Re: [PATCH 1/1] Move the wants only to the auth unit.

public inbox for linux-nfs@vger.kernel.org
 help / color / mirror / Atom feed

From: Steve Dickson <SteveD@redhat.com>
To: Simo Sorce <simo@redhat.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 1/1] Move the wants only to the auth unit.
Date: Tue, 30 Sep 2014 11:05:14 -0400	[thread overview]
Message-ID: <542AC6AA.1090702@RedHat.com> (raw)
In-Reply-To: <1412014923-26587-2-git-send-email-simo@redhat.com>

On 09/29/2014 02:22 PM, Simo Sorce wrote:
> This way either gssproxy or rpc.svcgssd are started only if the auth module is
> requested, and it finds a keytab.
> If the wants are in the main nfs-client or nfs-server unit files then the
> two deamons are started unconditionally and would require conditions which we
> can test once and for all in a single unit file instead.
> 
> Signed-off-by: Simo Sorce <simo@redhat.com>
> ---
>  systemd/auth-rpcgss-module.service | 3 ++-
>  systemd/nfs-client.target          | 4 ++--
>  systemd/nfs-server.service         | 1 -
>  3 files changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/systemd/auth-rpcgss-module.service b/systemd/auth-rpcgss-module.service
> index 3fc2f4ac924f7e9d6e24969bb9a21d88a5c144fc..0355e13e009528632e97373332db9fa3acdfd1a9 100644
> --- a/systemd/auth-rpcgss-module.service
> +++ b/systemd/auth-rpcgss-module.service
> @@ -6,7 +6,8 @@
>  # unit will fail.  But that's OK.)
>  [Unit]
>  Description=Kernel Module supporting RPCSEC_GSS
> -Before=gssproxy.service rpc-svcgssd.service
> +Before=gssproxy.service rpc-svcgssd.service rpc-gssd.service
By moving these into this unit,it destroys client/server
sync starts commit 12a95eda talks about... 

Maybe we could put an After=nfs-server.service in nfs-client.target
to bring back that synchronization... because in the end
we really really want the server to start first especially
when gssproxy is involved and both units are enabled.

Also, this will cause gssproxy to be started on every boot
regardless whether Kerberos is installed and configured
(which not the case with rpc.svcgssd)... 

I can hear the complaints already... Why is NFS starting 
up this daemon that will never have anything to do, in
the case when Kerberos is not installed/configure
which could be the majority of the cases...

I would really really, really like to avoid this.

steved. 

  
> +Wants=gssproxy.service rpc-svcgssd.service rpc-gssd.service
>  ConditionPathExists=/etc/krb5.keytab
>  
>  [Service]
> diff --git a/systemd/nfs-client.target b/systemd/nfs-client.target
> index 474f5e9ad74b70d265a7b2099556c2b9220bcdd0..f3d884a241543e41fdd91bcb0a055654b4b2c275 100644
> --- a/systemd/nfs-client.target
> +++ b/systemd/nfs-client.target
> @@ -5,9 +5,9 @@ Wants=remote-fs-pre.target
>  
>  # Note: we don't "Wants=rpc-statd.service" as "mount.nfs" will arrange to
>  # start that on demand if needed.
> -Wants=rpc-gssd.service rpc-svcgssd.service auth-rpcgss-module.service
> +Wants=auth-rpcgss-module.service
>  Wants=nfs-blkmap.service rpc-statd-notify.service
> -Before=rpc-gssd.service rpc-svcgssd.service nfs-blkmap.service
> +Before=nfs-blkmap.service
>  
>  [Install]
>  WantedBy=multi-user.target
> diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service
> index 1048c5cbbf68328a8ac8c88b67e477061cf487c7..a5039062ad95ca0c73c8a6c33d053a845d596185 100644
> --- a/systemd/nfs-server.service
> +++ b/systemd/nfs-server.service
> @@ -3,7 +3,6 @@ Description=NFS server and services
>  Requires= network.target proc-fs-nfsd.mount rpcbind.target
>  Requires= nfs-mountd.service
>  Wants=rpc-statd.service nfs-idmapd.service auth-rpcgss-module.service
> -Wants=rpc-gssd.service gssproxy.service rpc-svcgssd.service
>  Wants=rpc-statd-notify.service
>  
>  After= network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.service
>

next prev parent reply	other threads:[~2014-09-30 15:05 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-29 18:22 [PATCH 0/1] Simplify rpcsec gss dependencies in unit files Simo Sorce
2014-09-29 18:22 ` [PATCH 1/1] Move the wants only to the auth unit Simo Sorce
2014-09-30 14:45   ` Steve Dickson
2014-09-30 15:21     ` Simo Sorce
2014-09-30 15:05   ` Steve Dickson [this message]
2014-09-30 15:31     ` Simo Sorce
2014-09-30 15:54       ` Steve Dickson
2014-09-30 16:11         ` Simo Sorce

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=542AC6AA.1090702@RedHat.com \
    --to=steved@redhat.com \
    --cc=linux-nfs@vger.kernel.org \
    --cc=simo@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox