Autofs weirdness in nsswitch.conf and other stuff...

Autofs weirdness in nsswitch.conf and other stuff...

[weiler]

Hey all-

I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
autofs 5.0.1 which is the version that ships with it.  I'm noticing three
odd things based on what I was seeing in RedHat 4.4 (which has autofs
4.1.3):

1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:

automount: files ldap

And I had some maps in /etc/auto.master that mounted AND I had some maps
in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
same line in nsswitch.conf only lets me use whatever is first, i.e. if
files is listed first it automounts with flat files but not LDAP, or vice
versa.  Is there any way to get them BOTH working again, or is this a
nifty feature that has been removed?

2: When it loads flat files from auto.master locally, I see all the maps
mount at once randomly, i.e. if I have 1 map with 10 mounts listed in it,
I see them ALL mount at once!  Even though I didn't access them.  They
seem to come and go randomly...  Is this normal with autofs 5?

3: I used to see this when I did a "ps -ef | grep automount" in autofs 4.1.3:

% ps -ef | grep automount
[root@lutra ~]# ps -ef | grep automount
root      3373     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
--timeout=6000 /cluster file /etc/auto.cluster intr
root      3442     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
--timeout=6000 /share file /etc/auto.share
root      3489     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
--timeout=60 --ghost /home ldap nisMapName=auto.home,dc=someuniv,dc=edu
-hard,intr,rw
root      3565     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
--timeout=60 --ghost /projects ldap
nisMapName=auto.projects,dc=someuniv,dc=edu -hard,intr,rw

But now all I see on 5.0.1 is:

% ps -ef | grep automount:
root     25274     1  0 14:43 ?        00:00:00 automount
root     25451 18488  0 15:02 pts/1    00:00:00 grep automount

Not nearly as descriptive as to *what* is actually live or not...

Thanks for any hints!!

-erich

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Ian Kent]

On Thu, 2007-03-15 at 15:05 -0700, weiler@soe.ucsc.edu wrote:
> Hey all-
> 
> I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
> autofs 5.0.1 which is the version that ships with it.  I'm noticing three
> odd things based on what I was seeing in RedHat 4.4 (which has autofs
> 4.1.3):
> 
> 1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:
> 
> automount: files ldap
> 
> And I had some maps in /etc/auto.master that mounted AND I had some maps
> in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
> same line in nsswitch.conf only lets me use whatever is first, i.e. if
> files is listed first it automounts with flat files but not LDAP, or vice
> versa.  Is there any way to get them BOTH working again, or is this a
> nifty feature that has been removed?

That's correct.
That's the behavior of other industry standard automounters.
Adding a plus include line at the end of /etc/auto.master (as in the
default configuration) will allow the inclusion of the LDAP master map
in the above example.

> 
> 2: When it loads flat files from auto.master locally, I see all the maps
> mount at once randomly, i.e. if I have 1 map with 10 mounts listed in it,
> I see them ALL mount at once!  Even though I didn't access them.  They
> seem to come and go randomly...  Is this normal with autofs 5?

No, you have a process accessing the filesystems.
Find out what it is and get an update for it.
Using debug logging for a little while may help to identify the culprit
as version 5 logs the requesting pid. Don't forget to make sure daemon.*
is being logged somewhere. 

> 
> 3: I used to see this when I did a "ps -ef | grep automount" in autofs 4.1.3:
> 
> % ps -ef | grep automount
> [root@lutra ~]# ps -ef | grep automount
> root      3373     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
> --timeout=6000 /cluster file /etc/auto.cluster intr
> root      3442     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
> --timeout=6000 /share file /etc/auto.share
> root      3489     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
> --timeout=60 --ghost /home ldap nisMapName=auto.home,dc=someuniv,dc=edu
> -hard,intr,rw
> root      3565     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
> --timeout=60 --ghost /projects ldap
> nisMapName=auto.projects,dc=someuniv,dc=edu -hard,intr,rw
> 
> But now all I see on 5.0.1 is:
> 
> % ps -ef | grep automount:
> root     25274     1  0 14:43 ?        00:00:00 automount
> root     25451 18488  0 15:02 pts/1    00:00:00 grep automount
> 
> Not nearly as descriptive as to *what* is actually live or not...

