort to using IP addresses directly in the /etc/exports file, and need to use hostnames instead in order to be able to mount NFS shares over the network.
[ Test Case ]
You can reproduce the issue by following the instructions below. Adjust the Ubuntu release on "images:ubuntu/hirsute" accordingly.
$ lxc launch images:ubuntu/hirsute nfs-utils-bug1918141 --vm
$ lxc shell nfs-utils-bug1918141
# apt update
# apt install -y nfs-kernel-server
# mkdir /testshare
# cat >> /etc/exports << EOF
/testshare ubuntu.com(ro,sync,no_subtree_check)
EOF
# systemctl edit --full systemd-networkd.service
You will have to:
- Comment out the "Wants=" line.
- Remove "network.target" from the "Before=" line.
- Add a new "After=fakenet.service" line.
- Add a new "Wants=fakenet.service" line.
- Add the following line in the "[Service]" section:
ExecStartPre=/bin/sleep 10
# systemctl edit --force --full fakenet.service
This new service file will contain:
[Unit]
Description=Fake network.target
DefaultDependencies=no
After=systemd-udevd.service network-pre.target systemd-sysusers.service systemd-sysctl.service
Before=network.target multi-user.target shutdown.target
Conflicts=shutdown.target
Wants=network.target
[Service]
Type=oneshot
ExecStart=/bin/true
[Install]
WantedBy=multi-user.target
# systemctl enable fakenet.service
# systemctl disable systemd-resolved
# systemctl mask systemd-resolved
# rm /etc/resolv.conf
# cat > /etc/resolv.conf << EOF
nameserver 8.8.8.8
EOF
# reboot
After a few seconds, you can enter the VM again:
$ lxc shell nfs-utils-bug1918141
# sleep 20 && systemctl status nfs-server.service
● nfs-server.service - NFS server and services
Loaded: loaded (/lib/systemd/system/nfs-server.service; enabled; vendor preset: enabled)
Active: active (exited) since Tue 2021-03-16 20:51:42 UTC; 39s ago
Process: 310 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Process: 311 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/SUCCESS)
Main PID: 311 (code=exited, status=0/SUCCESS)
Mar 16 20:51:41 nfs-utils-bug1918141 systemd[1]: Starting NFS server and services...
Mar 16 20:51:41 nfs-utils-bug1918141 exportfs[310]: exportfs: Failed to resolve ubuntu.com
Mar 16 20:51:41 nfs-utils-bug1918141 exportfs[310]: exportfs: Failed to resolve ubuntu.com
Mar 16 20:51:42 nfs-utils-bug1918141 systemd[1]: Finished NFS server and services.
As you can see, the service was started but exportfs failed to resolve the hostname.
[Where problems could occur]
This fix has been applied upstream for quite a while now, and is even part of a release, so it has been extensively tested by users and other distributions that have more recent nfs-utils. I cannot easily envision problems with the proposed changes but:
* If the user has manually modified the nfs-server.service file without taking proper precautions (i.e., editin the file directly on /lib/systemd/system/ instead of using "systemctl edit"), then he might experience a conflict when installing a new version of the file, and his modifications will be lost. However, this falls under the "local configuration issue", in my opinion.
[ Original Description ]
nfs-server.service has insufficient dependencies to start correctly in a setting where the nfs exports list contains DNS host names (not in local hosts file) or netgroups served via network (for example sssd).
Typical failures listed by systemctl status nfs-server.service are:
Mar 08 14:16:52 server.example.com exportfs[844]: exportfs: Failed to resolve client1.example.com
Mar 08 14:16:52 server.example.com exportfs[844]: exportfs: Failed to resolve client2.example.com
Our workaround is to add the appropriate dependecies in /etc/systemd/system/nfs-server.service.d/dependencies.conf like so:
----------------------8<----------------------------
[Unit]
# nfs-server.service runs exportfs on startup, thus we need to be able to
# do host and netgroup lookups which requires network to be online.
After=network-online.target nss-lookup.target nss-user-lookup.target
----------------------8<----------------------------
While nfs-server.service do depend on network.target, that only means that the network has been configured. On physical hardware it can take significantly longer for the network to come online (8+ seconds for our 10G NICs). Also note that we configure static IP:s via systemd-networkd, things might behave differently when using DHCP, network-manager etc. In any case, depending on network.target is almost always wrong, and network-online.target is usually the right one.
