Focal verification
TEST A
Reproducing the bug with the focal package:
ubuntu@f-gssd-restart-1928259-1927745-A:~$ apt-cache policy nfs-common
nfs-common:
Installed: 1:1.3.4-2.5ubuntu3.3
Candidate: 1:1.3.4-2.5ubuntu3.3
Version table:
*** 1:1.3.4-2.5ubuntu3.3 500
500 http://br.archive.ubuntu.com/ubuntu focal-updates/main amd64
Packages
500 http://br.archive.ubuntu.com/ubuntu focal-security/main amd64
Packages
100 /var/lib/dpkg/status
1:1.3.4-2.5ubuntu3 500
500 http://br.archive.ubuntu.com/ubuntu focal/main amd64 Packages
rpc.gssd running:
ubuntu@f-gssd-restart-1928259-1927745-A:~$ pidof rpc.gssd
2968
Reinstall:
ubuntu@f-gssd-restart-1928259-1927745-A:~$ sudo apt install --reinstall
nfs-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 48 not upgraded.
Need to get 204 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://br.archive.ubuntu.com/ubuntu focal-updates/main amd64 nfs-common
amd64 1:1.3.4-2.5ubuntu3.3 [204 kB]
Fetched 204 kB in 0s (10.1 MB/s)
(Reading database ... 63643 files and directories currently installed.)
Preparing to unpack .../nfs-common_1%3a1.3.4-2.5ubuntu3.3_amd64.deb ...
Unpacking nfs-common (1:1.3.4-2.5ubuntu3.3) over (1:1.3.4-2.5ubuntu3.3) ...
Setting up nfs-common (1:1.3.4-2.5ubuntu3.3) ...
nfs-utils.service is a disabled or a static unit not running, not starting it.
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.6) ...
Same PID as before, so it wasn't restarted:
ubuntu@f-gssd-restart-1928259-1927745-A:~$ pidof rpc.gssd
2968
Installing the package from proposed restarted rpc.gssd:
ubuntu@f-gssd-restart-1928259-1927745-A:~$ sudo apt install nfs-common
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
watchdog
The following packages will be upgraded:
nfs-common
1 upgraded, 0 newly installed, 0 to remove and 67 not upgraded.
Need to get 204 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://br.archive.ubuntu.com/ubuntu focal-proposed/main amd64 nfs-common
amd64 1:1.3.4-2.5ubuntu3.4 [204 kB]
Fetched 204 kB in 0s (1411 kB/s)
(Reading database ... 63643 files and directories currently installed.)
Preparing to unpack .../nfs-common_1%3a1.3.4-2.5ubuntu3.4_amd64.deb ...
Unpacking nfs-common (1:1.3.4-2.5ubuntu3.4) over (1:1.3.4-2.5ubuntu3.3) ...
Setting up nfs-common (1:1.3.4-2.5ubuntu3.4) ...
Processing triggers for man-db (2.9.1-1) ...
Processing triggers for systemd (245.4-4ubuntu3.6) ...
New PID:
ubuntu@f-gssd-restart-1928259-1927745-A:~$ pidof rpc.gssd
4131
TEST B
ubuntu@f-gssd-restart-1928259-1927745-B:~$ diff -u pstree.old pstree.new
ubuntu@f-gssd-restart-1928259-1927745-B:~$ l pstree.*
-rw-rw-r-- 1 ubuntu ubuntu 678 Jun 11 20:34 pstree.new
-rw-rw-r-- 1 ubuntu ubuntu 678 Jun 11 20:33 pstree.old
ubuntu@f-gssd-restart-1928259-1927745-B:~$ apt-cache policy nfs-common
nfs-common:
Installed: 1:1.3.4-2.5ubuntu3.4
Candidate: 1:1.3.4-2.5ubuntu3.4
Version table:
*** 1:1.3.4-2.5ubuntu3.4 500
500 http://br.archive.ubuntu.com/ubuntu focal-proposed/main amd64
Packages
100 /var/lib/dpkg/status
1:1.3.4-2.5ubuntu3.3 500
500 http://br.archive.ubuntu.com/ubuntu focal-updates/main amd64
Packages
500 http://br.archive.ubuntu.com/ubuntu focal-security/main amd64
Packages
1:1.3.4-2.5ubuntu3 500
500 http://br.archive.ubuntu.com/ubuntu focal/main amd64 Packages
Focal verification succeeded.
** Description changed:
[Impact]
In order to get the fixes provided by a package update, the affected services
shipped in it need to be restarted. When that restart does not happen, the
system remains running the old binaries with the bug(s).
This bug was found while testing the fix for #1927745, which affected
rpc.gssd, one of the services shipped in nfs-common. Without the
restart, systems that installed the update are still affected by the
bug.
[Test Plan]
To make the test simple, we are not going to mount an NFSv4 share using
kerberos. We are just going to have a minimal configuration that gets rpc.gssd
running to demonstrate the before and after of this bug.
