From Fedora Project Wiki
(Initial entry from template)
 
 
(24 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{admon/tip | Guidance | For details on how to fill out this form, see the [https://docs.fedoraproject.org/en-US/program_management/changes_guide/ documentation].}}
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->
<!-- The actual name of your proposed change page should look something like: Changes/Your_Change_Proposal_Name.  This keeps all change proposals in the same namespace -->


= Remove and deprecate nscd in favour of sssd and systemd-resolved <!-- The name of your change proposal --> =
= Remove ''nscd'' <!-- The name of your change proposal --> =


== Summary ==
== Summary ==
<!-- A sentence or two summarizing what this change is and what it will do. This information is used for the overall changeset summary page for each release.  
<!-- A sentence or two summarizing what this change is and what it will do. This information is used for the overall changeset summary page for each release.  
Note that motivation for the change should be in the Benefit to Fedora section below, and this part should answer the question "What?" rather than "Why?". -->
Note that motivation for the change should be in the Benefit to Fedora section below, and this part should answer the question "What?" rather than "Why?". -->
This proposal intends to remove the ''nscd'' cache for named services in Fedora 35. nscd is already [[Changes/DeprecateNSCD|planned for deprecation]] in Fedora 34. The functionality it currently provides can be achieved by using ''systemd-resolved'' for DNS caching and the ''sssd'' daemon for everything else.


== Owner ==
== Owner ==
Line 14: Line 14:
This should link to your home wiki page so we know who you are.  
This should link to your home wiki page so we know who you are.  
-->
-->
* Name: [[User:FASAcountName| Your Name]]
 
* Name: [[User:submachine| Arjun Shankar]]
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->
<!-- Include you email address that you can be reached should people want to contact you about helping with your change, status is requested, or technical issues need to be resolved. If the change proposal is owned by a SIG, please also add a primary contact person. -->
* Email: <your email address so we can contact you, invite you to meetings, etc. Please provide your Bugzilla email address if it is different from your email in FAS>
* Email: arjun@redhat.com
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
<!--- UNCOMMENT only for Changes with assigned Shepherd (by FESCo)
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
* FESCo shepherd: [[User:FASAccountName| Shehperd name]] <email address>
Line 26: Line 27:


== Current status ==
== Current status ==
[[Category:ChangePageIncomplete]]
[[Category:ChangeAcceptedF36]]
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- When your change proposal page is completed and ready for review and announcement -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
<!-- remove Category:ChangePageIncomplete and change it to Category:ChangeReadyForWrangler -->
Line 33: Line 34:


<!-- Select proper category, default is Self Contained Change -->
<!-- Select proper category, default is Self Contained Change -->
<!-- [[Category:SelfContainedChange]] -->
[[Category:SelfContainedChange]]
[[Category:SystemWideChange]]
<!-- [[Category:SystemWideChange]] -->


* Targeted release: [[Releases/<number> | Fedora <number> ]]  
* Targeted release: [[Releases/36 | Fedora 36 ]]  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
* Last updated: <!-- this is an automatic macro — you don't need to change this line -->  {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}}  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page  
Line 45: Line 46:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* FESCo issue: <will be assigned by the Wrangler>
* FESCo issue: [https://pagure.io/fesco/issue/2501 #2501]
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1905142 #1905142]
* Release notes tracker: <will be assigned by the Wrangler>
* Release notes tracker: [https://pagure.io/fedora-docs/release-notes/issue/610 #610]


== Detailed Description ==
== Detailed Description ==


<!-- Expand on the summary, if appropriate. A couple sentences suffices to explain the goal, but the more details you can provide the better. -->
''nscd'' is a daemon that provides caching for accesses of the `passwd`, `group`, `hosts`, `services`, and `netgroup` databases through standard libc interfaces (such as `getpwnam`, `getpwuid`, `getgrnam`, `getgrgid`, `gethostbyname`, etc.). This proposal intends to remove ''nscd'' in Fedora 35 and replace it with functionality provided by ''systemd-resolved'' for the `hosts` database and the ''sssd'' daemon for everything else. Accordingly, the `nscd` sub-package of glibc will be removed in Fedora 35 after being deprecated in Fedora 34.


<!--
== Feedback ==
== Feedback ==


<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->


== Benefit to Fedora ==
== Benefit to Fedora ==
The benefits of this change are [[Changes/DeprecateNSCD#Benefit_to_Fedora|already described]] in the deprecation change proposal.


<!-- What is the benefit to the distribution?  Will the software we generate be improved? How will the process of creating Fedora releases be improved?
<!-- What is the benefit to the distribution?  Will the software we generate be improved? How will the process of creating Fedora releases be improved?
Line 91: Line 95:
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
<!-- What work do the feature owners have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->


* Other developers: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd for caching other than DNS in an earlier release of Fedora will need to install and configure sssd instead in order to re-enable caching. For caching DNS queries, Fedora already has systemd-resolved enabled by [[Changes/systemd-resolved|default since Fedora 33]].
 
