action #91947
open[qe-core][qem] prevent regression in cifs-utils like bsc#1184815
0%
Description
We had regression in cifs-utils: https://bugzilla.suse.com/show_bug.cgi?id=1184815 - mounting was broken when used with krb
This scenario could be made into automated test to prevent from happening again
Acceptance Criteria¶
AC1: To validate the assumption of what to test (sec=krb5), do a manual testing in a VM (any SLE version that was affected and then fixed) where the patch fixing the issue is reverted so that one can reproduce the original regression.
AC2: network/cifs.pm is testing with the same command from now on that was used in AC1 / indicated in the bug report, and the test is run across all maintenance releases
Suggestions¶
- Check what´s needed for the krb5 server to be configured, so that the following mount, either passes or fails (try first with a lower version of the package or SP?)
// Enable CIFS debug to get more info from dmesg
echo 'module cifs +p' > /sys/kernel/debug/dynamic_debug/control
echo 'file fs/cifs/* +p' > /sys/kernel/debug/dynamic_debug/control
echo 7 > /proc/fs/cifs/cifsFYI// Command to mount CIFS FS ( error 126 )
// mount -t cifs //dfs.moon.corner.tech/software/SAP /opt/software/share -o gid=sapsys,file_mode=0440,dir_mode=0775,sec=krb5,username=NG-CB-UBD201$,vers=3.0
mount error(126): Required key not available
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
- AC1: Provide two verification runs for 15-SP2, one with the version that passes and another with the version that fails.
- AC2: branch the changes to run unconditionally on 15-SP3
- AC3: Soft fail for openSUSE
Updated by tjyrinki_suse almost 3 years ago
- Subject changed from [qem] prevent regression in cifs-utils like bsc#1184815 to [qe-core][qem] prevent regression in cifs-utils like bsc#1184815
- Category set to Enhancement to existing tests
- Priority changed from Normal to Urgent
- Target version set to QE-Core: Ready
- Start date deleted (
2021-04-29)
Updated by maritawerner almost 3 years ago
If nothing was done so far is that ticket really urgent?
Updated by szarate almost 3 years ago
- Priority changed from Urgent to Normal
maritawerner wrote:
If nothing was done so far is that ticket really urgent?
I agree
Updated by dvenkatachala almost 3 years ago
- Status changed from Workable to In Progress
Updated by dvenkatachala almost 3 years ago
- Status changed from In Progress to Workable
- Assignee changed from dvenkatachala to szarate
Updated by szarate almost 3 years ago
- Status changed from Workable to Feedback
Waiting to get more info on setup strategies/config files and proper procedure to add it to the test suite.
Updated by tjyrinki_suse about 2 years ago
- Description updated (diff)
(cleaned up description by changing # to // for disabling formatting)
I think this could be added as part of something that setups krb server already, and use sec=krb5 for mounting the nfs share? I don't think the debugging information is needed to be enabled, and it sounds to me from bug report that all regular non-containerized NFS mounting using krb authentication was potentially affected. It would be of course a bonus if we could find the rpm that was faulty and prove it would now fail the test.
Updated by tjyrinki_suse about 2 years ago
- Description updated (diff)
- Category deleted (
Enhancement to existing tests) - Status changed from Feedback to Workable
- Assignee deleted (
szarate) - Priority changed from Normal to High
- Target version changed from QE-Core: Ready to QE-Core: Next
Removing from sprint backlog and unassigning, but putting higher in the product backlog to be picked up potentially for next sprint.
In my understanding the bug was "simply" about mounting with sec=krb5 (correct me if I'm wrong), so this could go ahead, but what this ticket involves is knowing how to use / set-up krb5 authentication to samba in a suitable configuration to try this kind of mounting out. Additionally, to make really sure it would identify an identical problem, the patch would possibly need to be reverted for testing purposes, but this could be done manually in a VM.
Updated by tjyrinki_suse about 2 years ago
- Category set to Enhancement to existing tests
Updated by tjyrinki_suse about 2 years ago
- Target version deleted (
QE-Core: Next)
Updated by slo-gin about 1 month ago
This ticket was set to Normal priority but was not updated within the SLO period. Please consider picking up this ticket or just set the ticket to the next lower priority.