On Mon, 22 Sep 2014 22:09:28 -0400 "J. Bruce Fields" <bfields@xxxxxxxxxxxx> wrote: > On Tue, Sep 23, 2014 at 11:42:29AM +1000, NeilBrown wrote: > > Surely gssproxy is only serving nfsd requests if both /run/gssproxy.pid > > exists and /proc/net/rpc/use-gss-proxy exists. > > If either of those files is missing, then rpc.svcgssd needs to run. > > In one case, the gssproxy daemon isn't available for some reason. In the > > other case the kernel cannot make use of it. > > > > Is that not correct? > > > > That is exactly the rule that I (tried to) encode in the service file with > > these two conditions. > > Eh, I see your point, but the gssproxy.pid one still seems a little odd > to me. > > I guess it's friendlier to people that don't have gss-proxy installed at > all, or want to turn it off for some reason--but then they or their > distro can fix up the unit files too. Having to fix up unit files is something I would much rather avoid. I think of them as code and just because they can be edited it doesn't mean they should be. I'm quite open to having rpc.svcgssd test to see if gssproxy is installed rather than if it is running. In that case we would have a 'Want=' somewhere in nfs-utils for gssproxy.service (which I previously said I didn't like but I'm beginning to see the wisdom of). But if gssproxy isn't installed, then I think rpc.svcgssd should run whether use-gss-proxy is present or not. > > Otherwise if we've got gss-proxy and the kernel supports it then it > should work, and if it's failing to come up in that case I'd kind of > like to know why and get a bug report like "gssproxy failed to start" or > "krb5 exports stopped working" rather than "krb5 exports are working in > some subtly different way than they did last week." This is quite a strong argument. Thanks, NeilBrown > > --b. > -- > To unsubscribe from this list: send the line "unsubscribe linux-nfs" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature