[Bug 1129587] New: NIS / ypbind fails to start
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Bug ID: 1129587 Summary: NIS / ypbind fails to start Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: iforster@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- After upgrading my machine from Leap 15.0 to Leap 15.1 Beta NIS fails to start on boot with the following log: Mär 18 10:26:16 lem systemd[1]: Starting NIS/YP Clients to NIS Domain Binder... Mär 18 10:26:16 lem ypbind-systemd-pre[1434]: suse.de\n Mär 18 10:26:16 lem ypbind-systemd-pre[1434]: . . . . . . . . . . /etc/yp.conf not found Mär 18 10:26:16 lem systemd[1]: ypbind.service: Control process exited, code=exited status=1 Mär 18 10:26:16 lem systemd[1]: Failed to start NIS/YP Clients to NIS Domain Binder. Mär 18 10:26:16 lem systemd[1]: ypbind.service: Unit entered failed state. Mär 18 10:26:16 lem systemd[1]: ypbind.service: Failed with result 'exit-code'. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P2 - High Flags| |SHIP_STOPPER+ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c4 --- Comment #4 from Ludwig Nussel <lnussel@suse.com> --- and we can't fix ypbind to be a bit less picky? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lnussel@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c5 --- Comment #5 from Thorsten Kukuk <kukuk@suse.com> --- (In reply to Ludwig Nussel from comment #4)
and we can't fix ypbind to be a bit less picky?
As this is no bug in ypbind, there is nothing to fix. If there is no configuration, ypbind can nothing do. Quite simple. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c6 --- Comment #6 from Ludwig Nussel <lnussel@suse.com> --- Well, in a dynamic world ypbind could start and wait for events that allow it to actually do something (network online, config exists, domainname set). Anyways, even after yp.conf is there after boot a manual rcypbind restart fails. Something very weird going on: lagarto:~ # cat /etc/defaultdomain ypdomainname: Local domain name not set lagarto:~ # l /etc/defaultdomain -rw-r--r-- 1 root root 40 22. Mär 16:17 /etc/defaultdomain lagarto:~ # rpm -qa --last|grep 16:17 ypbind-2.6-lp151.1.1.x86_64 Fr 22 Mär 2019 16:17:09 CET libnss_nis2-3.0-lp151.2.3.x86_64 Fr 22 Mär 2019 16:17:09 CET libclucene-shared1-2.3.3.4-lp151.2.3.x86_64 Fr 22 Feb 2019 14:16:17 CET What writes /etc/defaultdomain? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P2 - High |P1 - Urgent -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c8 --- Comment #8 from Ludwig Nussel <lnussel@suse.com> --- So the bit about yp.conf can be solved by putting ypbind after network-online.target NetworkManager-wait-online needs to be activated for that too which is missing so far. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1130355 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c9 --- Comment #9 from Ludwig Nussel <lnussel@suse.com> --- bug for NM: https://bugzilla.opensuse.org/show_bug.cgi?id=1130355 So what's left is why the domainname is not set and that looks like something netconfig has to do. In fact it works when calling netconfig update after boot is done. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Bug 1129587 depends on bug 1130355, which changed state. Bug 1130355 Summary: NetworkManager-wait-online needs to be enabled with NetworkManager http://bugzilla.opensuse.org/show_bug.cgi?id=1130355 What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c10 Ludwig Nussel <lnussel@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(iforster@suse.com | |) --- Comment #10 from Ludwig Nussel <lnussel@suse.com> --- What is the status here? Four weeks no response? Ignaz, can you still reproduce with current builds? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c11 Ignaz Forster <iforster@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(iforster@suse.com | |) | --- Comment #11 from Ignaz Forster <iforster@suse.com> --- Nothing has changed - at boot time ypbind still fails to start for me with the current build. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 Marius Tomaschewski <mt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|mt@suse.com |os.gnome.maintainers@gmail. | |com -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c12 Marius Tomaschewski <mt@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mt@suse.com --- Comment #12 from Marius Tomaschewski <mt@suse.com> --- (In reply to Ludwig Nussel from comment #9)
bug for NM: https://bugzilla.opensuse.org/show_bug.cgi?id=1130355
So what's left is why the domainname is not set and that looks like something netconfig has to do. In fact it works when calling netconfig update after boot is done.
netconfig does it -- when somebody calls it (it's a tool, not a service), it will make a /bin/{nis,yp,}domainname `cat /etc/defaultdomain` call. /etc/defaultdomain is similar to /etc/hostname, configured by admin/yast2 and applied by boot scripts (boot.localnet in the past). The hostname is applied by systemd, defaultdomain obviously isn't. netconfig is called by NetworkManager or wicked to apply settings from sysconfig files and/or dynamic leases (dhcp,ppp). While wicked calls it for loopback interface as well, NetworkManager probably doesn't. The solution is IMO to add either: ExecStartPre=-/sbin/netconfig update to NetworkManager.service or: ExecStartPre=-/sbin/netconfig update -m nis to ypbind.service or add kind of boot.localnet systemd service. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c13 --- Comment #13 from Marius Tomaschewski <mt@suse.com> --- We found it: + /bin/nisdomainname suse.de nisdomainname: you must be root to change the domain name -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c14 --- Comment #14 from Marius Tomaschewski <mt@suse.com> --- -> NetworkManager calls netconfig without CAP_SYS_ADMIN (see .service file). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c15 --- Comment #15 from Ludwig Nussel <lnussel@suse.com> --- so the problem is in /usr/lib/systemd/system/NetworkManager.service. It has CapabilityBoundingSet without CAP_SYS_ADMIN which is required for setdomainname. Of course it could be added but it's rather ugly to have such privileges when not needed in most cases. Setting the hostname works though hostnamed btw, no CAP_SYS_ADMIN needed for that. So short of quickly hacking setdomainname into systemd anymore and since ypbind is a rather legacy service anyways the simplest fix would be indeed to add the ExecStartPre line to ypbind.service. There's already /usr/lib/ypbind/ypbind-systemd-pre anyways. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1129587 http://bugzilla.opensuse.org/show_bug.cgi?id=1129587#c20 --- Comment #20 from Anja Stock <ast@suse.com> --- (In reply to Thorsten Kukuk from comment #18)
(In reply to Ludwig Nussel from comment #17)
So don't be childish. find a better solution then.
If somebody is childisch, than it's you. We have a broken tool, which is doing things which it due to a bug not allowed to do. You propose now to workaround all consumers of the domainname syscall? This is not only ypbind, getdomainname(2) is not NIS specific. Fix the tool which is broken.
What exactly do you suggest here? What is your suggestion, how to fix that (precisely)? -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com