| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When kernel have gssproxy support the the gssproxy
daemon should be used to manage the GSSAPI creds.
So this patch adds "calls" to the gssproxy daemon
from the NFS server systemd unit file.
When gssproxy is installed, gssproxy will be start
and rpc.svcgssd will not be. When gssproxy is not
installed the rpc.svcgssd daemon will be started.
Note, there are already existing hooks in the
rpc-svcgssd service file that will ensure the
gssproxy will be started before rpc.svcgssd
which allows the script not to start rpc.svcsdd
when gssproxy is installed and running.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Now that gssproxy is supported on modern kernels,
the svcgssd is no longer needed. This switch
disables the building of the daemon.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to insert the auth_rpcgss module before starting rpc.svcgssd or
gss-proxy, for two reasons:
- gss-proxy needs access to the /proc/net/rpc/use-gss-proxy file
to set up communication with knfsd.
- the unit files need to able to test for the existance of the
same path in order to decide whether the kernel supports
gss-proxy or not.
Currently we're using dependencies on proc-fs-nfsd.mount for this, but
that works only because of the nfsd kernel module references some
symbols in auth_rpcgss, which is an odd implementation detail we're
likely to fix some day.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Document the newly added nfsstat io/ra server facilities.
Signed-off-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add server read ahead cache statistics to nfsstat.
Signed-off-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Add server io statistics to nfsstat.
Signed-off-by: Marko Myllynen <myllynen@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Allow the fetching of NFSDCLTRACK_GRACE_START out of environment
variables. If it's present in the "create" or "init" upcalls, then we
can use that to query the database to see whether there are any clients
that have not issued a RECLAIM_COMPLETE since that time.
If there aren't any, then we know that all reclaim activity is now done
and we can then cue the kernel to lift the grace period.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...and set the has_session field in the DB based on whether it's
true or not. Since we no longer set the timestamp for v4.1+ clients on
a check operation, we must be careful to set the timestamp to zero
for v4.1+ clients found via the legacy tracker.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From: Jeff Layton <jlayton@poochiereds.net>
In order to allow knfsd's lock manager to lift its grace period early,
we need to figure out whether all clients have finished reclaiming
their state not. Unfortunately, the current code doesn't allow us to
ascertain this. All we track for each client is a timestamp that tells
us when the last "check" or "create" operation came in.
Not only is this insufficient with clients that use sessions, it's also
wrong. We only want to update the timestamp on v4.1 clients when the
"create" operation comes in or we can leave the server susceptible to
edge condition #2 in RFC5661, section 8.4.3. Once the grace period is
lifted, we disallow reclaim on subsequent reboots for clients that
have not sent a RECLAIM_COMPLETE.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have some possibility for races with nfsdcltrack when the DB schema
is upgraded.
Suppose we update the nfs-utils package on a machine after the DB has
been initialized. With the current scheme of initializing the DB only
during the "init" phase, we could end up with a new program that expects
a new schema with an old database.
We could try to do a one-time update when the package is installed, but
that could be racy. We could get an upcall between when the program is
installed and when we run the update. Also, relying on packaging to get
that right is tricky at best. To fix this, change how the database
initialization and checking of the schema revision works.
On every upcall, attempt to open the db as we normally would. If that
fails, then try to create the directory if it doesn't exist and then
retry the open. If it fails again, then give up.
If we get a successful open, then query the DB for the schema version.
If it matches what we expect, then declare success and move on. If the
query fails then assume that the DB isn't set up yet. Start an exclusive
transaction, check the schema version again and then set up the DB if no
one raced in to create it in the meantime.
This should only add a tiny bit of overhead on most upcalls (just an
extra select of the parameters table), and should improve the
performance of the "init" upcall. It'll also make it possible to handle
DB schema changes sanely.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Since nfsdcld has been dead for a few years now, clean up the prefixes
on the constants.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Clean up and fix some inaccuracies.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
In the event that there no hosts to be notified after a reboot, there's
no real reason to force lockd to wait the entire grace period before
handing out locks. We're not expecting any reclaim requests to come in
that situation.
Have sm-notify do a write to /proc/fs/lockd/nlm_end_grace if that file
is present. That informs the kernel that it's OK to go ahead and lift
lockd's grace period early.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
nfsdcltrack isn't a daemon, and we should make mention of the section
in RFC5661.
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original implementation was using strncpy() with a truncation
length to an uninitialized stack buffer, leaving a string that
was only null terminated by luck.
