Bug 1017488 - nsswitch.conf bootparams points to nisplus causing problems during boot
nsswitch.conf bootparams points to nisplus causing problems during boot
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
26
All Linux
unspecified Severity high
: ---
: ---
Assigned To: glibc team
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-09 22:48 EDT by Bob Gleitsmann
Modified: 2017-08-09 05:12 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-08 23:00:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bob Gleitsmann 2013-10-09 22:48:43 EDT
Description of problem:
nsswitch.conf has first choice for bootparams set to nisplus. If machine is connected to a network with no nisplus server set up, boot is delayed while waiting for non-existent server to respond.

Version-Release number of selected component (if applicable):
glibc-2.17-14.fc19.x86_64, possibly earlier

How reproducible:
Completely

Steps to Reproduce:
1.Turn on machine attached to network with no nisplus server.
2.
3.

Actual results:
Boot hangs, kdm must be manually restarted to get login screen.

Expected results:
Machine boots normally

Additional info:
nisplus should not be set as a default in nsswitch.conf. People who need it will know and know how to turn it on. People that don't have nisplus will be mystified as to why their machine takes so long to boot.
Comment 1 Siddhesh Poyarekar 2013-10-10 01:21:32 EDT
nisplus is not in nsswitch.conf by default.
Comment 3 Siddhesh Poyarekar 2013-10-17 00:58:29 EDT
I misread the report - nisplus is indeed set in bootparams.  Sorry about the confusion.
Comment 4 Fedora End Of Life 2015-01-09 15:11:23 EST
This message is a notice that Fedora 19 is now at end of life. Fedora 
has stopped maintaining and issuing updates for Fedora 19. It is 
Fedora's policy to close all bug reports from releases that are no 
longer maintained. Approximately 4 (four) weeks from now this bug will
be closed as EOL if it remains open with a Fedora 'version' of '19'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 19 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.
Comment 5 Jaroslav Reznik 2015-03-03 10:07:51 EST
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle.
Changing version to '22'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
Comment 6 Fedora End Of Life 2016-07-19 14:58:53 EDT
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.
Comment 7 Florian Weimer 2016-07-19 15:19:08 EDT
We cannot reproduce this.  Bob, does your system have a NIS configuration?

I'm not sure what processes the bootparams line.  As far as I can tell, glibc ignores it, and nss_nisplus does not actually provide facilities for it.
Comment 8 Jan Kurik 2016-07-26 00:09:11 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Comment 9 Fedora End Of Life 2017-02-28 04:35:16 EST
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle.
Changing version to '26'.
Comment 10 Edgar Hoch 2017-07-31 16:34:50 EDT
I use this bug report because the described problem is a subproblem of my description here.


glibc-2.25-7.fc26.src.rpm contains file nsswitch.conf which has predefined active nisplus entries:

$ grep nisplus nsswitch.conf 
#	nisplus			Use NIS+ (NIS version 3)
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis
#hosts:     db files nisplus nis dns
# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
netgroup:   nisplus sss
publickey:  nisplus
automount:  files nisplus
aliases:    files nisplus


I think that nisplus is unsupported sinca a very long time? Is this right?

Also note that authconfig has no option to enable or disable nisplus.

I suggest to remove all nisplus entries in file nsswitch.conf, at least the uncommented entries. In the commented entries nisplus may be replaced by nis (if nis is not already contained in the line).
Comment 11 Carlos O'Donell 2017-08-08 23:00:33 EDT
(In reply to Edgar Hoch from comment #10)
> I think that nisplus is unsupported sinca a very long time? Is this right?

We still support the nis+ NSS service module, but you need to install the nss_nis package (provided by glibc) to have access to that NSS service module, otherwise the entry is ignored. We have split nis support out of the core glibc package on purpose so we can carry out a smoother deprecation at some point in the future.

Regarding the original bug, we were never able to reproduce any boot slowdown, unless you have a NIS+ server on the network and it doesn't respond to your clients (misconfiguration). Therefore I'm marking this CLOSED/INSUFFICIENT_DATA.
Comment 12 Edgar Hoch 2017-08-09 00:07:27 EDT
Ok, I understand, nis+ client is still supported. But there is no nis+ server package available for Fedora, right?

I have installed package nss_nis, because we use nis.

We have boot delays when a host is configured as nis client and no nis server is responding (for example, because network connection is down). I thought that the same will occur for nis+, if configured.

But nisplus is not configured by default for entries like hosts, passwd, group, etc. So no delay occurs.

bootparams, publickey and netgroup are not used by services that would delay booting so I think this should not delay booting. But programs and services that uses them may be delayed, until timeout?

automount and aliases have "files" in first position, so they will not delay if searched entry is found in local files. A delay on nonexistent entries (which are also searched in "nisplus") doesn't matter.


I am wondering why only some (uncommented) lines have "nisplus" service configured, but why not either all (e.g. hosts, passwd, group, etc. too) or no lines? I think uncommented lines in nsswitch.conf should only contain services that are available for use. I think that in many - almost all (?) - network environments where Fedora is used there is no nis+ server available. I think all (uncommented) lines in /etc/nsswitch.conf should have only "files" as default service. Services like nis, ldap, etc. can added by authconfig (or sed, in case of nisplus). This would provide a cleaner configuration.

For our hosts I remove unused nisplus services in nsswitch.conf, so it is not really a problem for me. But I thought that a clean configuration by predefined by system would be better.
Comment 13 Florian Weimer 2017-08-09 05:12:58 EDT
(In reply to Edgar Hoch from comment #12)
> Ok, I understand, nis+ client is still supported. But there is no nis+
> server package available for Fedora, right?
> 
> I have installed package nss_nis, because we use nis.
> 
> We have boot delays when a host is configured as nis client and no nis
> server is responding (for example, because network connection is down). I
> thought that the same will occur for nis+, if configured.

We know of some issues in this area (unrelated to nisplus), but it's extremely unlikely this is caused by listing nisplus under bootparams (as the summary says), which makes this bug a little confusing.

Are you able to reproduce this on a system which can be rebooted frequently, so that we have a chance of tracking this down?  

> I am wondering why only some (uncommented) lines have "nisplus" service
> configured, but why not either all (e.g. hosts, passwd, group, etc. too) or
> no lines? I think uncommented lines in nsswitch.conf should only contain
> services that are available for use. I think that in many - almost all (?) -
> network environments where Fedora is used there is no nis+ server available.
> I think all (uncommented) lines in /etc/nsswitch.conf should have only
> "files" as default service. Services like nis, ldap, etc. can added by
> authconfig (or sed, in case of nisplus). This would provide a cleaner
> configuration.

There is some disagreement about listing unused services.  But I agree that listing nisplus is pointless these days.

Note You need to log in before you can comment on or make changes to this bug.