Bug 1952863

Summary: RHEL9 - default kernel config
Product: Red Hat Enterprise Linux 9 Reporter: Benjamin Coddington <bcodding>
Component: kernelAssignee: Benjamin Coddington <bcodding>
kernel sub component: NFS QA Contact: JianHong Yin <jiyin>
Status: CLOSED ERRATA Docs Contact: Michal Stubna <mstubna>
Severity: unspecified    
Priority: unspecified CC: ajmitchell, bxue, hkrzesin, jiyin, lkuprova, smayhew, steved, xzhou, yieli, yoyang
Version: 9.0Keywords: Triaged
Target Milestone: betaFlags: pm-rhel: mirror+
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: kernel-5.14.0-40.el9 Doc Type: Enhancement
Doc Text:
.Changes in the NFS client and server in RHEL 9 * RHEL 9.0 NFS server and client no longer support the insecure GSS Kerberos 5 encryption type `des-cbc-crc`. * NFS client no longer supports mounting filesystems using UDP transports.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-17 15:38:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1888950    

Description Benjamin Coddington 2021-04-23 12:01:15 UTC 
Let's get started on the right foot with exactly the kernel config we want in RHEL9 for nfsd, nfs, lockd, and sunrpc.

Here's my shortlist of config changes I'd like to see in RHEL9:

NFS_V2 unset
NFS_DISABLE_UDP_SUPPORT set
CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set
Comment 1 Murphy Zhou 2021-04-25 01:50:05 UTC 
(In reply to Benjamin Coddington from comment #0)
> Let's get started on the right foot with exactly the kernel config we want
> in RHEL9 for nfsd, nfs, lockd, and sunrpc.
> 
> Here's my shortlist of config changes I'd like to see in RHEL9:
> 
> NFS_V2 unset
> NFS_DISABLE_UDP_SUPPORT set
> CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set

Hi Benjamin, could your elaborate more on the impact of each option disable/enable. We need to document this kind of change, especially when it is different with the last release ?

Thanks!
Comment 2 Steve Dickson 2021-08-30 18:45:03 UTC 
(In reply to Benjamin Coddington from comment #0)
> Let's get started on the right foot with exactly the kernel config we want
> in RHEL9 for nfsd, nfs, lockd, and sunrpc.
> 
> Here's my shortlist of config changes I'd like to see in RHEL9:
> 
> NFS_V2 unset
This is alread unset.

> NFS_DISABLE_UDP_SUPPORT set
> CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set
Both of these need to be set.

Here is the difference between upstream (f35) and RHEL9

- Fedora, + RHEL9

-CONFIG_NFS_SWAP=y
+# CONFIG_NFS_SWAP is not set

-CONFIG_NFSD_BLOCKLAYOUT=y
+# CONFIG_NFSD_BLOCKLAYOUT is not set

-CONFIG_NFSD_FLEXFILELAYOUT=y
-CONFIG_NFSD_V4_2_INTER_SSC=y
+# CONFIG_NFSD_FLEXFILELAYOUT is not set
+# CONFIG_NFSD_V4_2_INTER_SSC is not set

-CONFIG_SUNRPC_SWAP=y

+# Does not exist in RHEL9 config
Comment 3 Scott Mayhew 2021-08-31 11:45:23 UTC 
(In reply to Steve Dickson from comment #2)
> (In reply to Benjamin Coddington from comment #0)
> > Let's get started on the right foot with exactly the kernel config we want
> > in RHEL9 for nfsd, nfs, lockd, and sunrpc.
> > 
> > Here's my shortlist of config changes I'd like to see in RHEL9:
> > 
> > NFS_V2 unset
> This is alread unset.
> 
> > NFS_DISABLE_UDP_SUPPORT set
> > CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES set
> Both of these need to be set.
> 
> Here is the difference between upstream (f35) and RHEL9
> 
> - Fedora, + RHEL9
> 
> -CONFIG_NFS_SWAP=y
> +# CONFIG_NFS_SWAP is not set
> 
> -CONFIG_NFSD_BLOCKLAYOUT=y
> +# CONFIG_NFSD_BLOCKLAYOUT is not set

We don't want to enable block layout.  Block layout requires the admin to write their own fencing script.  SCSI layout uses block layout but with the added benefit that it handles fencing automatically.

> 
> -CONFIG_NFSD_FLEXFILELAYOUT=y
> -CONFIG_NFSD_V4_2_INTER_SSC=y
> +# CONFIG_NFSD_FLEXFILELAYOUT is not set

We don't want to enable flexfile layout.  It was just an experimental feature for testing flexfile LAYOUTGET and GETDEVICEINFO ops and isn't useful for doing real work.

> +# CONFIG_NFSD_V4_2_INTER_SSC is not set
> 
> -CONFIG_SUNRPC_SWAP=y
> 
> +# Does not exist in RHEL9 config
Comment 5 Benjamin Coddington 2021-10-28 13:43:49 UTC 
We're going to want CONFIG_NFS_V4_2_READ_PLUS as well, see bug 1801457, but we should take the change to toggle that define over there.
Comment 32 errata-xmlrpc 2022-05-17 15:38:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: kernel), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3907