linux-nfs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd
@ 2023-06-13  3:46 Aram Akhavan
  2023-06-13  3:46 ` [PATCH 1/2] nfs-idmapd.service: add network-online.target to Wants= and After= Aram Akhavan
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Aram Akhavan @ 2023-06-13  3:46 UTC (permalink / raw)
  To: linux-nfs; +Cc: Aram Akhavan

idmapd needs DNS resolution on startup if a domain isn't specified by
config file. This isn't trivial since even with systemd's
network-online.target, DNS resolution isn't guaranteed. On Debian,
for example (in part due to some lingering bugs), adding the
target, and even enabling the not-well-documented
ifupdown-wait-online.service is not enough. These two patches aim to
improve the startup behavior in common setup scenarios.

Aram Akhavan (2):
  nfs-idmapd.service: add network-online.target to Wants= and After=
  libnfsidmap: try to get the domain directly from hostname if the DNS
    lookup fails and always show the log message if the domain can't be
    determined

 support/nfsidmap/libnfsidmap.c | 15 ++++++++++-----
 systemd/nfs-idmapd.service     |  3 ++-
 2 files changed, 12 insertions(+), 6 deletions(-)

-- 
2.39.2


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 1/2] nfs-idmapd.service: add network-online.target to Wants= and After=
  2023-06-13  3:46 [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Aram Akhavan
@ 2023-06-13  3:46 ` Aram Akhavan
  2023-06-13  3:46 ` [PATCH 2/2] libnfsidmap: try to get the domain directly from hostname if the DNS lookup fails and always show the log message if the domain can't be determined Aram Akhavan
  2023-07-17 21:48 ` [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Steve Dickson
  2 siblings, 0 replies; 4+ messages in thread
From: Aram Akhavan @ 2023-06-13  3:46 UTC (permalink / raw)
  To: linux-nfs; +Cc: Aram Akhavan

nfs-idmapd.service does not have any dependency on the network so there's no
starting point to wait for DNS resolution. nfs-server.service already has this
network dependency and ordering.

Signed-off-by: Aram Akhavan <github@aram.nubmail.ca>
---
 systemd/nfs-idmapd.service | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/systemd/nfs-idmapd.service b/systemd/nfs-idmapd.service
index f38fe527..198ca87c 100644
--- a/systemd/nfs-idmapd.service
+++ b/systemd/nfs-idmapd.service
@@ -2,7 +2,8 @@
 Description=NFSv4 ID-name mapping service
 DefaultDependencies=no
 Requires=rpc_pipefs.target
-After=rpc_pipefs.target local-fs.target
+After=rpc_pipefs.target local-fs.target network-online.target
+Wants=network-online.target
 
 BindsTo=nfs-server.service
 
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/2] libnfsidmap: try to get the domain directly from hostname if the DNS lookup fails and always show the log message if the domain can't be determined
  2023-06-13  3:46 [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Aram Akhavan
  2023-06-13  3:46 ` [PATCH 1/2] nfs-idmapd.service: add network-online.target to Wants= and After= Aram Akhavan
@ 2023-06-13  3:46 ` Aram Akhavan
  2023-07-17 21:48 ` [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Steve Dickson
  2 siblings, 0 replies; 4+ messages in thread
From: Aram Akhavan @ 2023-06-13  3:46 UTC (permalink / raw)
  To: linux-nfs; +Cc: Aram Akhavan

In nfs4_init_name_mapping(), if no domain is specified in the config file, the hostname will be looked up in DNS, and the domain extracted from that.
If DNS resolution isn't up at this time (i.e. on idmapd startup), the hardcoded domain in IDMAPD_DEFAULT_DOMAIN is used. This will break id mapping
for anyone who doesn't happen to use "localdomain". Previously, the log message indicating this has happened requires -v to be passed, so the
"failure" was silent by default.

