< Changes
Submachine (talk | contribs) (Initial summary and benefit) |
Submachine (talk | contribs) (Fill out benefits and scope) |
||
| Line 54: | Line 54: | ||
== Detailed Description == | == Detailed Description == | ||
''nscd'' is a daemon that provides caching for accesses of the `passwd`, `group`, `hosts`, `services`, and `netgroup` databases through standard libc interfaces (such as `getpwnam`, `getpwuid`, `getgrnam`, `getgrgid`, `gethostbyname`, etc.). This proposal intends to replace ''nscd'' | ''nscd'' is a daemon that provides caching for accesses of the `passwd`, `group`, `hosts`, `services`, and `netgroup` databases through standard libc interfaces (such as `getpwnam`, `getpwuid`, `getgrnam`, `getgrgid`, `gethostbyname`, etc.). This proposal intends to replace ''nscd'' in Fedora with ''systemd-resolved'' for the `hosts` database and the ''sssd'' daemon for everything else. Accordingly, the `nscd` sub-package of glibc will be removed. | ||
<!-- | <!-- | ||
| Line 64: | Line 63: | ||
== Benefit to Fedora == | == Benefit to Fedora == | ||
While still maintained within the glibc source tree, ''nscd'' has received less than forty commits in the past three years and has gathered significant technical debt | While still maintained within the glibc source tree, ''nscd'' has received less than forty commits in the past three years and has gathered significant technical debt, and has bugs which are hard to fix. There are concurrency bugs in the shared mappings, cache unification (IPv4 vs. IPv6 vs. AF_UNSPEC) issues, and more which would require significant investment to fix in nscd. Such an investment seems like duplicate effort among our communities given the quality and state of ''sssd'', and ''systemd-resolved'' which is already proposed to be enabled by default from [[Changes/systemd-resolved | Fedora 33 onwards]]. | ||
At a high level, sssd and systemd-resolved together provide a caching solution that has feature parity with nscd, with systemd-resolved covering the hosts cache and sssd the rest. The removal of nscd from Fedora will (a) move the user base over to a more modern solution for named services caching, and (b) reduce maintenance work on the Fedora glibc package and the duplication of effort on nscd upstream. | |||
<!-- What is the benefit to the distribution? Will the software we generate be improved? How will the process of creating Fedora releases be improved? | <!-- What is the benefit to the distribution? Will the software we generate be improved? How will the process of creating Fedora releases be improved? | ||
| Line 98: | Line 99: | ||
<!-- What work do the feature owners have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do the feature owners have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
* Other developers: | The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd will need to install and configure sssd instead. | ||
* Other developers: | |||
<!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | <!-- What work do other developers have to accomplish to complete the feature in time for release? Is it a large change affecting many parts of the distribution or is it a very isolated change? What are those changes?--> | ||
`nss-pam-ldapd` has a weak dependency on nscd that will need to be removed. `libuser` has a build dependency on nscd that will also need to be removed. | |||
* Release engineering: [https://pagure.io/releng/issues #Releng issue number] (a check of an impact with Release Engineering is needed) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | * Release engineering: [https://pagure.io/releng/issues #Releng issue number] (a check of an impact with Release Engineering is needed) <!-- REQUIRED FOR SYSTEM WIDE CHANGES --> | ||
| Line 113: | Line 118: | ||
* Alignment with Objectives: | * Alignment with Objectives: | ||
<!-- Does your proposal align with the current Fedora Objectives: https://docs.fedoraproject.org/en-US/project/objectives/ ? It's okay if it doesn't, but it's something to consider --> | <!-- Does your proposal align with the current Fedora Objectives: https://docs.fedoraproject.org/en-US/project/objectives/ ? It's okay if it doesn't, but it's something to consider --> | ||
Yes, this proposal aligns with the [https://docs.fedoraproject.org/en-US/project/objectives current objective] of "Fedora Minimization". | |||
== Upgrade/compatibility impact == | == Upgrade/compatibility impact == | ||
Revision as of 13:17, 9 October 2020
For details on how to fill out this form, see the documentation.
Remove and deprecate nscd in favour of sssd and systemd-resolved
Summary
This proposal intends to replace the nscd cache for named services with systemd-resolved for the hosts database and the sssd daemon for everything else.
Owner
- Name: Arjun Shankar
- Email: arjun@redhat.com
Current status
- Targeted release: Fedora 34
- Last updated: 2020-10-09
- FESCo issue: <will be assigned by the Wrangler>
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
nscd is a daemon that provides caching for accesses of the passwd, group, hosts, services, and netgroup databases through standard libc interfaces (such as getpwnam, getpwuid, getgrnam, getgrgid, gethostbyname, etc.). This proposal intends to replace nscd in Fedora with systemd-resolved for the hosts database and the sssd daemon for everything else. Accordingly, the nscd sub-package of glibc will be removed.
Benefit to Fedora
While still maintained within the glibc source tree, nscd has received less than forty commits in the past three years and has gathered significant technical debt, and has bugs which are hard to fix. There are concurrency bugs in the shared mappings, cache unification (IPv4 vs. IPv6 vs. AF_UNSPEC) issues, and more which would require significant investment to fix in nscd. Such an investment seems like duplicate effort among our communities given the quality and state of sssd, and systemd-resolved which is already proposed to be enabled by default from Fedora 33 onwards.
At a high level, sssd and systemd-resolved together provide a caching solution that has feature parity with nscd, with systemd-resolved covering the hosts cache and sssd the rest. The removal of nscd from Fedora will (a) move the user base over to a more modern solution for named services caching, and (b) reduce maintenance work on the Fedora glibc package and the duplication of effort on nscd upstream.
Scope
- Proposal owners:
The volume of work required is minimal, with the only change being the removal of the nscd sub-package offered by glibc which can be achieved by minor changes to the spec file. Since nscd is not installed by default, the affect on the distribution is minimal. Users who have installed nscd will need to install and configure sssd instead.
- Other developers:
nss-pam-ldapd has a weak dependency on nscd that will need to be removed. libuser has a build dependency on nscd that will also need to be removed.
- Release engineering: #Releng issue number (a check of an impact with Release Engineering is needed)
- Policies and guidelines: N/A (not a System Wide Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives:
Yes, this proposal aligns with the current objective of "Fedora Minimization".
Upgrade/compatibility impact
N/A (not a System Wide Change)
How To Test
N/A (not a System Wide Change)
User Experience
Dependencies
N/A (not a System Wide Change)
Contingency Plan
- Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
- Contingency deadline: N/A (not a System Wide Change)
- Blocks release? N/A (not a System Wide Change), Yes/No
- Blocks product? product
Documentation
N/A (not a System Wide Change)