Date: Sat, 31 Dec 2011 04:14:15 GMT From: Devin Teske <dteske@vicor.com> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/163727: The mountlate RCNG boot script cannot be disabled Message-ID: <201112310414.pBV4EFdb098152@red.freebsd.org> Resent-Message-ID: <201112310420.pBV4KAc6045906@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 163727
>Category: misc
>Synopsis: The mountlate RCNG boot script cannot be disabled
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Dec 31 04:20:10 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Devin Teske
>Release: FreeBSD 8.1-RELEASE-p6 i386
>Organization:
FIS Global, Inc.
>Environment:
FreeBSD kxt2a.jbsd.vicor.com 8.1-RELEASE-p6 FreeBSD 8.1-RELEASE-p6 #15: Wed Dec 7 11:08:51 PST 2011
dteske@ipm0.vbsd.vicor.com:/usr/src/sys/i386/compile/FIS i386
>Description:
For those headless systems that are administered remotely, sometimes thousands-of-miles away, we find ourselves needing to disable the mountlate RCNG boot script. Otherwise, there exists no-less than half-a-dozen scenarios that can cause the system to boot into single-user mode -- many of which are out-of-control of the system itself and may even be part of a Denial-of-Service (DoS) attack. For example, if the host has NFS mounts and the DNS server is "taken out," the next time it reboots, the host will hang forever at the single-user mode prompt.
Attached is a patch to HEAD that we similarly apply internally to all systems, allowing us to disable the mountlate feature. We lose the ability to mount any filesystem in the fstab(5) configuration, but that's something we're glad to relinquish in-favor of the ability to build systems that eventually get into multi-user mode. In testing, all edge-cases produce a multi-user system after some eventual length of timeouts reached when network filesystems (NFS/SMB/etc.) are configured in fstab(5).
>How-To-Repeat:
Configure any number of network filesystems in fstab(5). Use both IP addresses and DNS names.
1. Test-case #1: Move /etc/resolv.conf aside and reboot. The system boots into single-user mode because DNS names will fail to resolve.
2. Test-case #2: Disconnect one of the machines that provides any of the network filesystems configured. Reboot. The system boots into single-user mode because the mounts fail.
3. Test-case #3: Disconnect the DNS server. Reboot. Like #1, the system will [eventually] boot into single--user mode.
Other scenarios exist but range from being very hardware specific to being sporadic in nature.
After applying the attached patch, adding mountlate_enable="NO" to rc.conf(5) and rebooting, all test-cases [eventually] produce a multi-user system and you can ssh(1) into the remote system.
Without this patch, it may require physical access (if a remote serial console is not configured/attached) to resume multi-user mode when the mountlate boot script stops the boot process for failed network mounts (late or otherwise).
The attached patch simply allows the system administrator the choice to disable this boot script, sacrificing "late" filesystems but gaining the ability to prevent network filesystem failure from dropping the system into single-user mode.
>Fix:
--- etc/defaults/rc.conf.orig Fri Dec 2 11:21:08 2011
+++ etc/defaults/rc.conf Fri Dec 2 11:22:31 2011
@@ -93,6 +93,7 @@
netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB portalfs:PORTAL nwfs:NWFS" # Net
filesystems.
extra_netfs_types="NO" # List of network extra filesystem types for delayed
# mount at startup (or NO).
+mountlate_enable="YES" # Mount critical late/remaining filesystems in fstab(5)
##############################################################
### Network configuration sub-section ######################
--- etc/rc.d/mountlate.orig Fri Dec 2 11:19:51 2011
+++ etc/rc.d/mountlate Fri Dec 2 11:20:28 2011
@@ -11,6 +11,7 @@
. /etc/rc.subr
name="mountlate"
+rcvar="`set_rcvar`"
start_cmd="mountlate_start"
stop_cmd=":"
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112310414.pBV4EFdb098152>