Yes, version 5 uses POSIX threads instead of processes.
You won't see the autofs file system mounts in /etc/mtab anymore either.
Check /proc/mounts to see the autofs mounts and use the list threads
option in ps if you want more information.

Ian

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Erich Weiler]

Hi Ian,

Fantastic!  Just what I needed, all is well now.  Thanks a million for 
the insight!

Regards,
erich

Ian Kent wrote:
> On Thu, 2007-03-15 at 15:05 -0700, weiler@soe.ucsc.edu wrote:
>> Hey all-
>>
>> I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
>> autofs 5.0.1 which is the version that ships with it.  I'm noticing three
>> odd things based on what I was seeing in RedHat 4.4 (which has autofs
>> 4.1.3):
>>
>> 1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:
>>
>> automount: files ldap
>>
>> And I had some maps in /etc/auto.master that mounted AND I had some maps
>> in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
>> same line in nsswitch.conf only lets me use whatever is first, i.e. if
>> files is listed first it automounts with flat files but not LDAP, or vice
>> versa.  Is there any way to get them BOTH working again, or is this a
>> nifty feature that has been removed?
> 
> That's correct.
> That's the behavior of other industry standard automounters.
> Adding a plus include line at the end of /etc/auto.master (as in the
> default configuration) will allow the inclusion of the LDAP master map
> in the above example.
> 
>> 2: When it loads flat files from auto.master locally, I see all the maps
>> mount at once randomly, i.e. if I have 1 map with 10 mounts listed in it,
>> I see them ALL mount at once!  Even though I didn't access them.  They
>> seem to come and go randomly...  Is this normal with autofs 5?
> 
> No, you have a process accessing the filesystems.
> Find out what it is and get an update for it.
> Using debug logging for a little while may help to identify the culprit
> as version 5 logs the requesting pid. Don't forget to make sure daemon.*
> is being logged somewhere. 
> 
>> 3: I used to see this when I did a "ps -ef | grep automount" in autofs 4.1.3:
>>
>> % ps -ef | grep automount
>> [root@lutra ~]# ps -ef | grep automount
>> root      3373     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
>> --timeout=6000 /cluster file /etc/auto.cluster intr
>> root      3442     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
>> --timeout=6000 /share file /etc/auto.share
>> root      3489     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
>> --timeout=60 --ghost /home ldap nisMapName=auto.home,dc=someuniv,dc=edu
>> -hard,intr,rw
>> root      3565     1  0 Mar14 ?        00:00:00 /usr/sbin/automount
>> --timeout=60 --ghost /projects ldap
>> nisMapName=auto.projects,dc=someuniv,dc=edu -hard,intr,rw
>>
>> But now all I see on 5.0.1 is:
>>
>> % ps -ef | grep automount:
>> root     25274     1  0 14:43 ?        00:00:00 automount
>> root     25451 18488  0 15:02 pts/1    00:00:00 grep automount
>>
>> Not nearly as descriptive as to *what* is actually live or not...
> 
> Yes, version 5 uses POSIX threads instead of processes.
> You won't see the autofs file system mounts in /etc/mtab anymore either.
> Check /proc/mounts to see the autofs mounts and use the list threads
> option in ps if you want more information.
> 
> Ian
> 

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Peter Staubach]

Ian Kent wrote:
> On Thu, 2007-03-15 at 15:05 -0700, weiler@soe.ucsc.edu wrote:
>   
>> Hey all-
>>
>> I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
>> autofs 5.0.1 which is the version that ships with it.  I'm noticing three
>> odd things based on what I was seeing in RedHat 4.4 (which has autofs
>> 4.1.3):
>>
>> 1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:
>>
>> automount: files ldap
>>
>> And I had some maps in /etc/auto.master that mounted AND I had some maps
>> in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
>> same line in nsswitch.conf only lets me use whatever is first, i.e. if
>> files is listed first it automounts with flat files but not LDAP, or vice
>> versa.  Is there any way to get them BOTH working again, or is this a
>> nifty feature that has been removed?
>>     
>
> That's correct.
> That's the behavior of other industry standard automounters.
> Adding a plus include line at the end of /etc/auto.master (as in the
> default configuration) will allow the inclusion of the LDAP master map
> in the above example.

Is this really true?  My impression was that autofs implementations such as
the Solaris version would use the name service switch really as a switch.
It would look for a map following the standard rules which apply to
nsswitch.conf entries.  I can remember using a combination of NIS+ and
flat files for map sources, without having to resort to the "+" tricks.

    Thanx...

       ps

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Ian Kent]

On Fri, 2007-03-16 at 09:19 -0400, Peter Staubach wrote:
> Ian Kent wrote:
> > On Thu, 2007-03-15 at 15:05 -0700, weiler@soe.ucsc.edu wrote:
> >   
> >> Hey all-
> >>
> >> I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
> >> autofs 5.0.1 which is the version that ships with it.  I'm noticing three
> >> odd things based on what I was seeing in RedHat 4.4 (which has autofs
> >> 4.1.3):
> >>
> >> 1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:
> >>
> >> automount: files ldap
> >>
> >> And I had some maps in /etc/auto.master that mounted AND I had some maps
> >> in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
> >> same line in nsswitch.conf only lets me use whatever is first, i.e. if
> >> files is listed first it automounts with flat files but not LDAP, or vice
> >> versa.  Is there any way to get them BOTH working again, or is this a
> >> nifty feature that has been removed?
> >>     
> >
> > That's correct.
> > That's the behavior of other industry standard automounters.
> > Adding a plus include line at the end of /etc/auto.master (as in the
> > default configuration) will allow the inclusion of the LDAP master map
> > in the above example.
> 
> Is this really true?  My impression was that autofs implementations such as
> the Solaris version would use the name service switch really as a switch.
> It would look for a map following the standard rules which apply to
> nsswitch.conf entries.  I can remember using a combination of NIS+ and
> flat files for map sources, without having to resort to the "+" tricks.

Think so.
I'll check again.
But I think that the first source found (master map in this case) is
used.

Ian

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Peter Staubach]

Ian Kent wrote:
> On Fri, 2007-03-16 at 09:19 -0400, Peter Staubach wrote:
>   
>> Ian Kent wrote:
>>     
>>> On Thu, 2007-03-15 at 15:05 -0700, weiler@soe.ucsc.edu wrote:
>>>   
>>>       
>>>> Hey all-
>>>>
>>>> I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
>>>> autofs 5.0.1 which is the version that ships with it.  I'm noticing three
>>>> odd things based on what I was seeing in RedHat 4.4 (which has autofs
>>>> 4.1.3):
>>>>
>>>> 1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:
>>>>
>>>> automount: files ldap
>>>>
>>>> And I had some maps in /etc/auto.master that mounted AND I had some maps
>>>> in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
>>>> same line in nsswitch.conf only lets me use whatever is first, i.e. if
>>>> files is listed first it automounts with flat files but not LDAP, or vice
>>>> versa.  Is there any way to get them BOTH working again, or is this a
>>>> nifty feature that has been removed?
>>>>     
>>>>         
>>> That's correct.
>>> That's the behavior of other industry standard automounters.
>>> Adding a plus include line at the end of /etc/auto.master (as in the
>>> default configuration) will allow the inclusion of the LDAP master map
>>> in the above example.
>>>       
>> Is this really true?  My impression was that autofs implementations such as
>> the Solaris version would use the name service switch really as a switch.
>> It would look for a map following the standard rules which apply to
>> nsswitch.conf entries.  I can remember using a combination of NIS+ and
>> flat files for map sources, without having to resort to the "+" tricks.
>>     
>
> Think so.
> I'll check again.
> But I think that the first source found (master map in this case) is
> used.

Yes, I agree, the first source found is used.  However, if some maps
are flat files and some maps are stored in other places such as ldap,
nis, or nis+, then when a reference to them occurs, they should be
looked for in the name services and directory services in the order
that the nsswitch.conf contains.

Or am I misunderstanding the situation and we are actually in
agreement?  I interpreted the situation originally described as _all_
maps having to come from the one source, instead of on a per-map
basis.

    Thanx...

       ps

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Jeff Moyer]

==> On Fri, 16 Mar 2007 10:37:23 -0400, Peter Staubach <staubach@redhat.com> said:

Peter> Ian Kent wrote:
Peter> > On Fri, 2007-03-16 at 09:19 -0400, Peter Staubach wrote:
Peter> >   
Peter> >> Ian Kent wrote:
Peter> >>     
Peter> >>> On Thu, 2007-03-15 at 15:05 -0700, weiler@soe.ucsc.edu wrote:
Peter> >>>   
Peter> >>>       
Peter> >>>> Hey all-
Peter> >>>>
Peter> >>>> I'm testing out CentOS 5 (i.e. RedHat 5) and and playing around with
Peter> >>>> autofs 5.0.1 which is the version that ships with it.  I'm noticing three
Peter> >>>> odd things based on what I was seeing in RedHat 4.4 (which has autofs
Peter> >>>> 4.1.3):
Peter> >>>>
Peter> >>>> 1: Before, with autofs 4.1.3, I had in /etc/nsswitch.conf:
Peter> >>>>
Peter> >>>> automount: files ldap
Peter> >>>>
Peter> >>>> And I had some maps in /etc/auto.master that mounted AND I had some maps
Peter> >>>> in LDAP that mounted, both worked OK together.  But in Autofs 5.0.1, the
Peter> >>>> same line in nsswitch.conf only lets me use whatever is first, i.e. if
Peter> >>>> files is listed first it automounts with flat files but not LDAP, or vice
Peter> >>>> versa.  Is there any way to get them BOTH working again, or is this a
Peter> >>>> nifty feature that has been removed?
Peter> >>>>     
Peter> >>>>         
Peter> >>> That's correct.
Peter> >>> That's the behavior of other industry standard automounters.
Peter> >>> Adding a plus include line at the end of /etc/auto.master (as in the
Peter> >>> default configuration) will allow the inclusion of the LDAP master map
Peter> >>> in the above example.
Peter> >>>       
Peter> >> Is this really true?  My impression was that autofs implementations such as
Peter> >> the Solaris version would use the name service switch really as a switch.
Peter> >> It would look for a map following the standard rules which apply to
Peter> >> nsswitch.conf entries.  I can remember using a combination of NIS+ and
Peter> >> flat files for map sources, without having to resort to the "+" tricks.
Peter> >>     
Peter> >
Peter> > Think so.
Peter> > I'll check again.
Peter> > But I think that the first source found (master map in this case) is
Peter> > used.

Peter> Yes, I agree, the first source found is used.  However, if some maps
Peter> are flat files and some maps are stored in other places such as ldap,
Peter> nis, or nis+, then when a reference to them occurs, they should be
Peter> looked for in the name services and directory services in the order
Peter> that the nsswitch.conf contains.

Peter> Or am I misunderstanding the situation and we are actually in
Peter> agreement?  I interpreted the situation originally described as _all_
Peter> maps having to come from the one source, instead of on a per-map
Peter> basis.

You misunderstood.  Each time a lookup occurs the name service switch
is consulted.

-Jeff

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Erich Weiler]

> You misunderstood.  Each time a lookup occurs the name service switch
> is consulted.

If it is consulted each time a lookup occurs, then why do ldap lookups 
fail if ldap is listed *after* files in nsswitch.conf?  It looks to me 
like when the automounter daemon starts it looks at nsswitch.conf once, 
loads the first options on the automount line (and the second if the "+" 
option is used) and that's it, nsswitch.conf is never consulted again. 
Looking in /proc/mounts shows automounters listening for specific 
requests only, not simply a name service switch query able type thing. 
Am I misunderstanding the behavior I am seeing?

-erich

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Jim Carter]

On Fri, 16 Mar 2007, Ian Kent wrote:

> > > That's correct.
> > > That's the behavior of other industry standard automounters.
> > > Adding a plus include line at the end of /etc/auto.master (as in the
> > > default configuration) will allow the inclusion of the LDAP master map
> > > in the above example.
> > 
> > Is this really true?  My impression was that autofs implementations such as
> > the Solaris version would use the name service switch really as a switch.
> > It would look for a map following the standard rules which apply to
> > nsswitch.conf entries.  I can remember using a combination of NIS+ and
> > flat files for map sources, without having to resort to the "+" tricks.
> 
> Think so.
> I'll check again.
> But I think that the first source found (master map in this case) is
> used.

For other maps on Solaris such as passwd, if the key were not found in the 
first source (files) it would normally try the next one (NIS or, on 
advanced systems, LDAP).  According to the man page, glibc for Linux does 
the same thing.  It's possible (Solaris and Linux) to influence this 
behavior by reaction tags such as [NOTFOUND=return].  The plus kludge was a 
Solaris-ism introduced in SunOS-3.x, before nsswitch.conf.  libc::getpwnam 
etc. would always consult files first, and then if you had NIS you could 
authorize its use by appending the plus line.  But plus lines were 
deprecated when nsswitch.conf appeared, I think in SunOS-4.0.

I can't remember whether Solaris autofs followed the same rule.  

I'm inclined to say that if it didn't, it should have, and we should do it 
"right" rather than carrying forward historical mistakes for the sake of 
being able to drop a Linux kernel and packages among Solaris configuration 
files and having it work out of the box (and having it NOT work out of the 
box when a man-page-following Linux sysop upgrades).  But I can see why 
Solaris sysadmins might think differently.  Certainly plus lines should not 
be rejected noisily as errors.  Better to just ignore them.

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA  90095-1555
Email: jimc@math.ucla.edu    http://www.math.ucla.edu/~jimc (q.v. for PGP key)

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Ian Kent]

On Fri, 2007-03-16 at 08:16 -0700, Erich Weiler wrote:
> > You misunderstood.  Each time a lookup occurs the name service switch
> > is consulted.
> 
> If it is consulted each time a lookup occurs, then why do ldap lookups 
> fail if ldap is listed *after* files in nsswitch.conf?  It looks to me 
> like when the automounter daemon starts it looks at nsswitch.conf once, 
> loads the first options on the automount line (and the second if the "+" 
> option is used) and that's it, nsswitch.conf is never consulted again. 
> Looking in /proc/mounts shows automounters listening for specific 
> requests only, not simply a name service switch query able type thing. 
> Am I misunderstanding the behavior I am seeing?

Let me see if I can clear this up.

Not withstanding that the nsswitch syntax can itself prevent the lookup
from continuing the following is how this should work.

The first instance of a master map that is found, using nsswitch, is
used unless it is explicitly specified, such as "/etc/auto.master",
either in the autofs configuration or on the command line to the
automount program.

Since the first instance is used there can be only one of source for the
master map. Plus map inclusion is allowed only in file based maps so
additional master maps can be included from a file based master map
only.

The first instance of each autofs managed indirect mount that is found
in the master map is used. The corresponding map given in the entry is
looked for by using nsswitch specified sources unless the source is
explicitly given, such as "/etc/auto.mymap" in which case only that map
is used. Additional instances of the same indirect mount point in the
configuration are ignored.

Multiple direct mount entries can be specified in the master map and the
maps are treated as one large direct mount map. The corresponding map
given in each entry is looked for by using nsswitch specified sources
unless the source is explicitly given, such as "/etc/auto.mymap" in
which case only that map is used.

Plus map inclusion is allowed only in file based maps so additional maps
for both direct and indirect mount maps may be included from a file
based map only. The plus map inclusion knows not to include itself and
so a map of the same name may come from an nsswitch source that follows
"files" in the nsswitch configuration.

Automount key lookups use the same rules as the lookup of maps above and
the first instance of a map key found is used.

At least that what I think I implemented and I believe that the Solaris
automounter does the same thing.

Ian

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Jeff Moyer]

==> On Fri, 16 Mar 2007 09:25:52 -0700 (PDT), Jim Carter <jimc@math.ucla.edu> said:

[snip]
Jim> I'm inclined to say that if it didn't, it should have, and we should do it 
Jim> "right" rather than carrying forward historical mistakes for the sake of 
Jim> being able to drop a Linux kernel and packages among Solaris configuration 
Jim> files and having it work out of the box (and having it NOT work out of the 
Jim> box when a man-page-following Linux sysop upgrades).  But I can see why 
Jim> Solaris sysadmins might think differently.  Certainly plus lines should not 
Jim> be rejected noisily as errors.  Better to just ignore them.

