Bug 1655880
| Summary: | 'rpm --verify nfs-utils' fail as mode on /etc/nfs.conf differ after nfsconvert executed | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Yongcheng Yang <yoyang> | |
| Component: | nfs-utils | Assignee: | Steve Dickson <steved> | |
| Status: | CLOSED ERRATA | QA Contact: | Yongcheng Yang <yoyang> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | 8.0 | CC: | ajmitchell, rkudyba, stefw, toneata, xzhou, yoyang | |
| Target Milestone: | rc | Keywords: | Reproducer, ZStream | |
| Target Release: | 8.1 | Flags: | pm-rhel:
mirror+
|
|
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | nfs-utils-2.3.3-17.el8 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1690266 (view as bug list) | Environment: | ||
| Last Closed: | 2019-11-05 22:18:26 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1653927, 1681972 | |||
| Bug Blocks: | 1690266 | |||
|
Description
Yongcheng Yang
2018-12-04 07:38:37 UTC
(In reply to Yongcheng Yang from comment #0) Maybe only the "Mode differs" should be resolved. > [root ~]# yum reinstall -y nfs-utils >/dev/null > [root ~]# rpm -V nfs-utils > SM5....T. c /etc/nfs.conf <<<<<<<<<<<<<<<<<<< > S.5....T. c /etc/sysconfig/nfs <<<<<<<<<<<<<<<<<<< ^^^^^^^^^^^^^^^^ JFYI. from rpm(8) manpage: S file Size differs M Mode differs (includes permissions and file type) 5 digest (formerly MD5 sum) differs ... T mTime differs I created https://bugzilla.redhat.com/show_bug.cgi?id=1665536 with a similar issue except the nfs-convert.service is missing. (In reply to Yongcheng Yang from comment #0) > Description of problem: > > As Bug 1646626 (Use systemd scripts to convert NFS configurations) tracks, > we'are using a new nfs-convert.service to convert the obsolete > /etc/sysconfig/nfs to /etc/nfs.conf now. > > On a freshly installed rhel8, looks like the converting doesn't execute > (don't know if it's designed to this) until we call it explicitly, e.g. > "systemctl start nfs-convert", "./usr/libexec/nfs-utils/nfsconvert.sh", > "./usr/sbin/nfsconvert", or just "yum reinstall nfs-utils". And then we can > find "rpm -V nfs-utils" emits warnings as both config files are modified. > Especially the mode of nfs.conf is changed from "644" to "600"! > > I just file a separate bug here as maybe this warning is as expected. And we > may need release note or some others to explain when asked. > > > Version-Release number of selected component (if applicable): > since nfs-utils-2.3.3-7.el8 Please try nfs-utils-2.3.3-8.el8 which is the latest version (In reply to Steve Dickson from comment #3) The problem still exists in the nfs-utils-2.3.3-8.el8: ~~~~~~~~~~~~~~~~~~~~~~~~~ [root~]# rpm -q nfs-utils nfs-utils-2.3.3-8.el8.x86_64 [root~]# rpm -V nfs-utils [root~]# ls -l /etc/sysconfig/nfs /etc/nfs.conf -rw-r--r--. 1 root root 968 Dec 12 14:14 /etc/nfs.conf -rw-r--r--. 1 root root 885 Dec 12 14:14 /etc/sysconfig/nfs [root~]# lsattr /etc/sysconfig/nfs /etc/nfs.conf ------------------ /etc/sysconfig/nfs ------------------ /etc/nfs.conf [root~]# systemctl restart nfs-convert ^^^^^^^^^^^^^^^^^^^^^^^ executing the conversion script [root~]# rpm -V nfs-utils SM5....T. c /etc/nfs.conf S.5....T. c /etc/sysconfig/nfs [root~]# ls -l /etc/sysconfig/nfs /etc/nfs.conf -rw-------. 1 root root 972 Jan 17 00:29 /etc/nfs.conf -rw-r--r--. 1 root root 203 Jan 17 00:29 /etc/sysconfig/nfs [root~]# lsattr /etc/sysconfig/nfs /etc/nfs.conf ----i------------- /etc/sysconfig/nfs ------------------ /etc/nfs.conf [root~]# Changing to request RHEL 8.1 as this may not make 8.0 for now. The S and 5 are unavoidable, the purpose of the script is to modify those files. The +i on /etc/sysconfig/nfs is intentional, the end of nfsconvert.sh says: # If successful, make the file immutable. # This is to ensure that configuration management # software gets an error trying to modify it. The mode on /etc/nfs.conf is probably best fixed by adding a chmod onto nfsconvert.sh when it does the chattr. As Bug 1673685 fixed, file /etc/sysconfig/nfs is dropped (together with its immutable bits) after nfs-utils version -12.el8 So the only thing we need to update is mode changing of /etc/nfs.conf Here is the latest testing log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [root~]# rpm -q nfs-utils nfs-utils-2.3.3-13.el8.x86_64 [root~]# rpm -V nfs-utils [root~]# ls -l /etc/sysconfig/nfs /etc/nfs.conf ls: cannot access '/etc/sysconfig/nfs': No such file or directory -rw-r--r--. 