Signed-off-by: Aram Akhavan <github@aram.nubmail.ca>
---
 support/nfsidmap/libnfsidmap.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/support/nfsidmap/libnfsidmap.c b/support/nfsidmap/libnfsidmap.c
index 0a912e52..f8c36480 100644
--- a/support/nfsidmap/libnfsidmap.c
+++ b/support/nfsidmap/libnfsidmap.c
@@ -219,10 +219,15 @@ static int domain_from_dns(char **domain)
 
 	if (gethostname(hname, sizeof(hname)) == -1)
 		return -1;
-	if ((he = gethostbyname(hname)) == NULL)
-		return -1;
-	if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
-		return -1;
+	if ((he = gethostbyname(hname)) == NULL) {
+		IDMAP_LOG(1, ("libnfsidmap: DNS lookup of hostname failed. Attempting to use domain from hostname as is."));
+		if ((c = strchr(hname, '.')) == NULL || *++c == '\0')
+			return -1;
+	}
+	else {
+		if ((c = strchr(he->h_name, '.')) == NULL || *++c == '\0')
+			return -1;
+	}
 	/* 
 	 * Query DNS to see if the _nfsv4idmapdomain TXT record exists
 	 * If so use it... 
@@ -387,7 +392,7 @@ int nfs4_init_name_mapping(char *conffile)
 		dflt = 1;
 		ret = domain_from_dns(&default_domain);
 		if (ret) {
-			IDMAP_LOG(1, ("libnfsidmap: Unable to determine "
+			IDMAP_LOG(0, ("libnfsidmap: Unable to determine "
 				  "the NFSv4 domain; Using '%s' as the NFSv4 domain "
 				  "which means UIDs will be mapped to the 'Nobody-User' "
 				  "user defined in %s", 
-- 
2.39.2


^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd
  2023-06-13  3:46 [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Aram Akhavan
  2023-06-13  3:46 ` [PATCH 1/2] nfs-idmapd.service: add network-online.target to Wants= and After= Aram Akhavan
  2023-06-13  3:46 ` [PATCH 2/2] libnfsidmap: try to get the domain directly from hostname if the DNS lookup fails and always show the log message if the domain can't be determined Aram Akhavan
@ 2023-07-17 21:48 ` Steve Dickson
  2 siblings, 0 replies; 4+ messages in thread
From: Steve Dickson @ 2023-07-17 21:48 UTC (permalink / raw)
  To: Aram Akhavan, linux-nfs



On 6/12/23 11:46 PM, Aram Akhavan wrote:
> idmapd needs DNS resolution on startup if a domain isn't specified by
> config file. This isn't trivial since even with systemd's
> network-online.target, DNS resolution isn't guaranteed. On Debian,
> for example (in part due to some lingering bugs), adding the
> target, and even enabling the not-well-documented
> ifupdown-wait-online.service is not enough. These two patches aim to
> improve the startup behavior in common setup scenarios.
> 
> Aram Akhavan (2):
>    nfs-idmapd.service: add network-online.target to Wants= and After=
>    libnfsidmap: try to get the domain directly from hostname if the DNS
>      lookup fails and always show the log message if the domain can't be
>      determined
> 
>   support/nfsidmap/libnfsidmap.c | 15 ++++++++++-----
>   systemd/nfs-idmapd.service     |  3 ++-
>   2 files changed, 12 insertions(+), 6 deletions(-)
> 
Both committed... (Tag nfs-utils-2-6-4-rc3)

steved


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-07-17 21:49 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-13  3:46 [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Aram Akhavan
2023-06-13  3:46 ` [PATCH 1/2] nfs-idmapd.service: add network-online.target to Wants= and After= Aram Akhavan
2023-06-13  3:46 ` [PATCH 2/2] libnfsidmap: try to get the domain directly from hostname if the DNS lookup fails and always show the log message if the domain can't be determined Aram Akhavan
2023-07-17 21:48 ` [PATCH 0/2] Mitigate startup race between DNS resolution and idmapd Steve Dickson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).