Clearly you don't work in mixed environments, or legacy environments
for that matter.  Support for included maps is non-negotiable.  Ian
has spent a great deal of time making sure that the Linux automounter
behaves identically to the automounters provided by Sun, HP, IBM, SGI,
etc.  There's a reason for that, and the reason is customers want it.

And, if that's not a good enough reason, by coding to the de facto
standard we also get a great regression test suite (connectathon) for
free.

-Jeff

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Jim Carter]

On Sat, 17 Mar 2007, Ian Kent wrote:

> Let me see if I can clear this up.
> ...
> The first instance of a master map that is found, using nsswitch, is
> used unless it is explicitly specified, such as "/etc/auto.master",
> ...
> The first instance of each autofs managed indirect mount that is found
> in the master map is used. The corresponding map given in the entry is
> looked for by using nsswitch specified sources unless the source is
> explicitly given, such as "/etc/auto.mymap" in which case only that map
> is used. Additional instances of the same indirect mount point in the
> configuration are ignored.
> ...
> Automount key lookups use the same rules as the lookup of maps above and
> the first instance of a map key found is used.

Yes, this does clear it up.  Autofs' philosophy differs from other 
nsswitchable maps, where a key is looked for in potentially every listed 
data source until found.  Whereas, autofs identifies the first map that 
exists, and looks up a key in that map, and if it's absent, you lose.  It 
doesn't go on to look for the key in subsequent data sources such as LDAP, 
unless the plus kludge has been used.  (In any case, the first found 
instance of the key is used and subsequent instances or sources are 
not looked at.)

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA  90095-1555
Email: jimc@math.ucla.edu    http://www.math.ucla.edu/~jimc (q.v. for PGP key)

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Jeff Moyer]

==> On Fri, 16 Mar 2007 10:09:24 -0700 (PDT), Jim Carter <jimc@math.ucla.edu> said:

Jim> On Sat, 17 Mar 2007, Ian Kent wrote:
Jim> > Let me see if I can clear this up.
Jim> > ...
Jim> > The first instance of a master map that is found, using nsswitch, is
Jim> > used unless it is explicitly specified, such as "/etc/auto.master",
Jim> > ...
Jim> > The first instance of each autofs managed indirect mount that is found
Jim> > in the master map is used. The corresponding map given in the entry is
Jim> > looked for by using nsswitch specified sources unless the source is
Jim> > explicitly given, such as "/etc/auto.mymap" in which case only that map
Jim> > is used. Additional instances of the same indirect mount point in the
Jim> > configuration are ignored.
Jim> > ...
Jim> > Automount key lookups use the same rules as the lookup of maps above and
Jim> > the first instance of a map key found is used.

Jim> Yes, this does clear it up.  Autofs' philosophy differs from other 
Jim> nsswitchable maps, where a key is looked for in potentially every listed 
Jim> data source until found.  Whereas, autofs identifies the first map that 
Jim> exists, and looks up a key in that map, and if it's absent, you lose.  It 
Jim> doesn't go on to look for the key in subsequent data sources such as LDAP, 
Jim> unless the plus kludge has been used.  (In any case, the first found 
Jim> instance of the key is used and subsequent instances or sources are 
Jim> not looked at.)

Yes, and this was a major point of confusion for me when I first
started working on autofs.  However, we're stuck with it.