1 root root 968 Feb 12 10:28 /etc/nfs.conf ^^^^^^^^^^^ [root~]# lsattr /etc/nfs.conf ------------------ /etc/nfs.conf [root~]# echo 'RPCNFSDARGS="-N4"' > /etc/sysconfig/nfs [root~]# systemctl restart nfs-server <---- will call nfsconvert script [root~]# systemctl status nfs-convert ● nfs-convert.service - Preprocess NFS configuration convertion Loaded: loaded (/usr/lib/systemd/system/nfs-convert.service; enabled; vendor preset: disabled) Active: inactive (dead) since Fri 2019-02-15 00:15:10 EST; 5s ago Process: 20141 ExecStart=/usr/libexec/nfs-utils/nfsconvert.sh (code=exited, status=0/SUCCESS) Main PID: 20141 (code=exited, status=0/SUCCESS) Feb 15 00:15:10 hp-dl388g8-03.rhts.eng.pek2.redhat.com systemd[1]: Starting Preprocess NFS configuration convertion... Feb 15 00:15:10 hp-dl388g8-03.rhts.eng.pek2.redhat.com systemd[1]: Started Preprocess NFS configuration convertion. [root~]# ls -l /etc/sysconfig/nfs /etc/nfs.conf ls: cannot access '/etc/sysconfig/nfs': No such file or directory -rw-------. 1 root root 978 Feb 15 00:15 /etc/nfs.conf ^^^^^^^^^^^ [root~]# lsattr /etc/nfs.conf ------------------ /etc/nfs.conf [root~]# rpm -V nfs-utils SM5....T. c /etc/nfs.conf ^ <--- M Mode differs (includes permissions and file type) .....UG.. g /var/lib/nfs/statd/state [root~]# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Thanks for the explanation. (In reply to Justin Mitchell from comment #6) > The S and 5 are unavoidable, the purpose of the script is to modify those > files. > The +i on /etc/sysconfig/nfs is intentional, the end of nfsconvert.sh says: > # If successful, make the file immutable. > # This is to ensure that configuration management > # software gets an error trying to modify it. > > The mode on /etc/nfs.conf is probably best fixed by adding a chmod onto > nfsconvert.sh when it does the chattr. Looks like it's an issue we can fix, I'm updating summary now. P.s. The testcase won't cover this issue as nfsconvert only be triggered when appropriate (Bug 1673685). Will test it by hand. Is this still a problem? (In reply to Steve Dickson from comment #8) > Is this still a problem? Yes! After nfsconvert, mode of file "/etc/nfs.conf" has been changed from 644 (rw-r--r--) to 600 (rw-------): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [root~]# rpm -q nfs-utils nfs-utils-2.3.3-14.el8.x86_64 [root~]# ls -l /etc/nfs.conf -rw-r--r--. 1 root root 968 Feb 15 09:39 /etc/nfs.conf [root~]# echo 'RPCNFSDARGS="-N4"' > /etc/sysconfig/nfs [root~]# /usr/sbin/nfsconvert [root~]# ls -l /etc/nfs.conf -rw-------. 1 root root 978 Feb 25 21:50 /etc/nfs.conf [root~]# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I cannot find out where the modification takes effect. However, maybe we can just change it back using chmod as Justin says. (In reply to Justin Mitchell from comment #6) > > The mode on /etc/nfs.conf is probably best fixed by adding a chmod > onto nfsconvert.sh when it does the chattr. (In reply to Yongcheng Yang from comment #9) > (In reply to Steve Dickson from comment #8) > > Is this still a problem? > > Yes! After nfsconvert, mode of file "/etc/nfs.conf" has been changed > from 644 (rw-r--r--) to 600 (rw-------): > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OK... It appears most of the files under /etc are have 644 mods. > > I cannot find out where the modification takes effect. However, maybe > we can just change it back using chmod as Justin says. Its probably happen when root creates the file since root's default modes are 600. > > (In reply to Justin Mitchell from comment #6) > > > > The mode on /etc/nfs.conf is probably best fixed by adding a chmod > > onto nfsconvert.sh when it does the chattr. Sounds reasonable. (In reply to Yongcheng Yang from comment #7) > ... > P.s. The testcase won't cover this issue as nfsconvert only be > triggered when appropriate (Bug 1673685). Will test it by hand. Now have found a suitable place for this check. Re-cover it again. Please note this bug was fixed in nfs-utils-2.3.3-17.el8 by correcting the mode manually. But later, policy changes to "Modify nfs.conf in-place instead of replacing the file (bz 1687496)". However I'm verifying it as this problem gets resolved: https://beaker.engineering.redhat.com/recipes/7311457 ----------------------------------------------------- [00:57:43 root@ ~~]# ls -l /etc/nfs.conf -rw-r--r--. 1 root root 0 Sep 4 00:57 /etc/nfs.conf [00:57:43 root@ ~~]# service_nfs restart Redirecting to /bin/systemctl restart nfs-server.service [00:57:43 root@ ~~]# ls -l /etc/nfs.conf -rw-r--r--. 1 root root 47 Sep 4 00:57 /etc/nfs.conf [00:57:43 root@ ~~]# test '644' == '644' <<< PASS: The access permission should keep unchanged Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3579 |