[PATCH 1/1 v2] systemd: Only start the gssd daemons when they are enabled

linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Steve Dickson <steved@redhat.com>
To: Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: [PATCH 1/1 v2] systemd: Only start the gssd daemons when they are enabled
Date: Tue, 21 Jun 2016 10:53:27 -0400	[thread overview]
Message-ID: <1466520807-4340-1-git-send-email-steved@redhat.com> (raw)

When Kerberos is enabled, the /etc/krb5.keytab exists
which causes the both gssd daemons to start, automatically.

With rpc.gssd running, on all NFS mounts, an upcall
is done to get GSS security context for SETCLIENTID procedure.

When Kerberos is not configured for NFS, meaning
there is no host/hostname@REALM principal in
the key tab, those upcalls always fall causing
the mount to hang for several seconds.

This patch added an [Install] section to both
services so the services can be enable and disable.
The README was also updated.

Signed-off-by: Steve Dickson <steved@redhat.com>
---
 systemd/README              | 14 +++++---------
 systemd/rpc-gssd.service    |  6 ++++++
 systemd/rpc-svcgssd.service |  7 +++++++
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/systemd/README b/systemd/README
index 7c43df8..58dae42 100644
--- a/systemd/README
+++ b/systemd/README
@@ -59,13 +59,9 @@ information such as in /etc/sysconfig/nfs or /etc/defaults/nfs.
 It is run once by nfs-config.service.
 
 rpc.gssd and rpc.svcgssd are assumed to be needed if /etc/krb5.keytab
-is present.
-If a site needs this file present but does not want the gss daemons
-running, it should create
-   /etc/systemd/system/rpc-gssd.service.d/01-disable.conf
-and
-   /etc/systemd/system/rpc-svcgssd.service.d/01-disable.conf
+is present.  If a site needs this file present but does not want 
+the gss daemons running, they can be disabled by doing
+   
+   systemctl disable rpc-gssd
+   systemctl disable rpc-svcgssd
 
-containing
-   [Unit]
-   ConditionNull=false
diff --git a/systemd/rpc-gssd.service b/systemd/rpc-gssd.service
index d4a3819..681f26a 100644
--- a/systemd/rpc-gssd.service
+++ b/systemd/rpc-gssd.service
@@ -17,3 +17,9 @@ EnvironmentFile=-/run/sysconfig/nfs-utils
 
 Type=forking
 ExecStart=/usr/sbin/rpc.gssd $GSSDARGS
+
+# Only start if the service is enabled 
+# and /etc/krb5.keytab exists 
+[Install]
+WantedBy=multi-user.target
+
diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service
index 41177b6..4433ed7 100644
--- a/systemd/rpc-svcgssd.service
+++ b/systemd/rpc-svcgssd.service
@@ -18,3 +18,10 @@ After=nfs-config.service
 EnvironmentFile=-/run/sysconfig/nfs-utils
 Type=forking
 ExecStart=/usr/sbin/rpc.svcgssd $SVCGSSDARGS
+
+# Only start if the service is enabled 
+# and /etc/krb5.keytab exists 
+# and when gss-proxy is not runing
+[Install]
+WantedBy=multi-user.target
+
-- 
2.5.5

next             reply	other threads:[~2016-06-21 15:03 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-21 14:53 Steve Dickson [this message]
2016-06-21 15:26 ` [PATCH 1/1 v2] systemd: Only start the gssd daemons when they are enabled Chuck Lever
2016-06-21 15:43   ` Steve Dickson
2016-06-21 15:47     ` Chuck Lever
2016-06-21 17:20       ` Steve Dickson
2016-06-21 17:57         ` Chuck Lever
2016-06-23 15:57           ` Steve Dickson
2016-06-24  1:30             ` Chuck Lever
2016-06-28 14:27               ` Steve Dickson
2016-06-28 16:27                 ` Chuck Lever
2016-06-28 17:23                   ` Weston Andros Adamson
2016-06-28 18:12                     ` Steve Dickson
2016-06-28 18:19                       ` Chuck Lever
2016-06-28 18:11                   ` Steve Dickson
2016-06-28 20:38                     ` Chuck Lever

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7c43df8 dfblob:58dae42 dfblob:d4a3819 dfblob:681f26a
dfblob:41177b6 dfblob:4433ed7 )
 OR (
bs:"[PATCH 1/1 v2] systemd: Only start the gssd daemons when they are enabled" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1466520807-4340-1-git-send-email-steved@redhat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).