nss-lookup.target is needed to ensure that DNS resolution works, and nss-user-lookup.target is the best approximation to ensure that netgroup resolution via sssd or equivalent works. Usually things "just works" even without these dependencies, but to ensure correct startup they should be present.
It should be noted that this seems to once have been fixed in Ubuntu, but has been lost along the way for quite some time. When googling I find for example https://code.launchpad.net/~ubuntu-branches/ubuntu/wily/nfs-utils/wily-201507271018/+merge/265946 that fixes the network.target vs network-online.target dependency, but it has since been lost in the wind it seems. |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Bionic |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
bug task added |
|
nfs-utils (Ubuntu Bionic) |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Focal |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
bug task added |
|
nfs-utils (Ubuntu Focal) |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Hirsute |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
bug task added |
|
nfs-utils (Ubuntu Hirsute) |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
nominated for series |
|
Ubuntu Groovy |
|
| 2021-03-16 21:05:03 |
Sergio Durigan Junior |
bug task added |
|
nfs-utils (Ubuntu Groovy) |
|
| 2021-03-16 21:05:18 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Bionic): status |
New |
Confirmed |
|
| 2021-03-16 21:05:20 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Focal): status |
New |
Confirmed |
|
| 2021-03-16 21:05:23 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Groovy): status |
New |
Confirmed |
|
| 2021-03-16 21:05:25 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Bionic): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2021-03-16 21:05:27 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Groovy): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2021-03-16 21:05:30 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Focal): assignee |
|
Sergio Durigan Junior (sergiodj) |
|
| 2021-03-16 21:48:49 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/nfs-utils/+git/nfs-utils/+merge/399744 |
|
| 2021-03-16 21:52:21 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/nfs-utils/+git/nfs-utils/+merge/399747 |
|
| 2021-03-16 21:55:16 |
Launchpad Janitor |
merge proposal linked |
|
https://code.launchpad.net/~sergiodj/ubuntu/+source/nfs-utils/+git/nfs-utils/+merge/399749 |
|
| 2021-03-17 01:12:54 |
Launchpad Janitor |
nfs-utils (Ubuntu Hirsute): status |
Confirmed |
Fix Released |
|
| 2021-03-25 02:43:46 |
Robie Basak |
tags |
rls-hh-incoming |
network-online-ordering rls-hh-incoming |
|
| 2021-03-25 02:56:45 |
Robie Basak |
bug watch added |
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878109 |
|
| 2021-03-25 02:57:07 |
Robie Basak |
bug |
|
|
added subscriber Robie Basak |
| 2021-05-11 13:04:56 |
Andreas Hasenack |
bug |
|
|
added subscriber Andreas Hasenack |
| 2021-07-28 23:18:33 |
Brian Murray |
nfs-utils (Ubuntu Groovy): status |
Confirmed |
Won't Fix |
|
| 2021-09-12 23:42:24 |
Sergio Durigan Junior |
nfs-utils (Ubuntu): assignee |
Sergio Durigan Junior (sergiodj) |
|
|
| 2021-09-12 23:42:27 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Bionic): assignee |
Sergio Durigan Junior (sergiodj) |
|
|
| 2021-09-12 23:42:29 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Focal): assignee |
Sergio Durigan Junior (sergiodj) |
|
|
| 2021-09-12 23:42:30 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Groovy): assignee |
Sergio Durigan Junior (sergiodj) |
|
|
| 2021-09-12 23:42:32 |
Sergio Durigan Junior |
nfs-utils (Ubuntu Hirsute): assignee |
Sergio Durigan Junior (sergiodj) |
|
|
