| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfssvc_set_sockets() access textual port numbers (by lookup in
/etc/services). This uses getaddrinfo which reports errors, except
for out-of-range numbers.
So change the test on a valid port to only complain if the port given
is purely numeric, but is out-of-range.
Also move it so that any default value gets tested the same as any
argument value.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This discusses some of the behaviors of the various
unit files, and how best to work with them to achieve
various results.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we have /etc/nfs.conf, a lot of configuration can be
read directly. So nfs-config isn't really needed any more.
Some distributions allow command-line arguments for various
daemons to be set in an environment file (/etc/sysconfig,
/etc/defaults).
Passing these through /etc/nfs.conf is not possible.
Instead, a distro that needs this functionality can create drop-in
files which select the required value. As no commands are given
default arguments by systemd unit files, the drop-in can just add
distro-specific args.
For example
/lib/systemd/system/nfs-mountd.service.d/local.conf
[Service]
EnvironmentFile=/etc/sysconfig/nfs
ExecStart=
ExecStart=/usr/sbin/rpc.mountd $RPCMOUNTDOPTS
Note the need for the empty assignment to remove existing definitions
first.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
The significant value of allowing this is that it means that
for default operation, systemd unit files do not need to pass any
options to any programs. The purpose of this will become apparent in
the next patch.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the value for a tag starts with '$', then the remainder
of the value is treated as an environment variable name.
It is looked up in the environment (getenv) and if not found,
it is looked for in the [environment] section of the config file.
This lookup is formed as access time e.g. by conf_get_str(), not at
parse time.
The expected usage is that the config file can contain something like
[environment]
include = /etc/sysconfig/nfs
[other-section]
tag = $NAME
and conf_get_str("other-section","tag") will report the value of "NAME"
in the given file.
As different distributions used different environment files, and
different
variable names with-in them, a distro could provide a static config file
which maps from names in that environment file to config tags requires
by NFS daemons.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A value setting like
foo =
is now equivalent to not setting "foo" at all.
This is likely to be least confusing.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When "include = " is used to read and "environment" file such as
/etc/sysconfig/nfs, there might be quotes around values.
Stripe those off, just like a 'shell' reading the file would.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A tag
include = filename
will be replaced by the content of the file.
This must appear after a section heading, and any assignments
not in their own section will be included in the section that this
directive is in.
e.g
[environment]
include = /etc/sysconfig/nfs
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
This will make support of include files easier.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
conffile allocates memory and reads in the config file.
It then parses the file, using strdup() to take a copy of
any string that it uses, so after conf_parse() there are no
references in to the allocated file image.
conffile does not free this image. It keeps a pointer, but never uses
it in an interesing way, and never frees it. This is a little clumsy
and interfers with a future patch which will support the inclusion of
subordinate config files.
So free 'new_conf_addr' when finished with it, and discard the
'conf_addr' variable that stored it.
This has an insignificant performance consequence in that we node
always free everything in the hash table, even when we know it must
be empty.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
| |
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Some options appear in the [lockd] section.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Some values are taken from the [nfsd] section
to ensure consistency.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
I haven't added -H support, but everything else should be able to be
set through /etc/nfs.conf.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
conf_get_bool() interprets various strings as 'true' or 'false'.
If no suitable value is found, the default is returned.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
It may seem a little odd placing this in the "systemd" directory,
but it is a conveninent place, and /etc/nfs.conf was added in
part to help with systemd integration.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
POSIX.1-2008 only specifies that file descriptor numbers
from 0 to 9, inclusive, are supported. The number 200 works
in the bash shell, but not in dash. This patch changes the file
descriptor number from 200 to 9. Reported in Debian bug #848277
Signed-off-by: Daniel Pocock <daniel@pocock.pro>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Passing a path like /export1 to unexportfs_parsed() matches not only
/export1, but /export11, /export100, /export1forthemoney, etc. which can
result in some nasty surprises when unexporting individual exports.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
xstrdup() prints a messages and exits, except in statd where
is prints a message and fails. So there is no point printing
an extra message when xstrdup() fails, and except in statd,
no point calling exit() as well.
So remove some pointless code.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This systemcall was deprecated early in the 2.6 series
as it was replaced by an in-kernel cache which was refilled
using an upcall. All communication to kernel is now through
the nfsd filesystem.
The nfsctl systemcall itself was removed in 3.1.
It is unlikely to have been used for over a decade.
To remove all uses for the nfsctl systemcall, and call code that only
runs when "new_cache" is false. We now assume "new_cache" is always
true.
This allows the removal of several files as well as assorted functions.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting an NFSv3 mount request, it is possible to catch the
server at an "awkward" moment while it is still starting up.
In these cases it is possible to get an error that would otherwise
indiciate a permanent error, but which should be considered temporary
during
the start-up window.
In particular:
ECONNREFUSED will be returned between the time the network interface
is configured, and the time that rpcbind starts
EOPNOTSUPP (representing RPC_PROGNOTREGISTERED) will be returned
between
the time that rpcbind starts and the time when nfsd registers, and
ESTALE will be returned between the time nfsd starts and when
filesystems
are exported (this windown can be removed with correct
configuration).
So these errors only deserve a relatively small timeout.
ECONNREFUSED needs a longer timeout than the others as the start-up
window is longer. As we have long treated this as a temporary error,
with no complaints, we will keep doing so for now.
So change nfs_is_permanent_error() to record the previous error
and the number of times the same error has been seen.
If ESTALE or EOPNOTSUPP is seen 3 times (over 3 seconds or more)
or ECONNREFUSED is seen 5 times (15 seconds), report a permanent
error, others assume it could be temporary.
A result of this is that if you try a UDP mount from a server which
doesn't support UDP, you get an error without a few seconds, rather
than a 2-minute timeout.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a mount attempt times out due to repeated non-permanent errors, we
always report ETIMEDOUT rather than the actual error.
Errors like "ECONNREFUSED" or "EHOSTUNREACH" or "ESTALE" might be more
useful than the generic "ETIMEDOUT".
So preserve the error code.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
before this commit, run 'exportfs -s' will output some
options more than one time. for example:
/path *(rw,no_root_squash,rw,secure,no_root_squash,no_all_squash)
the options rw,no_root_squash,etc will be print twice.
the reason is secinfo_show() will show these security options again
this patch remove these redundant outputs.
Signed-off-by: Jianhong Yin <yin-jianhong@163.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As nfsdcltrack is normally run directly from the kernel
there is no opportunity to change the default
storage directory. This can be useful in a cluster to
locate the "storage directory" on shared storage.
The easiest alternative is to allow configuration to be read from a
file, particularly as nfs-utils already has code for parsing a config
file.
So read the config file "/etc/nfs.conf" (or as set by ./configure) and
look for "storagedir" and "debug" in the "nfsdcltrack" section.
These values can still be over-ridden by command line options.
A generic name (nfs.conf) was changes for the config file so that
other daemons can be enhanced to read configuration from there.
This may be easier than passing command line arguments through systemd.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
/var/lib/nfs/xtab is only used to find out what has been exported to
the kernel. This is more reliably done by reading
/proc/fs/nfs{,d}/export and nfs-utils uses that file if is available.
So xtab is only need if you have an incredibly ancient kernel which
doesn't have /proc/fs/nfs/export (and so which only supports NFSv2) or
if /proc is not mounted.
Neither of these are credible contexts to run a modern nfs-utils,
so stop creating or reading the xtab file.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfs-server-generator is run very early when a lot of services are not
yet started, so it mustn't depend on them. Currently it can try to
use hostname lookup and syslog. Using hostname lookup can cause
errors and when these are logged via syslog, it can cause the
generator to block indefinitely
Hostname-lookup is not needed, as we don't use the host issue,
and sending message to stderr is sufficient for the generator.
Disabling syslog is easy - call a function that sets a static variable.
Disabling hostname lookup requires adding an "ignore_hosts" flags to
export_read and export_d_read().
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
| |
These counters are already in /proc/self/mountstats but the mountstats
program doesn't display them.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1377740
|
|
|
|
|
|
|
|
| |
Kerberos keytabs don't always live in the '/etc'
directory. Allow --sysconfdir flag to define where
the keytab directory is in rpc-gssd.service
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
A recent patch moved this file to /usr/libexec/...
That directory isn't universal, and doesn't exist on openSUSE or
Debian for example. So change it to use the $libexecdir
directory determined by configure
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Added a couple checks to handle failures correctly
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1369714
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit: bf66c9facb8e ("mounts.nfs: v2 and v3 background mounts should
retry when server is down.")
changed the behaviour of "bg" mounts so that RPC_PROGNOTREGISTERED,
which maps to EOPNOTSUPP, is not a permanent error.
This useful because when an NFS server starts up there is a small window
between the moment that rpcbind (or portmap) starts responding to lookup
requests, and the moment when nfsd registers with rpcbind. During that window
rpcbind will reply with RPC_PROGNOTREGISTERED, but mount should not give
up.
This same reasoning applies to foreground mounts. They don't wait for
as long, but could still hit the window and fail prematurely.
So revert the above patch and instead add EOPNOTSUPP to the list of
temporary errors known to nfs_is_permanent_error.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit: 1e41488f428c ("systemd: Order NFS server before client")
added an ordering dependency between network mounts and nfs-server.
This is good for loop-back NFS mounts as it ensures the server
will remain until after the mountpoint is unmounted.
However is is bad for _net mounts (such as those via iSCSI) which
are being NFS exported.
nfs-server needs to be start *after* exported filesystems are mounted,
and *before* NFS filesystems are mounted. systemd isn't able to make
this distinction natively, so we need to help it.
