Bug 1762847
| Summary: | RHEL8: rpc.gssd crashes when gssproxy is used and the RPCSEC_GSS library debug is enabled | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Jacob Shivers <jshivers> |
| Component: | nfs-utils | Assignee: | Steve Dickson <steved> |
| Status: | CLOSED ERRATA | QA Contact: | Yongcheng Yang <yoyang> |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 8.0 | CC: | dwysocha, steved, xzhou, yoyang |
| Target Milestone: | rc | Flags: | dwysocha:
mirror+
|
| Target Release: | 8.2 | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | nfs-utils-2.3.3-28.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-04-28 16:51:05 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jacob Shivers
2019-10-17 16:12:03 UTC
I can confirm that this crash behavior is also present in RHEL8: # mount ad-nfs-server.example.net:/secure /mnt/secure/ -o sec=krb5,vers=4.1 mount.nfs: access denied by server while mounting ad-nfs-server.example.net:/secure [root@rhel-80 ~] # systemctl status rpc-gssd ● rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; bad; vendor preset: disabled) Active: failed (Result: exit-code) since Mon 2019-10-14 11:48:42 EDT; 5s ago Process: 1438 ExecStart=/usr/sbin/rpc.gssd -r (code=exited, status=0/SUCCESS) Main PID: 1440 (code=exited, status=1/FAILURE) Oct 14 11:48:15 rhel-80.example.net systemd[1]: Stopped RPC security service for NFS client and server. Oct 14 11:48:15 rhel-80.example.net systemd[1]: Starting RPC security service for NFS client and server... Oct 14 11:48:15 rhel-80.example.net rpc.gssd[1438]: libtirpc: debug level 1 Oct 14 11:48:15 rhel-80.example.net systemd[1]: Started RPC security service for NFS client and server. Oct 14 11:48:42 rhel-80.example.net systemd[1]: rpc-gssd.service: Main process exited, code=exited, status=1/FAILURE Oct 14 11:48:42 rhel-80.example.net systemd[1]: rpc-gssd.service: Failed with result 'exit-code'. On a side-note, there is not a facility to adjust/enable rpc.gssd arguments in /etc/nfsmount.conf comparable to what was present in /etc/sysconfig/nfs. Unless I am missing something, it is required to edit the systemd unit file to enable debugging/increased verbosity. This behavior is also reproducible in the RHEL 8.1 beta. Steve is this on your radar screen? Support needs this in rhel8 otherwise it will be very difficult to troubleshoot rpc.gssd issues. I just ran into this when testing https://bugzilla.redhat.com/show_bug.cgi?id=1776067 but it was not material to my troubleshooting of that problem. This does not require AD to reproduce. (In reply to Dave Wysochanski from comment #3) > Steve is this on your radar screen? Support needs this in rhel8 otherwise > it will be very difficult to troubleshoot rpc.gssd issues. > > I just ran into this when testing > https://bugzilla.redhat.com/show_bug.cgi?id=1776067 but it was not material > to my troubleshooting of that problem. It is now... :-) Verified in nfs-utils-2.3.3-28.el8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://beaker.engineering.redhat.com/recipes/7622339#task102805589 ------------------------------------------------------------------- [01:14:17 root@ ~~]# cat /etc/nfs.conf [gssd] use-gss-proxy=yes verbosity=3 rpc-verbosity=3 <<<<<<<<<<<<<< [01:14:17 root@ ~~]# service_rpcgssd restart Redirecting to /bin/systemctl restart rpc-gssd.service [01:14:17 root@ ~~]# service_rpcgssd status Redirecting to /bin/systemctl status rpc-gssd.service * rpc-gssd.service - RPC security service for NFS client and server Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled) Active: active (running) since Wed 2019-11-27 01:14:17 EST; 50ms ago Process: 8554 ExecStart=/usr/sbin/rpc.gssd (code=exited, status=0/SUCCESS) Main PID: 8555 (rpc.gssd) Tasks: 1 (limit: 23978) Memory: 856.0K CGroup: /system.slice/rpc-gssd.service `-8555 /usr/sbin/rpc.gssd Nov 27 01:14:17 rhel-8.2.redhat.com systemd[1]: Starting RPC security service for NFS client and server... Nov 27 01:14:17 rhel-8.2.redhat.com rpc.gssd[8554]: libtirpc: debug level 3 Nov 27 01:14:17 rhel-8.2.redhat.com rpc.gssd[8555]: doing a full rescan Nov 27 01:14:17 rhel-8.2.redhat.com systemd[1]: Started RPC security service for NFS client and server. [01:14:18 root@ ~~]# mount -t nfs4 -o sec=krb5 rhel-8.2.redhat.com:/exportDir-krb5-common-local /mnt/nfsmp-krb5-common-local [01:14:18 root@ ~~]# cat /proc/mounts | grep /mnt/nfsmp-krb5-common-local rhel-8.2.redhat.com:/exportDir-krb5-common-local /mnt/nfsmp-krb5-common-local nfs4 rw,relatime,vers=4.2,rsize=524288,wsize=524288,namlen=255,hard,proto=tcp6,timeo=600,retrans=2,sec=krb5,clientaddr=2620:52:0:1038:5054:ff:fef0:94af,local_lock=none,addr=2620:52:0:1038:5054:ff:fef0:94af 0 0 [01:14:18 root@ ~~]# umount /mnt/nfsmp-krb5-common-local Compared with previous 2.3.3-27.el8 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ https://beaker.engineering.redhat.com/recipes/7622340#task102805592 ... [07:43:05 root@ ~~]# mount -t nfs4 -o sec=krb5 kvm-02-guest02.rhts.eng.brq.redhat.com:/exportDir-krb5-common-local /mnt/nfsmp-krb5-common-local mount.nfs4: an incorrect mount option was specified Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1832 |