Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

nscd service: fix ordering and start automatically #154320

Merged
merged 1 commit into from
Jan 11, 2022
Merged

nscd service: fix ordering and start automatically #154320

merged 1 commit into from
Jan 11, 2022

Conversation

abbradar
Copy link
Member

@abbradar abbradar commented Jan 10, 2022
edited
Loading

During working on #150837 I discovered that google-oslogin test
started failing, and so did some of my development machines. Turns out
it was because nscd doesn't start by default; rather it's wanted by
NSS lookup targets, which are not always fired up.

To quote from systemd.special(7) section on nss-user-lookup.target:

All services which provide parts of the user/group database should be
ordered before this target, and pull it in.

Following this advice and comparing our unit to official sssd.service
unit (which is a similar service), we now pull NSS lookup targets from
the service, while starting it with multi-user.target.

Motivation for this change
Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

Tested by using it together with new GCE configuration from #150837, and with google-oslogin test.

@abbradar
nscd service: fix ordering and start automatically
b451eca 
During working on NixOS#150837 I discovered that `google-oslogin` test
started failing, and so did some of my development machines. Turns out
it was because nscd doesn't start by default; rather it's wanted by
NSS lookup targets, which are not always fired up.

To quote from section on systemd.special(7) on `nss-user-lookup.target`:

> All services which provide parts of the user/group database should be
> ordered before this target, and pull it in.

Following this advice and comparing our unit to official `sssd.service`
unit (which is a similar service), we now pull NSS lookup targets from
the service, while starting it with `multi-user.target`.
@github-actions github-actions bot added 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` labels Jan 10, 2022
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 labels Jan 10, 2022
@flokli flokli requested a review from arianvp January 11, 2022 17:25
@arianvp
Copy link
Member

arianvp commented Jan 11, 2022

Thanks for this. This is definitely correct and the previous behaviour was not. I also recently noticed nscd started way too late.

@arianvp
Copy link
Member

arianvp commented Jan 11, 2022

It might actually make sense to start nscd even earlier than multi-user.target but for now this is fine

@abbradar
Copy link
Member Author

If I understand this correctly, the idea is instead to make services which depend on name resolution run after NSS lookup targets are reached, so multi-user.target here should be fine.

@flokli
Copy link
Contributor

flokli commented Jan 11, 2022

Let's get this in. It's better than it was for sure, if we can improve further, we still can ;-)

@flokli flokli merged commit 2d9eea6 into NixOS:master Jan 11, 2022
@abbradar abbradar mentioned this pull request Jan 11, 2022
Closed
@github-actions github-actions bot mentioned this pull request Jan 11, 2022
Merged
1 task
@github-actions
Copy link
Contributor

Successfully created backport PR #154620 for release-21.11.

@abbradar abbradar mentioned this pull request Jan 11, 2022
Closed
@tilpner tilpner mentioned this pull request Jun 5, 2022
Closed
13 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@flokli flokli Awaiting requested review from flokli

@offlinehacker offlinehacker Awaiting requested review from offlinehacker

@arianvp arianvp Awaiting requested review from arianvp

Assignees
No one assigned
Labels
0.kind: bug Something is broken 6.topic: nixos Issues or PRs affecting NixOS modules, or package usability issues specific to NixOS 8.has: module (update) This PR changes an existing module in `nixos/` 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@abbradar @arianvp @flokli