This patch adds a systemd generator which creates a drop-in for
nfs-server.services so that it is started "Before" any "nfs" or "nfs4"
mount, and so that it has a "RequiresMountsFor" dependency on any
exported filesystem. This creates the required ordering.
Note that if you try to export an "nfs" mount, systemd will detect an
ordering loop and will refused to start the nfs server. This is
probably the correct thing to do.
This patch also removes the ordering dependency with
remote-fs-pre.target which the above-mentioned commit added. It is no
longer needed.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
This places it in the same place as the similar export_read(),
and allows it to be called from other programs.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Describe how the NFSv4 domain name can be
now be found using the _nfsv4idmapdomain DNS
TXT record
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If an export point should be mounted ("mountpoint" option set) but
isn't, then an attempt to mount using the MOUNT protocol for NFSv3
will fail and an attempt to access the filesystem using a pre-existing
filehandle will block because nfsd_fh wont tell the kernel about it.
However a lookup from the parent, as happens with an NFSv4 mount
request, will pass the name to nfsd_export(), and it doesn't check the
mointpoint option, and so exports the underlying (typically "/")
filesystem.
So change nfsd_export() to refused to export that exportpoint, but
instead to explictly say that it isn't exported.
This will cause an 'ls' in the parent pseudo-root directory to not show
the name and will cause a "mount" attempt which walks down through the
pseudo root to fail in the same way that it does with NFSv3.
An access from a pre-existing NFSv4 mount will still hang until the
filesystem is mounted, just like it does with NFSv3.
In order to be a bit more responsive to the filesystem getting mounted,
just a short timeout (1 minutes) on exports of missing "mountpoint"
exportpoints.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
The default will not always be best.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
If pseudofs_update failed, we weren't freeing 'path'.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
If IPv6 address privacy is active, the "clientaddr" given to the server
will likely be a temporary address which will eventually expire, thus
breaking callback.
So ask for a public address to ensure continued service.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If getaddrinfo() returns EAI_AGAIN, we shouldn't just give up, but
should continue normal retries as the nameserver may be unavailable
for the same reason as the NFS server.
So move the getaddrinfo() call from nfs_validate_options() into
nfs_try_mount() which is always called soon after, except in the
'remount' case when we don't want it anyway.
If EAI_AGAIN is returned, set errno to EAGAIN and allow this to be a
temporary failure. Otherwise report error and set errno to EALREADY
so no further message is given.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
It is completely ineffective.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The total timeout for a "mount" attempt to a non-responsive server
will always be a multiple of the time a single mount attempt in the
kernel takes, which for TCP defaults to about 4 minutes.
The documentation for the "retry" option seems to suggest that this can
be used
to set a maximum but it really sets a time after which to stop retrying.
The total can be as much as "retry" plus the time for a single attempt.
So clarify the documentation a bit, and also note that retrans
defaults are different for UDP and TCP:
#define NFS_DEF_UDP_RETRANS (3)
#define NFS_DEF_TCP_RETRANS (2)
Reported-by: Howard Guo<hguo@suse.com>
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
| |
Fix some error out without unlink pid file.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
Blkmapd cannot run until blkmapd.pid is unlinked.
This patch lets checking exists based on lockf without stat.
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
krb5_util.c: In function gssd_acquire_user_cred:
krb5_util.c:1389:4: warning: this if clause does not guard...
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
NFS does not support file and symbolic export, if the export point
is regular file should give warning to user.
Signed-off-by: Jianhong Yin <jiyin@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several years ago, the kernel Linux NFS client was changed to
attempt to use strong security for lease management operations that
are shared by all NFSv4 mounts of a server on that client.
This forces the client to use a consistent security flavor and
principal for lease management, even across reboots, to ensure that
state recovery works, independent of what mounts have been done,
what order they were done, and with what sec= option.
The use of krb5i for lease management does not affect the flavor
used for RPCs done on behalf of individual users, but sometimes it
means krb5i is used for certain operations even when "sec=sys" is
specified. This has occasionally been surprising.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=1334510
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
| |
To once and for all stop multiple rpc.statd from
being started (mostly in HA environments), use
flock to serialize the running of the script
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
| |
Turned "nfsdcltack" into "nfsdcltrack"
Signed-off-by: Steve Dickson <steved@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 76f8ce8c (statd: Update existing record if we receive SM_MON with
new cookie) added some logic to unconditionally delete some existing
on-disk monitor records. That works fine in an HA-NFS setup where
there's a good chance of monitor files being left around after service
failovers, but in the case where there isn't an existing monitor file
statd emits a scary looking message like this:
Jun 15 14:14:59 hostname rpc.statd[1368]: Failed to delete: could not
stat original file /var/lib/nfs/statd/sm/nfs.smayhew.test: No such file
or directory
That message can be suppressed.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|