From: NeilBrown <neilb@suse.de>
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Simo Sorce <simo@redhat.com>, Steve Dickson <SteveD@redhat.com>,
Linux NFS Mailing list <linux-nfs@vger.kernel.org>
Subject: Re: [PATCH 1/2] nfs-service: Added the starting of gssproxy
Date: Tue, 23 Sep 2014 12:55:17 +1000 [thread overview]
Message-ID: <20140923125517.7a20b09a@notabene.brown> (raw)
In-Reply-To: <20140923020928.GA1409@fieldses.org>
[-- Attachment #1: Type: text/plain, Size: 2092 bytes --]
On Mon, 22 Sep 2014 22:09:28 -0400 "J. Bruce Fields" <bfields@fieldses.org>
wrote:
> On Tue, Sep 23, 2014 at 11:42:29AM +1000, NeilBrown wrote:
> > Surely gssproxy is only serving nfsd requests if both /run/gssproxy.pid
> > exists and /proc/net/rpc/use-gss-proxy exists.
> > If either of those files is missing, then rpc.svcgssd needs to run.
> > In one case, the gssproxy daemon isn't available for some reason. In the
> > other case the kernel cannot make use of it.
> >
> > Is that not correct?
> >
> > That is exactly the rule that I (tried to) encode in the service file with
> > these two conditions.
>
> Eh, I see your point, but the gssproxy.pid one still seems a little odd
> to me.
>
> I guess it's friendlier to people that don't have gss-proxy installed at
> all, or want to turn it off for some reason--but then they or their
> distro can fix up the unit files too.
Having to fix up unit files is something I would much rather avoid. I think
of them as code and just because they can be edited it doesn't mean they
should be.
I'm quite open to having rpc.svcgssd test to see if gssproxy is installed
rather than if it is running. In that case we would have a 'Want=' somewhere
in nfs-utils for gssproxy.service (which I previously said I didn't like but
I'm beginning to see the wisdom of).
But if gssproxy isn't installed, then I think rpc.svcgssd should run whether
use-gss-proxy is present or not.
>
> Otherwise if we've got gss-proxy and the kernel supports it then it
> should work, and if it's failing to come up in that case I'd kind of
> like to know why and get a bug report like "gssproxy failed to start" or
> "krb5 exports stopped working" rather than "krb5 exports are working in
> some subtly different way than they did last week."
This is quite a strong argument.
Thanks,
NeilBrown
>
> --b.
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
next prev parent reply other threads:[~2014-09-23 2:55 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-22 19:20 [PATCH 0/2] Use the gssproxy damon for GSSAPI credentials (v3) Steve Dickson
2014-09-22 19:20 ` [PATCH 1/2] nfs-service: Added the starting of gssproxy Steve Dickson
2014-09-22 19:26 ` Simo Sorce
2014-09-22 19:43 ` Steve Dickson
2014-09-22 20:44 ` J. Bruce Fields
2014-09-22 21:14 ` Steve Dickson
2014-09-22 21:32 ` Simo Sorce
2014-09-22 22:57 ` Steve Dickson
2014-09-23 0:19 ` Simo Sorce
2014-09-23 1:19 ` Steve Dickson
2014-09-23 12:52 ` Simo Sorce
2014-09-23 14:58 ` Steve Dickson
2014-09-23 15:08 ` Simo Sorce
2014-09-23 19:29 ` J. Bruce Fields
2014-09-23 19:40 ` Simo Sorce
2014-09-23 19:51 ` J. Bruce Fields
2014-09-22 22:34 ` J. Bruce Fields
2014-09-22 23:58 ` Steve Dickson
2014-09-23 0:26 ` Simo Sorce
2014-09-23 1:55 ` J. Bruce Fields
2014-09-23 2:08 ` NeilBrown
2014-09-23 2:11 ` J. Bruce Fields
2014-09-23 19:23 ` J. Bruce Fields
2014-09-23 20:17 ` Steve Dickson
2014-09-23 20:25 ` J. Bruce Fields
2014-09-23 21:15 ` Steve Dickson
2014-09-24 15:07 ` Steve Dickson
2014-09-24 15:15 ` J. Bruce Fields
2014-09-24 15:23 ` J. Bruce Fields
2014-09-24 15:30 ` Steve Dickson
2014-09-23 12:48 ` Simo Sorce
2014-09-23 15:20 ` J. Bruce Fields
2014-09-23 16:00 ` Simo Sorce
2014-09-23 16:12 ` J. Bruce Fields
2014-09-23 16:57 ` Simo Sorce
2014-09-23 12:46 ` Simo Sorce
2014-09-23 15:06 ` Steve Dickson
2014-09-23 15:16 ` J. Bruce Fields
2014-09-23 15:52 ` Steve Dickson
2014-09-23 16:05 ` J. Bruce Fields
2014-09-23 2:01 ` NeilBrown
2014-09-22 19:40 ` J. Bruce Fields
2014-09-22 19:46 ` Simo Sorce
2014-09-22 19:53 ` Steve Dickson
2014-09-22 20:00 ` Simo Sorce
2014-09-22 20:02 ` Steve Dickson
2014-09-23 1:42 ` NeilBrown
2014-09-23 2:09 ` J. Bruce Fields
2014-09-23 2:55 ` NeilBrown [this message]
2014-09-23 12:45 ` Simo Sorce
2014-09-22 19:20 ` [PATCH 2/2] rpc.svcgssd: the build of rpc.svcgssd is off by default Steve Dickson
2014-09-22 19:43 ` J. Bruce Fields
2014-09-22 19:50 ` Steve Dickson
2014-09-22 20:21 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140923125517.7a20b09a@notabene.brown \
--to=neilb@suse.de \
--cc=SteveD@redhat.com \
--cc=bfields@fieldses.org \
--cc=linux-nfs@vger.kernel.org \
--cc=simo@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox