Submachine (talk | contribs) (FESCo approved deprecating nscd in F34, then removing it in F35. Accordingly, a separate new DeprecateNSCD page tracks deprecation in F34; This RemoveNSCD page will now track the F35 removal.) |
Submachine (talk | contribs) (Add link to systemd-resolved change proposal) |
||
Line 95: | Line 95: | ||
<!-- What work do the feature owners have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do the feature owners have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd for caching other than DNS in an earlier release of Fedora will need to install and configure sssd instead in order to re-enable caching. For caching DNS queries, Fedora already has systemd-resolved enabled by default since Fedora 33. | The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd for caching other than DNS in an earlier release of Fedora will need to install and configure sssd instead in order to re-enable caching. For caching DNS queries, Fedora already has systemd-resolved enabled by [[Changes/systemd-resolved|default since Fedora 33]]. | ||
* Other developers: | * Other developers: |
Revision as of 22:59, 6 December 2020
Remove nscd
Summary
This proposal intends to remove the nscd cache for named services in Fedora 35. nscd is already planned for deprecation in Fedora 34. The functionality it currently provides can be achieved by using systemd-resolved for DNS caching and the sssd daemon for everything else.
Owner
- Name: Arjun Shankar
- Email: arjun@redhat.com
Current status
- Targeted release: Fedora 35
- Last updated: 2020-12-06
- FESCo issue: #2501
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
nscd is a daemon that provides caching for accesses of the passwd
, group
, hosts
, services
, and netgroup
databases through standard libc interfaces (such as getpwnam
, getpwuid
, getgrnam
, getgrgid
, gethostbyname
, etc.). This proposal intends to remove nscd in Fedora 35 and replace it with functionality provided by systemd-resolved for the hosts
database and the sssd daemon for everything else. Accordingly, the nscd
sub-package of glibc will be removed in Fedora 35 after being deprecated in Fedora 34.
Benefit to Fedora
The benefits of this change are already described in the deprecation change proposal.
Scope
- Proposal owners:
The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd for caching other than DNS in an earlier release of Fedora will need to install and configure sssd instead in order to re-enable caching. For caching DNS queries, Fedora already has systemd-resolved enabled by default since Fedora 33.
- Other developers:
nss-pam-ldapd
has a weak dependency on nscd that will need to be removed. libuser
has a build dependency on nscd that will also need to be removed.
- Release engineering:
This change does not require coordination with or have impact on release engineering and does not require a mass rebuild.
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
While this proposal does not directly move any of the currently stated objectives forward, it is not opposed to any.
Upgrade/compatibility impact
The nscd sub-package depends on a glibc version that is identical to itself. This means that once it is removed and marked as obsolete in Fedora 35, updating from a previous release of Fedora with nscd installed on it, the old nscd package will be uninstalled during the update. Named services caching will cease to function, but the only effect will be slower resolution due to the missing cache. This will be more marked in systems that use remote remote authentication services like LDAP. Functionality will not be affected in any way.
The hosts cache will automatically be replaced by the one provided by systemd-resolved. However, in order to restore caching functionality for other caches provided by nscd, the system administrator will need to install and/or configure sssd (by enabling sssd with authconfig, and editing /etc/sssd/sssd.conf
to enable it to work with nss).
How To Test
N/A (not a System Wide Change)
User Experience
- Most users will be unaffected by this change because nscd is not installed by default. It is usually used on systems configured with LDAP, where nscd provides caching of remote queries.
- On a system using nscd that is updated to Fedora 35 from a previous version, the system administrator will need to install and configure sssd to replace it after the update. Even when this is not done, the only visible affect will be slower resolution of named service queries due to a missing cache.
- Users on a system running sssd and systemd-resolved instead of nscd shouldn't see any noticeable difference in system behaviour or latency in resolving named services.
Dependencies
nss-pam-ldapd
has a weak dependency on nscd that will need to be removed.libuser
has a build dependency on nscd that will also need to be removed.
Both changes are minimal, requiring a removal of the dependency in the spec file, and a rebuild.
Contingency Plan
- Contingency mechanism: Revert changes to glibc spec file and continue to ship nscd. Revert changes to libuser and nss-pam-ldapd packages; this will need to be done by the respective package maintainers.
- Contingency deadline: Fedora 35 Beta Freeze
- Blocks release? N/A (not a System Wide Change)
- Blocks product? None
Documentation
N/A (not a System Wide Change)