While here, change to use no-copy semantics (no extra buffer) to
avoid buffer overflows altogether. exportfs already modifies argv
contents elsewhere, so this doesn't break anything anew.
Fixes: 4663c648 (exportfs: Support raw IPv6 addresses with
"client:/path")
Signed-off-by: Todd Vierling <todd.vierling@oracle.com>
Reviewed-by: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When attempting to establish a local ephemeral endpoint for a TCP or UDP
socket, do not explicitly call bind(2), instead let it happen implicilty
when the socket is first used.
The main motivating factor for this change is when TCP runs out of unique
ephemeral ports (i.e. cannot find any ephemeral ports which are not a
part of *any* TCP connection). In this situation if you explicitly call
bind(2), then the call will fail with EADDRINUSE. However, if you allow the
allocation of an ephemeral port to happen implicitly as part of connect(2)
(or other functions), then ephemeral ports can be reused, so long as
the combination of (local_ip, local_port, remote_ip, remote_port)
is unique for TCP sockets on the system.
This doesn't matter for UDP sockets, but it seemed easiest to treat TCP
and UDP sockets the same.
This can allow mount.nfs(8) to continue to function successfully, even
in the face of misbehaving applications which are creating a large number of
TCP connections.
Signed-off-by: Chris Perl <chris.perl@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible for "preferred_realm" to be NULL, in which case we
don't want to pass it to strcmp. Other places that use this variable
test whether it's NULL first -- we need to do the same here.
This should fix the gssd crash reported here:
https://bugzilla.redhat.com/show_bug.cgi?id=1108615
Reported-by: Brian J. Murrell <brian@interlinx.bc.ca>
Signed-off-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This fixes the problem reported in:
https://bugzilla.redhat.com/show_bug.cgi?id=1083018
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
According POSIX basename(3) should have an #include <libgen.h>
There are a different GNU implementation too, that can be used with
_GNU_SOURCE, but the POSIX version is good enough and more portable.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
The __dev_t is a GNU libc internal. Use the standard dev_t instead,
which is specified in POSIX.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Use AC_USE_SYSTEM_EXTENSIONS to enable GNU_SOURCE, which is needed
for:
- stat64 in utils/exportfs/exportfs.c
- statfs64 in utils/mountd/cache.c
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
NULL is defined in stdlib.h so we need to include that.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Use the standard integer types. This fixes compiling errors with musl libc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One of our customer's application only needs file names, not file
attributes. With directories having 10K+ inodes (assuming buffer cache
has directory blocks cached having file names, but inode cache is
limited and hence need eviction of older cached inodes), older inodes
are evicted periodically. So if they keep on doing readdir(2) from NSF
client on multiple directories, some directory's files are periodically
removed from inode cache and hence new readdir(2) on same directory
requires disk access to bring back inodes again to inode cache.
As READDIRPLUS request fetches attributes also, doing getattr on each
file on server, it causes unnecessary disk accesses. If READDIRPLUS on
NFS client is returned with -ENOTSUPP, NFS client uses READDIR request
which just gets the names of the files in a directory, not attributes,
hence avoiding disk accesses on server.
There's already a corresponding client-side mount option, but an export
option reduces the need for configuration across multiple clients.
This flag affects NFSv3 only. If it turns out it's needed for NFSv4 as
well then we may have to figure out how to extend the behavior to NFSv4,
but it's not currently obvious how to do that.
Signed-off-by: Rajesh Ghanekar <rajesh_ghanekar@symantec.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If you don't have systemd, then this script dumps:
/usr/sbin/start-statd: line 8: systemctl: command not found
This isn't terribly useful since we ultimately fall back to running
the daemon ourselves, so probe for systemd's existence before we try
to use it.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enable kerberized NFS mounts to succeed even if the
principal is not <HOSTNAME>$.
It works by reading another principal name from the [appdefaults]
section of krb5.conf:
[appdefaults]
nfs = {
ad_principal_name = 129.125.39.115$
}
Signed-off-by: Jurjen Bokma <j.bokma@rug.nl>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Dump some information about used devices to syslog so that an admin
can troubleshoot failing blocklayout mounts.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We do want to use the dm-multipath device if it exists, which the
code is generally prepared for, except that this check excludes them
early. In addition this will also add the passive path to the device
list, which is harmless if an active one exists as that or the multipath
device will be preferred, and at least allows us to work if it doesn't.
Also fix up the check if an path needs to be updated to remove the silly
partition check - pNFS block offset are relative to the device so partion
should never match it instead of the full device. On the other hand the
simplistic check easily creates false positives, e.g. dm-10 is
considered a partition of dm-1.
