Weekly Changes – 06/04/2021
Not much in the way of changes this week but a few pieces of ongoing work which will appear in the next release. Note that, due to the Easter break, this release was created on a Tuesday rather than the usual Monday. Here are the details…
NFS configuration
Whilst debugging a problem with the sssd service on a couple of SL7 DICE machines we discovered a problem with the Kerberos credentials cache for the root user. It appears to be similar to this problem which is caused by the default NFS configuration having the gssproxy enabled by default (GSS_USE_PROXY="yes"
in /etc/sysconfig/nfs
). This happens because rpc.gssd uses our /etc/krb5.keytab
and stores a GSSPROXY
ticket in /tmp/krb5cc_0
(service principal Encrypted/Credentials/v1@X-GSSPROXY:
). We don’t see this on all machines, it only happens when a user actually accesses a file via NFS.
The solution is fairly simple (just set GSS_USE_PROXY="no"
) but as that configuration file has not previously been managed a new nfsconfig
LCFG component (a sub-class of the file component) has been added. This has resources which map onto all the main supported options, it has templates for both SL7 and Ubuntu which are, annoyingly, just a bit different. Note that, unlike Redhat, the gss proxy is disabled by default for all LCFG platforms.
This component is not included by default at the LCFG level, sites wanting to use it will need to include the lcfg/options/nfsconfig.h
header. It will be enabled for all DICE machines in a subsequent release once it is fully tested.
PAM Stack
There is a fix for a problem in the Ubuntu PAM stack for sudo which was introduced in the last release.
Test Kernels
The INF_TEST
kernel on Ubuntu has been updated to 5.4.0-70.78
, this is expected to become the new INF
in the next weekly release.
Default Python version
The default major version for Python on LCFG Ubuntu is now set to be 3 (currently specifically 3.8.5
). This was already the case for DICE machines. This affects which binary the generic /usr/bin/python
file is symlinked to and is managed via the python-is-python3
package. To switch to version 2 remove that package and install python-is-python2
instead.
samba server
The samba service name differs between SL7 and Ubuntu. In this release the samba.ng_service
resource has been set appropriately for each platform. A change is also required to the LCFG component code, that will appear as version 1.2.0
in the next weekly release. See bug#1275 for full details.
New package options
Ubuntu has gained the following new package options:
LCFG_OPTIONS_XDOTOOL
– Generate X11 keyboard/mouse input events
This can be enabled by adding the option name to the profile.pkgcppopts
resource, for example:
!profile.pkgcppopts mADD(LCFG_OPTIONS_XDOTOOL)
Recent comments