For a more thorough testing, which includes actually mounting an NFSv4
export with kerberos, follow the test instructions of bug #1927745, and
you will see that the manual restart included because of this bug here,
after the package is updated, is no longer needed.
TEST (A)
# create a VM for the affected ubuntu release under test, login and run:
sudo touch /etc/krb5.keytab
sudo chmod 0600 /etc/krb5.keytab
# install nfs-common
sudo apt install nfs-common -y
# note message about nfs-utils.service being disabled/static:
nfs-utils.service is a disabled or a static unit, not starting it.
# Manually start rpc-gssd. It will start, but since we have an empty
# krb5.keytab file, it won't work. That's ok, we are not actually going to
# mount nfsv4
sudo systemctl start rpc-gssd.service
# Check it's running, and make note of its pid:
pidof rpc.gssd
2994
# reinstall nfs-common
sudo apt install --reinstall nfs-common
# note rpc-gssd wasn't restarted
pidof rpc.gssd
2994
# install the fixed nfs-common package. Notice the message about starting a
disabled or static unit no longer appears:
sudo apt install nfs-common
# this time, rpc.gssd is restarted
pidof rpc.gssd
5000
TEST (B)
This test is to confirm no new services are started after the fixed package
is installed for the first time.
# create a VM for the affected ubuntu release under test, login and run:
sudo touch /etc/krb5.keytab
sudo chmod 0600 /etc/krb5.keytab
# install nfs-common that has the bug
sudo apt install nfs-common -y
# take a snapshot of running processes
pstree > pstree.old
# purge the nfs-common package
sudo apt purge nfs-common -y
# install the new nfs-common package
- sudo apt purge nfs-common -y
+ sudo apt install nfs-common -y
# take a new pstree snapshot and compare with the old one
pstree > pstree.new
diff -u pstree.old pstree.new
Should be no difference.
[Where problems could occur]
Also known as "I'm doing an unconditional start in postinst, what could go
wrong":
- start services that were not started with the previous package on first
install
- systemd behavior change or bug and suddenly PartOf units also react to
"start", instead of just "restart" and "stop" as documented
- starting services that are not configured, and start fails, breaking
postinst (but we have the proverbial || true to avoid that)
[Other Info]
This fix is a bit awkward, but I think it's in line with the SRU spirit of
doing the least unpredictable change, and one that is simple and can be better
understood.
See the linked MP for an explanation of this fix, why it works, and other
tests I did:
https://code.launchpad.net/~ahasenack/ubuntu/+source/nfs-utils/+git/nfs-utils/+merge/403288
[Original Description]
Upgrading the nfs-common debian package will not restart its services.
Specifically, the package tries to restart "nfs-utils.service", which is a
"fake" service meant to coordinate all the other daemons that make up a modern
NFS server. This service, however, as it is, cannot be enabled:
$ sudo systemctl enable nfs-utils.service
The unit files have no installation config (WantedBy, RequiredBy, Also, Alias
settings in the [Install] section, and DefaultInstance for template units).
This means they are not meant to be enabled using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
4) In case of template units, the unit is meant to be enabled with some
instance name specified
Granted, d/rules of the nfs-utils package doesn't even try:
dh_systemd_enable -p nfs-common nfs-client.target
dh_systemd_enable -p nfs-kernel-server nfs-server.service
dh_installinit -pnfs-common -R
dh_systemd_start -p nfs-common --restart-after-upgrade nfs-utils.service
dh_systemd_start -p nfs-kernel-server --restart-after-upgrade
nfs-server.service
We can see it tries to start and restart it, but that won't work on disabled
or non-started services: deb-systemd-invoke won't do it:
# If the job is disabled and is not currently running, the job is not started
or restarted.
# However, if the job is disabled but has been forced into the running state,
we *do* stop
# and restart it since this is expected behaviour for the admin who forced
the start.
# We don't autostart static units either.
The above can be seen while attempting a fresh install (or even upgrade) of
nfs-common:
(...)
Setting up nfs-common (1:1.3.4-2.5ubuntu6) ...
Creating config file /etc/idmapd.conf with new version
Adding system user `statd' (UID 113) ...
Adding new user `statd' (UID 113) with group `nogroup' ...
Not creating home directory `/var/lib/nfs'.
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-client.target
→ /lib/systemd/system/nfs-client.target.
Created symlink /etc/systemd/system/remote-fs.target.wants/nfs-client.target
→ /lib/systemd/system/nfs-client.target.
nfs-utils.service is a disabled or a static unit, not starting it.
^^^^^^^^^^^^^^^^^
$ systemctl status nfs-utils.service
● nfs-utils.service - NFS server and client services
Loaded: loaded (/lib/systemd/system/nfs-utils.service; static)
Active: inactive (dead)
This was found while testing the fix for bug #1927745. In that bug, the
affected service is rpc.gssd and it's critical that it be restarted, but
it's not happening. It will only be restarted if nfs-utils.service is
already "started".
I'm marking this bug as "high" because it prevents valid fixes from
being deployed after just upgrading a package.
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928259
Title:
Package upgrade won't restart services
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/1928259/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