* Other developers:
<!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->
<!-- What work do other developers have to accomplish to complete the feature in time for release?  Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?-->


* Release engineering: [https://pagure.io/releng/issues #Releng issue number] (a check of an impact with Release Engineering is needed) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
`nss-pam-ldapd` has a weak dependency on nscd that will need to be removed. `libuser` has a build dependency on nscd that will also need to be removed.
 
`systemd` supports flushing of the nscd cache when users are added or removed. This support will be dropped at compilation time ([https://github.com/systemd/systemd/pull/17879 upstream pull request]).
 
* Release engineering:
<!-- [https://pagure.io/releng/issues #Releng issue number] (a check of an impact with Release Engineering is needed) REQUIRED FOR SYSTEM WIDE CHANGES -->
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.  
<!-- Does this feature require coordination with release engineering (e.g. changes to installer image generation or update package delivery)?  Is a mass rebuild required?  include a link to the releng issue.  
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
The issue is required to be filed prior to feature submission, to ensure that someone is on board to do any process development work and testing and that all changes make it into the pipeline; a bullet point in a change is not sufficient communication -->
This change does not require coordination with or have impact on release engineering and does not require a mass rebuild.


* Policies and guidelines: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Policies and guidelines: N/A (not a System Wide Change) <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
Line 106: Line 119:
* Alignment with Objectives:  
* Alignment with Objectives:  
<!-- Does your proposal align with the current Fedora Objectives: https://docs.fedoraproject.org/en-US/project/objectives/ ? It's okay if it doesn't, but it's something to consider -->
<!-- Does your proposal align with the current Fedora Objectives: https://docs.fedoraproject.org/en-US/project/objectives/ ? It's okay if it doesn't, but it's something to consider -->
While this proposal does not directly move any of the currently stated [https://docs.fedoraproject.org/en-US/project/objectives objectives] forward, it is not opposed to any.


== Upgrade/compatibility impact ==
== Upgrade/compatibility impact ==
<!-- What happens to systems that have had a previous versions of Fedora installed and are updated to the version containing this change? Will anything require manual configuration or data migration? Will any existing functionality be no longer supported? -->
<!-- What happens to systems that have had a previous versions of Fedora installed and are updated to the version containing this change? Will anything require manual configuration or data migration? Will any existing functionality be no longer supported? -->
The nscd sub-package depends on a glibc version that is identical to itself. This means that once it is removed and marked as obsolete in Fedora 35, updating from a previous release of Fedora with nscd installed on it, the old nscd package will be uninstalled during the update. Named services caching will cease to function, but the only effect will be slower resolution due to the missing cache. This will be more marked in systems that use remote remote authentication services like LDAP. Functionality will not be affected in any way.


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
The hosts cache will automatically be replaced by the one provided by systemd-resolved. However, in order to restore caching functionality for other caches provided by nscd, the system administrator will need to install and/or configure sssd (by enabling sssd with authconfig, and editing `/etc/sssd/sssd.conf` to enable it to work with nss).
N/A (not a System Wide Change)  


== How To Test ==
== How To Test ==
Line 142: Line 157:
  - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
  - Green has been scientifically proven to be the most relaxing color. The move to a default background color of green with green text will result in Fedora users being the most relaxed users of any operating system.
-->
-->
* Most users will be unaffected by this change because nscd is not installed by default. It is usually used on systems configured with LDAP, where nscd provides caching of remote queries.
* On a system using nscd that is updated to Fedora 35 from a previous version, the system administrator will need to install and configure sssd to replace it after the update. Even when this is not done, the only visible affect will be slower resolution of named service queries due to a missing cache.
* Users on a system running sssd and systemd-resolved instead of nscd shouldn't see any noticeable difference in system behaviour or latency in resolving named services.


== Dependencies ==
== Dependencies ==
<!-- What other packages (RPMs) depend on this package?  Are there changes outside the developers' control on which completion of this change depends?  In other words, completion of another change owned by someone else and might cause you to not be able to finish on time or that you would need to coordinate?  Other upstream projects like the kernel (if this is not a kernel change)? -->
<!-- What other packages (RPMs) depend on this package?  Are there changes outside the developers' control on which completion of this change depends?  In other words, completion of another change owned by someone else and might cause you to not be able to finish on time or that you would need to coordinate?  Other upstream projects like the kernel (if this is not a kernel change)? -->


<!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* `nss-pam-ldapd` has a weak dependency on nscd that will need to be removed.
N/A (not a System Wide Change)
* `libuser` has a build dependency on nscd that will also need to be removed.
 
Both changes are minimal, requiring a removal of the dependency in the spec file, and a rebuild.


== Contingency Plan ==
== Contingency Plan ==


<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "Revert the shipped configuration".  Or it might not (e.g. rebuilding a number of dependent packages).  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
<!-- If you cannot complete your feature by the final development freeze, what is the backup plan?  This might be as simple as "Revert the shipped configuration".  Or it might not (e.g. rebuilding a number of dependent packages).  If you feature is not completed in time we want to assure others that other parts of Fedora will not be in jeopardy.  -->
* Contingency mechanism: (What to do?  Who will do it?) N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Contingency mechanism: Revert changes to `glibc` spec file and continue to ship nscd. Revert changes to `libuser`, `nss-pam-ldapd`, and `systemd` packages; this will need to be done by the respective package maintainers.
 
<!-- When is the last time the contingency mechanism can be put in place?  This will typically be the beta freeze. -->
<!-- When is the last time the contingency mechanism can be put in place?  This will typically be the beta freeze. -->
* Contingency deadline: N/A (not a System Wide Change)  <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Contingency deadline: Fedora 35 Beta Freeze
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
<!-- Does finishing this feature block the release, or can we ship with the feature in incomplete state? -->
* Blocks release? N/A (not a System Wide Change), Yes/No <!-- REQUIRED FOR SYSTEM WIDE CHANGES -->
* Blocks release? N/A (not a System Wide Change)
* Blocks product? product <!-- Applicable for Changes that blocks specific product release/Fedora.next -->
* Blocks product? None


== Documentation ==
== Documentation ==

Latest revision as of 13:43, 21 April 2022


Remove nscd

Summary

This proposal intends to remove the nscd cache for named services in Fedora 35. nscd is already planned for deprecation in Fedora 34. The functionality it currently provides can be achieved by using systemd-resolved for DNS caching and the sssd daemon for everything else.

Owner

Current status

Detailed Description

nscd is a daemon that provides caching for accesses of the passwd, group, hosts, services, and netgroup databases through standard libc interfaces (such as getpwnam, getpwuid, getgrnam, getgrgid, gethostbyname, etc.). This proposal intends to remove nscd in Fedora 35 and replace it with functionality provided by systemd-resolved for the hosts database and the sssd daemon for everything else. Accordingly, the nscd sub-package of glibc will be removed in Fedora 35 after being deprecated in Fedora 34.


Benefit to Fedora

The benefits of this change are already described in the deprecation change proposal.


Scope

  • Proposal owners:

The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd for caching other than DNS in an earlier release of Fedora will need to install and configure sssd instead in order to re-enable caching. For caching DNS queries, Fedora already has systemd-resolved enabled by default since Fedora 33.

  • Other developers:

nss-pam-ldapd has a weak dependency on nscd that will need to be removed. libuser has a build dependency on nscd that will also need to be removed.

systemd supports flushing of the nscd cache when users are added or removed. This support will be dropped at compilation time (upstream pull request).

  • Release engineering:

This change does not require coordination with or have impact on release engineering and does not require a mass rebuild.

  • Policies and guidelines: N/A (not a System Wide Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

While this proposal does not directly move any of the currently stated objectives forward, it is not opposed to any.

Upgrade/compatibility impact

The nscd sub-package depends on a glibc version that is identical to itself. This means that once it is removed and marked as obsolete in Fedora 35, updating from a previous release of Fedora with nscd installed on it, the old nscd package will be uninstalled during the update. Named services caching will cease to function, but the only effect will be slower resolution due to the missing cache. This will be more marked in systems that use remote remote authentication services like LDAP. Functionality will not be affected in any way.

The hosts cache will automatically be replaced by the one provided by systemd-resolved. However, in order to restore caching functionality for other caches provided by nscd, the system administrator will need to install and/or configure sssd (by enabling sssd with authconfig, and editing /etc/sssd/sssd.conf to enable it to work with nss).

How To Test

N/A (not a System Wide Change)

User Experience

  • Most users will be unaffected by this change because nscd is not installed by default. It is usually used on systems configured with LDAP, where nscd provides caching of remote queries.
  • On a system using nscd that is updated to Fedora 35 from a previous version, the system administrator will need to install and configure sssd to replace it after the update. Even when this is not done, the only visible affect will be slower resolution of named service queries due to a missing cache.
  • Users on a system running sssd and systemd-resolved instead of nscd shouldn't see any noticeable difference in system behaviour or latency in resolving named services.

Dependencies

  • nss-pam-ldapd has a weak dependency on nscd that will need to be removed.
  • libuser has a build dependency on nscd that will also need to be removed.

Both changes are minimal, requiring a removal of the dependency in the spec file, and a rebuild.

Contingency Plan

  • Contingency mechanism: Revert changes to glibc spec file and continue to ship nscd. Revert changes to libuser, nss-pam-ldapd, and systemd packages; this will need to be done by the respective package maintainers.
  • Contingency deadline: Fedora 35 Beta Freeze
  • Blocks release? N/A (not a System Wide Change)
  • Blocks product? None

Documentation

N/A (not a System Wide Change)

Release Notes

Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/RemoveNSCD&oldid=641053"