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using rpc.gssd to secure NFSv3 FS using krb5, the following errors
can happen as a result of network congestion.
"rpc.gssd WARNING: can't create tcp rpc_clnt to server ... : RPC: Remote
system error - Connection timed out"
we had a successful reproducer of the problem which we tested using this
patch by starting rpc.gssd with "-T 60" as the option which solved the
problem. reproducer steps were to throttle the network using tc command
and then in a never ending loop mount the share, then write some data in
the file on the share and unmount it. keep a delay of 5 sec between the
iteration of each loop.
CC: Christian Horn <chorn@redhat.com>
Signed-off-by: Rinku Kothiya <rkothiya@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When there is no kernel modules loaded the rpc_pipefs
directory is empty, which cause rpc.gssd to silently
exit.
This patch adds a check to see if the topdirs_list
is empty. If so error out without dropping a core.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Case insensitive filesystems support textually distinct names for the
same directory. i.e. you can access it with a name other than the
canonical name.
For example if you
mkdir /mnt/export
then add /mnt/EXPORT to /etc/exports, and on a client
mount server:/mnt/EXPORT /import
then the mount will work, but if the kernel on the server needs to
refresh the export information, it will ask about "/mnt/export", which
is not listed in /etc/exports and so will fail.
To fix this we need mountd to perform case-insensitive name
comparisons, but only when the filesystem would, and in exactly the
same way that the filesystem would.
So, when comparing paths for equality first try some simple heuristics
which will not be fooled by case and then ask the kernel if they are
the same.
By preference we use name_to_handle_at() as it reports the mntid which
can distinguish between bind mounts. If that is not available, use
lstat() and compare rdev and ino.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Create the given path set with --with-statdpath
Signed-off-by: chendt.fnst@cn.fujitsu.com
Reported-by: yaoxp@cn.fujitsu.com
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
In commit 51fda07a "gssd: scrape the acceptor name out of the context"
the allocated buffer size is not large enough to hold the actual data
that is written to the buffer. This fixes the allocated buffer size.
Reviewed-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Veli-Matti Lintu <veli-matti.lintu@opinsys.fi>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds a callback for incoming sm_notify to better handle
stale lock issue in client crash recovery in HA-NFS environment
1. "sm-notify" - callout name
2. monitored client name as in the SM_NOTIFY request
3. IP of the sender of the SM_NOITFY request.
4. state value in the SM_NOTIFY request
This new interface can be used by different HA-NFS product
in its specific configuration and environment to
recover from the client crash and stale lock scenarios.
Signed-off-by: Rong Zeng <rongzeng@us.ibm.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When mounting spec of a regular file, mount.nfs print error message as,
mount.nfs: mount point /mnt is not a directory
mount.nfs: mount point /mnt/testfile is not a directory
This patch lets mount.nfs print more useful message,
mount.nfs: mount spec 127.0.0.1:/root/testfile or point /mnt is not a
directory
mount.nfs: mount point /mnt/testfile is not a directory
Signed-off-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I hit a segfault in add_name with a mountd built with gcc-4.9.0. Some
NULL pointer checks got reordered such that a pointer was dereferenced
before checking to see whether it was NULL. The problem was due to
nfs-utils relying on undefined behavior, which tricked gcc into assuming
that the pointer would never be NULL.
At first I assumed that this was a compiler bug, but Jakub Jelinek and
Jeff Law pointed out:
"If old is NULL, then:
strncpy(new, old, cp-old);
is undefined behavior (even when cp == old == NULL in that case),
therefore gcc assumes that old is never NULL, as otherwise it would be
invalid.
Just guard
strncpy(new, old, cp-old);
new[cp-old] = 0;
with if (old) { ... }."
This patch does that. If old is NULL though, then we still need to
ensure that new is NULL terminated, lest the subsequent strcats walk off
the end of it.
Cc: Jeff Law <law@redhat.com>
Cc: Jakub Jelinek <jakub@redhat.com>
Signed-off-by: Jeff Layton <jlayton@poochiereds.net>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The kernel "knows" this lives in /sbin, so just like
mount.nfs and osd_login, it must unconditionally be installed
there.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
nfsd.c:347:15: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
nfsd.c:385:13: warning: comparison between signed and unsigned integer
expressions [-Wsign-compare]
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
...and pass it to the kernel in the downcall. Legacy kernels will just
ignore the extra data, but with a proposed kernel patch the kernel will
grab this info and use it to verify requests on the v4.0 callback
channel.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
