Bug 1458913

Summary: gssproxy silently dies at startup if config files contain duplicate sections
Product: Red Hat Enterprise Linux 7 Reporter: James Ralston <ralston>
Component: gssproxyAssignee: Robbie Harwood <rharwood>
Status: CLOSED ERRATA QA Contact: Michal Reznik <mreznik>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 7.4CC: enewland, fs-qe, ksiddiqu, mkosek, mreznik, pasik, yoyang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://pagure.io/gssproxy/issue/194
Whiteboard:
Fixed In Version: gssproxy-0.7.0-11.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 11:09:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1469759    
Bug Blocks: 1420851, 1472344    
Attachments:
Description Flags
1458913 _ver none

Description James Ralston 2017-06-05 19:49:18 UTC 
Description of problem:

The RHEL 7.4 beta includes gssproxy-0.7.0-3.el7, which includes the ability to have multiple configuration files.

Unfortunately, this version of gssproxy will also silently die at startup if the same section is defined more than once in any configuration file.

To make this worse, gssproxy-0.7.0-3.el7 includes a new /etc/gssproxy/99-nfs-client.conf file, which includes a [service/nfs-client] section definition.

This means that for any site that is already using gssproxy on NFSv4 clients, and has thus already has a [service/nfs-client] section in /etc/gssproxy.conf, upgrading to gssproxy-0.7.0-3.el7 will cause gssproxy to stop working on that host.

Version-Release number of selected component (if applicable):

gssproxy-0.7.0-3.el7

How reproducible:

Replicate the contents of /etc/gssproxy/99-nfs-client.conf in the /etc/gssproxy.conf file.

Actual results:

gssproxy will silently die at startup without logging any error message whatsoever, even if debugging is enabled.

Expected results:

gssproxy should emit a warning that it is ignoring the duplicate [service/nfs-client] section definition, but still start up successfully.

Additional info:

While permitting multiple gssproxy configuration files is a welcome feature, the presence of multiple configuration files increases the chances of gssproxy encountering duplicate section definitions.

For that reason, gssproxy *must* cope reasonably when it encounters duplicate section definition. And "silently dying without logging anything whatsoever" is not a reasonable way to cope with duplicate section definitions.
Comment 2 Robbie Harwood 2017-06-06 16:25:12 UTC 
Users are expected to manage configuration files on update with rpmnew/rpmsave.  We'll fix the silent part.
Comment 3 James Ralston 2017-06-06 18:22:54 UTC 
(In reply to Robbie Harwood from comment #2)

> Users are expected to manage configuration files on update with
> rpmnew/rpmsave.

But rpmnew/rpmsave files won't prevent a package from contributing a new /etc/gssproxy/*.conf file that breaks gssproxy because the new file contains a section name that was already defined in another /etc/gssproxy/*.conf file.

> We'll fix the silent part.

Thanks, but the core issue is that gssproxy dies if it encounters duplicate section names. The fact that it does so silently is annoying, but not the main problem.

(See my comments on <https://pagure.io/gssproxy/issue/194>.)
Comment 4 Robbie Harwood 2017-06-07 15:48:54 UTC 
Please keep comments on one bugtracker or the other.  Moving to pagure for discussion.  Thanks!
Comment 7 Michal Reznik 2018-01-12 11:25:56 UTC 
Created attachment 1380399 [details]
1458913 _ver
Comment 8 Michal Reznik 2018-01-12 11:26:48 UTC 
Verified on:

ipa-server-4.5.4-7.el7.x86_64
gssproxy-0.7.0-17.el7.x86_64
Comment 11 errata-xmlrpc 2018-04-10 11:09:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0709