Hi, I was having trouble setting up NFS on atomic host (http://www.projectatomic.io/). It turns out that there is a problem when rpcbind is trying to find the uid of the rpc user. OSTree based operating systems store user information for systems users such as the rpc user in /usr/lib/passwd and leaves /etc/passwd for humans users. This is achieved by the use the nss module nss-altfiles (https://apps.fedoraproject.org/packages/nss-altfiles) which allows one to specify additional files to be added the the passwd database. rpcbind however overrides the rule added to /etc/nsswitch.conf and removes altfiles by doing the following: __nss_configure_lookup("passwd", "files"); This is done presumably to avoid checking remote users, but I was wondering if its possible to add altfiles as follows: ~~~~~~ --- src/rpcbind.c +++ src/rpcbind.c @@ -226,7 +226,7 @@ main(int argc, char *argv[]) * Make sure we use the local password file * for these lookups. */ - __nss_configure_lookup("passwd", "files"); + __nss_configure_lookup("passwd", "files altfiles"); if((p = getpwnam(id)) == NULL) { syslog(LOG_ERR, "cannot get uid of '%s': %m", id); ~~~~~~ If altfiles is not present it is simply ignored WDYT ?
Created attachment 953168 [details] A proper patch
(In reply to Sami Wagiaalla from comment #1) > Created attachment 953168 [details] > A proper patch Could please post the patch (minus the spec file changes) to libtirpc-devel.net and linux-nfs.org mailing lists, using the correct patch formats which is defined in https://www.kernel.org/doc/Documentation/SubmittingPatches
Another approach would be a build-time configure option that would be usable by the distribution. For example: ./configure --with-nss-modules="files altfiles" could be used in Fedora, and would allow any other OS vendor who has custom NSS configuration. Note due to the way NSS works it's fine for Fedora to add altfiles, it will be harmless if nss-altfiles is not installed.
(In reply to Steve Dickson from comment #2) > (In reply to Sami Wagiaalla from comment #1) > > Created attachment 953168 [details] > > A proper patch > > Could please post the patch (minus the spec file changes) > to libtirpc-devel.net and linux-nfs.org > mailing lists, using the correct patch formats which is defined in > https://www.kernel.org/doc/Documentation/SubmittingPatches Thanks for the pointers! I will post a patch upstream. (In reply to Colin Walters from comment #3) > Another approach would be a build-time configure option that would be usable > by the distribution. For example: > > ./configure --with-nss-modules="files altfiles" could be used in Fedora, and > would allow any other OS vendor who has custom NSS configuration. > Ah! that would be more applicable upstream than hard-coding in altfiles. I will post a patch to that effect upstream as Steve suggested
Patch posted upstream: https://sourceforge.net/p/libtirpc/mailman/message/33015641/
rpcbind-0.2.1-4.0.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/rpcbind-0.2.1-4.0.fc21
Created attachment 955950 [details] use --with-nss-modules to add 'altfiles' Now that the configuration option is upstream this patch uses the option to enable the altfiles modules
Package rpcbind-0.2.1-4.0.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rpcbind-0.2.1-4.0.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-14782/rpcbind-0.2.1-4.0.fc21 then log in and leave karma (feedback).
rpcbind-0.2.1-4.0.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Hmmm.. the bug was closed by the Fedora Update System but the issue is not quite addressed yet. The updated rpm contains the configuration option for adding nss modules but the configuration in the specfile must be updated to include altfiles as per attachment 955950 [details]
So, it actually works in rawhide, due to a chain of *other* bugs =) The history here is pretty funny actually. First, we have: http://git.infradead.org/users/steved/rpcbind.git/commit/8d7a0708f14b22df100d64bcadfb66598052a950 A patch from a Gentoo developer to clean up the autotools, and notably drops the HAVE_NSS_H check. Next we have: http://git.infradead.org/users/steved/rpcbind.git/commitdiff/c4814d539434391df4dfa61551e5e2e96947326d?hp=86036582c001e99075f4d74cb3829df39f2a9ddf A patch from a different Gentoo developer which relies on the HAVE_NSS_H check that was removed a little more than two years (!) earlier. Of course, in between there were a grand total of 9 commits. About a half a year later, we have the commit for this bug: http://git.infradead.org/users/steved/rpcbind.git/commit/d30515b11bea3171b2ba0373f0eda132992538b7 I'm sure Sami tested it, and noticed it worked, but because he was forward-porting a patch, didn't notice it worked *without* his patch too. Anyways so, two action items: 1) Reintroduce the HAVE_NSS_H check in configure.ac 2) Fix the Fedora spec file as Sami says in comment #10
Created attachment 965215 [details] 0001-build-sys-Reintroduce-check-for-nss.h.patch
> I'm sure Sami tested it, and noticed it worked, but because he was > forward-porting a patch, didn't notice it worked *without* his patch too. > Hmm.. I tested this agian to make sure. Unless I am missing something rpcbind only starts with the patch to the specfile adding altfiles. As far as I can tell HAVE_NSS is only used to decide whether to define the __nss_configure_lookup function prototype if the header is not available to define it. So the only patch which is needed is attachment 955950 [details]
This bug appears to have been reported against 'rawhide' during the Fedora 22 development cycle. Changing version to '22'. More information and reason for this action is here: https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora22
I just stepped over this problem when trying to setup a container using NFS on the latest Fedora 22 Atomic image which is using rpcbind-0.2.3-0.1.fc22.x86_64. A quick look into the Koji build [1] logs reveals that the mentioned configure option is still missing. I would appreciate when this bug could be fixed, as it makes the Fedora Atomic image currently useless for containers requiring persistent storage via NFS. [1]: https://kojipkgs.fedoraproject.org//packages/rpcbind/0.2.3/0.1.fc22/data/logs/x86_64/build.log
FYI this isn't fixed yet in either rawhide or F23 [1]: [1] - http://pkgs.fedoraproject.org/cgit/rpcbind.git/tree/rpcbind.spec?h=f23
rpcbind-0.2.3-0.3.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2015-9eee2fbc78
rpcbind-0.2.3-0.3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update rpcbind' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-9eee2fbc78
rpcbind-0.2.3-0.4.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update rpcbind' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-36b145bd37
rpcbind-0.2.3-0.4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
rpcbind-0.2.3-0.3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.