| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
A comma separate list of hosts can be given.
If any host name is given with "--host" or "-H", then all hosts
listed in nfs.conf are ignored.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This discusses some of the behaviors of the various
unit files, and how best to work with them to achieve
various results.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that we have /etc/nfs.conf, a lot of configuration can be
read directly. So nfs-config isn't really needed any more.
Some distributions allow command-line arguments for various
daemons to be set in an environment file (/etc/sysconfig,
/etc/defaults).
Passing these through /etc/nfs.conf is not possible.
Instead, a distro that needs this functionality can create drop-in
files which select the required value. As no commands are given
default arguments by systemd unit files, the drop-in can just add
distro-specific args.
For example
/lib/systemd/system/nfs-mountd.service.d/local.conf
[Service]
EnvironmentFile=/etc/sysconfig/nfs
ExecStart=
ExecStart=/usr/sbin/rpc.mountd $RPCMOUNTDOPTS
Note the need for the empty assignment to remove existing definitions
first.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The significant value of allowing this is that it means that
for default operation, systemd unit files do not need to pass any
options to any programs. The purpose of this will become apparent in
the next patch.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the value for a tag starts with '$', then the remainder
of the value is treated as an environment variable name.
It is looked up in the environment (getenv) and if not found,
it is looked for in the [environment] section of the config file.
This lookup is formed as access time e.g. by conf_get_str(), not at
parse time.
The expected usage is that the config file can contain something like
[environment]
include = /etc/sysconfig/nfs
[other-section]
tag = $NAME
and conf_get_str("other-section","tag") will report the value of "NAME"
in the given file.
As different distributions used different environment files, and
different
variable names with-in them, a distro could provide a static config file
which maps from names in that environment file to config tags requires
by NFS daemons.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A value setting like
foo =
is now equivalent to not setting "foo" at all.
This is likely to be least confusing.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When "include = " is used to read and "environment" file such as
/etc/sysconfig/nfs, there might be quotes around values.
Stripe those off, just like a 'shell' reading the file would.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A tag
include = filename
will be replaced by the content of the file.
This must appear after a section heading, and any assignments
not in their own section will be included in the section that this
directive is in.
e.g
[environment]
include = /etc/sysconfig/nfs
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Some options appear in the [lockd] section.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Some values are taken from the [nfsd] section
to ensure consistency.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
I haven't added -H support, but everything else should be able to be
set through /etc/nfs.conf.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
conf_get_bool() interprets various strings as 'true' or 'false'.
If no suitable value is found, the default is returned.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
It may seem a little odd placing this in the "systemd" directory,
but it is a conveninent place, and /etc/nfs.conf was added in
part to help with systemd integration.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfs-server-generator is run very early when a lot of services are not
yet started, so it mustn't depend on them. Currently it can try to
use hostname lookup and syslog. Using hostname lookup can cause
errors and when these are logged via syslog, it can cause the
generator to block indefinitely
Hostname-lookup is not needed, as we don't use the host issue,
and sending message to stderr is sufficient for the generator.
Disabling syslog is easy - call a function that sets a static variable.
Disabling hostname lookup requires adding an "ignore_hosts" flags to
export_read and export_d_read().
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
Kerberos keytabs don't always live in the '/etc'
directory. Allow --sysconfdir flag to define where
the keytab directory is in rpc-gssd.service
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
A recent patch moved this file to /usr/libexec/...
That directory isn't universal, and doesn't exist on openSUSE or
Debian for example. So change it to use the $libexecdir
directory determined by configure
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Added a couple checks to handle failures correctly
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1369714
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit: 1e41488f428c ("systemd: Order NFS server before client")
added an ordering dependency between network mounts and nfs-server.
This is good for loop-back NFS mounts as it ensures the server
will remain until after the mountpoint is unmounted.
However is is bad for _net mounts (such as those via iSCSI) which
are being NFS exported.
nfs-server needs to be start *after* exported filesystems are mounted,
and *before* NFS filesystems are mounted. systemd isn't able to make
this distinction natively, so we need to help it.