-Jeff

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Ian Kent]

On Fri, 2007-03-16 at 10:09 -0700, Jim Carter wrote:
> On Sat, 17 Mar 2007, Ian Kent wrote:
> 
> > Let me see if I can clear this up.
> > ...
> > The first instance of a master map that is found, using nsswitch, is
> > used unless it is explicitly specified, such as "/etc/auto.master",
> > ...
> > The first instance of each autofs managed indirect mount that is found
> > in the master map is used. The corresponding map given in the entry is
> > looked for by using nsswitch specified sources unless the source is
> > explicitly given, such as "/etc/auto.mymap" in which case only that map
> > is used. Additional instances of the same indirect mount point in the
> > configuration are ignored.
> > ...
> > Automount key lookups use the same rules as the lookup of maps above and
> > the first instance of a map key found is used.
> 
> Yes, this does clear it up.  Autofs' philosophy differs from other 
> nsswitchable maps, where a key is looked for in potentially every listed 
> data source until found.  Whereas, autofs identifies the first map that 
> exists, and looks up a key in that map, and if it's absent, you lose.  It 
> doesn't go on to look for the key in subsequent data sources such as LDAP, 
> unless the plus kludge has been used.  (In any case, the first found 
> instance of the key is used and subsequent instances or sources are 
> not looked at.)

Maybe I have got this wrong then.

I thought the default nsswitch action was [NOTFOUND=continue] so autofs
will search multiple source instances of a given map name for a key and
the first match will succeed or not found will be returned. This is so
only if the map source is not explicitly given in the map name in which
case only that map source will be consulted.

Ian

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Peter Staubach]

Ian Kent wrote:
> On Fri, 2007-03-16 at 10:09 -0700, Jim Carter wrote:
>   
>> On Sat, 17 Mar 2007, Ian Kent wrote:
>>
>>     
>>> Let me see if I can clear this up.
>>> ...
>>> The first instance of a master map that is found, using nsswitch, is
>>> used unless it is explicitly specified, such as "/etc/auto.master",
>>> ...
>>> The first instance of each autofs managed indirect mount that is found
>>> in the master map is used. The corresponding map given in the entry is
>>> looked for by using nsswitch specified sources unless the source is
>>> explicitly given, such as "/etc/auto.mymap" in which case only that map
>>> is used. Additional instances of the same indirect mount point in the
>>> configuration are ignored.
>>> ...
>>> Automount key lookups use the same rules as the lookup of maps above and
>>> the first instance of a map key found is used.
>>>       
>> Yes, this does clear it up.  Autofs' philosophy differs from other 
>> nsswitchable maps, where a key is looked for in potentially every listed 
>> data source until found.  Whereas, autofs identifies the first map that 
>> exists, and looks up a key in that map, and if it's absent, you lose.  It 
>> doesn't go on to look for the key in subsequent data sources such as LDAP, 
>> unless the plus kludge has been used.  (In any case, the first found 
>> instance of the key is used and subsequent instances or sources are 
>> not looked at.)
>>     
>
> Maybe I have got this wrong then.
>
> I thought the default nsswitch action was [NOTFOUND=continue] so autofs
> will search multiple source instances of a given map name for a key and
> the first match will succeed or not found will be returned. This is so
> only if the map source is not explicitly given in the map name in which
> case only that map source will be consulted.

This is how I thought that it was supposed to work as well.

It would seem to be the right way and I suspect, should not prevent us from
using the Connectathon testsuite if we wish.  Even if if does, then we 
should
investigate to see why any failures might occur and either fix the testsuite
or make a better informed decision about the semantics of autofs at that 
time.

    Thanx...

       ps

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Ian Kent]

On Fri, 2007-03-16 at 14:21 -0400, Peter Staubach wrote:
> Ian Kent wrote:
> > On Fri, 2007-03-16 at 10:09 -0700, Jim Carter wrote:
> >   
> >> On Sat, 17 Mar 2007, Ian Kent wrote:
> >>
> >>     
> >>> Let me see if I can clear this up.
> >>> ...
> >>> The first instance of a master map that is found, using nsswitch, is
> >>> used unless it is explicitly specified, such as "/etc/auto.master",
> >>> ...
> >>> The first instance of each autofs managed indirect mount that is found
> >>> in the master map is used. The corresponding map given in the entry is
> >>> looked for by using nsswitch specified sources unless the source is
> >>> explicitly given, such as "/etc/auto.mymap" in which case only that map
> >>> is used. Additional instances of the same indirect mount point in the
> >>> configuration are ignored.
> >>> ...
> >>> Automount key lookups use the same rules as the lookup of maps above and
> >>> the first instance of a map key found is used.
> >>>       
> >> Yes, this does clear it up.  Autofs' philosophy differs from other 
> >> nsswitchable maps, where a key is looked for in potentially every listed 
> >> data source until found.  Whereas, autofs identifies the first map that 
> >> exists, and looks up a key in that map, and if it's absent, you lose.  It 
> >> doesn't go on to look for the key in subsequent data sources such as LDAP, 
> >> unless the plus kludge has been used.  (In any case, the first found 
> >> instance of the key is used and subsequent instances or sources are 
> >> not looked at.)
> >>     
> >
> > Maybe I have got this wrong then.

But a quick test shows that I'm not wrong but have slightly broken this
somewhere along the way.

> >
> > I thought the default nsswitch action was [NOTFOUND=continue] so autofs
> > will search multiple source instances of a given map name for a key and
> > the first match will succeed or not found will be returned. This is so
> > only if the map source is not explicitly given in the map name in which
> > case only that map source will be consulted.
> 
> This is how I thought that it was supposed to work as well.

And that certainly seems to be the case.

Solaris will check multiple sources and if the mount is browsable we see
the union of the maps as mount points.

Unfortunately, I've broken Linux autofs somewhere along the line. While
lookups still work fine the mount point the directories for browsable
maps only get created for the first map. Looking at the code I can't see
where it's wrong. Oh well another bug to fix.

Ian

Re: Autofs weirdness in nsswitch.conf and other stuff...

[Jim Carter]

On Sat, 17 Mar 2007, Ian Kent wrote:

> On Fri, 2007-03-16 at 10:09 -0700, Jim Carter wrote:
> ...
> > Yes, this does clear it up.  Autofs' philosophy differs from other 
> > nsswitchable maps, where a key is looked for in potentially every listed 
> > data source until found.  Whereas, autofs identifies the first map that 
> > exists, and looks up a key in that map, and if it's absent, you lose.  It 
> > doesn't go on to look for the key in subsequent data sources such as LDAP, 
> > unless the plus kludge has been used.  (In any case, the first found 
> > instance of the key is used and subsequent instances or sources are 
> > not looked at.)
> 
> Maybe I have got this wrong then.
> 
> I thought the default nsswitch action was [NOTFOUND=continue] so autofs
> will search multiple source instances of a given map name for a key and
> the first match will succeed or not found will be returned. This is so
> only if the map source is not explicitly given in the map name in which
> case only that map source will be consulted.

That's how I think it "should" be and that's how it will come out if you 
use the Gnu libc subroutines.  But that's not what you said and neither is 
it what Jeff Moyer said.  

The autofs-5 behavior appears to be as if the line in nsswitch.conf said
"autofs: files [notfound=return] nis/ldap" (nis or ldap, whichever is 
configured).  According to the original person posting, he formerly got the 
effect of "autofs: files ldap" (with the default [notfound=continue]) and 
doesn't get it now.  (I think I understood him.)  Hence my sniping about 
out-of-the-box Solaris compatibility and breaking Linux upon upgrade.

nsswitch is really confusing because there are two items being sought: 
first the map, and second the key within the map.  The notfound reaction 
tag refers to not finding the key in a working map, while unavail is for 
not finding the map at all.

Maybe the thing to do now is to get into cold print some positive 
statements, and perhaps the nsswitch.conf syntax is the way to express it:

What does Solaris do?  "autofs: files [notfound=return] nis", except with a
plus at the end of the map it ends up as "autofs: files [notfound=continue] 
nis".  In either case, [unavail=continue].  (Jeff, did I get it right?)

What does Linux autofs-5 do?  The same thing, right?  

What does Linux autofs-4 do?  

What *should* Linux autofs-5 do?  Jeff makes some good points that the 
answer should be "imitate Solaris".  Cross vendors, we need to pick a
standard that works in most cases, and to stick with it.

And which of these actually obey an autofs line in /etc/nsswitch.conf if 
one is present?  I hope the answer is "all of them", which would provide a 
neat fix for the original complaining user.  If someone has a special 
circumstance, it's really valuable to be able to replace the default 
behavior in this way.

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc@math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)