This patch adds a systemd generator which creates a drop-in for
nfs-server.services so that it is started "Before" any "nfs" or "nfs4"
mount, and so that it has a "RequiresMountsFor" dependency on any
exported filesystem. This creates the required ordering.
Note that if you try to export an "nfs" mount, systemd will detect an
ordering loop and will refused to start the nfs server. This is
probably the correct thing to do.
This patch also removes the ordering dependency with
remote-fs-pre.target which the above-mentioned commit added. It is no
longer needed.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dependencies on rpcbind have been changed a few times and I think
they are still wrong. So I'll go into some detail to justify this
change.
Firstly: rpcbind.target rpcbind.socket or rpcbind.service?
The systemd documentation talks about targets as "synchronization
points" and likens them to SysV init run levels. Run levels are about
ordering but not dependencies.
The systemd.special man page describes rpcbind.target as intended
explicitly for ordering sysvinit scripts, with "After=" dependencies.
So while I think it is valid to use rpcbind.target for ordering
(before/after) it shouldn't be used for dependencies (Wants/Requires).
The rpcbind.target file included in systemd does not "Require" the
actual service, so requiring rpcbind.target itself is pointless.
I think we shouldn't use rpcbind.target at all. Leave it for sysvinit
synchronization.
So: .socket or .service?
I think nfs only needs the socket to be active. On first connection
the service will be started. But nfs does not need to wait for the
service to start, only the socket. So I think we should exclusively
use rpcbind.socket.
Next: Wants or Requires.
rpc.statd definitely Requires rpcbind. It needs to register to be
useful, and without rpcbind it cannot register.
nfs-server does not necesarily require rpcbind. Specifically if
configured for NFSv4 only, nfs-server will work quite happily without
rpcbind.
Someone with an NFSv4 only setup who wants rpcbind to not run can use
systemctl mask rpcbind.socket
to ensure it never runs.
So nfs-server should only "Wants: rpcbind.socket".
I think
Commit: 4fabfcd08206 ("systemd: Decouple the starting and stopping of
rpcbind/nfs-server")
should have changed "Requires" to "Wants" rather than "server" to
"target"
to fix the dependency problem.
Finally: After?
It only makes sense to declare an ordering relation as "After:"
something that will actually be started. If "foo.service" is not part
of the systemd transaction, then "After: foo.service" has no effect.
So having:
Requires: rpcbind.target
After: rpcbind.socket
doesn't make much sense unless there is some relationship between
rpcbind.target and rpcbind.socket, and there is no general guarantee
of that (though what individual distros do, I don't know).
So the "After" should match the "Wants" or "Requires".
It might make sense to
Requires: rpcbind.socket
After: rpcbind.target
as it is reasonable to assume that rpcbind.target will be ordered with
rpcbind.socket, but as we can use rpcbind.socket explictly, that is
clearer.
So my conclusion is that nfs-server should:
Wants: rpcbind.socket
After: rpcbind.socket
and rpc-statd should
Requires: rpcbind.socket
After: rpcbind.socket
which is what this patch puts into effect.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Currently nfs-utils_env.sh is installed in a
directory that is own by systemd. They requested
via https://bugzilla.redhat.com/show_bug.cgi?id=1303113
to move the script into /usr/libexec/nfs-utils
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The nfs-config service translates distro-specific startup
configuration into "environment" variable read and used
by systemd unit files.
Currently it is only run once, so subsequent changes to the
distro-specific files do not take effect when an nfs service is
restarted.
If we change "RemainAfterExit=yes" to "RemainAfterExit=no" then the
service will be restarted before any dependant service is started, so
the environment file will always be up to date.
Reported-and-tested-by: Benjamin Coddington <bcodding@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Commit b98f2af15 introduced a regression that cause the
starting and stop of rpcbind and the nfs-server to
be depended on each other
The starting of the NFS server should start rpcbind
but bring rpcbind down should not bring the NFS
server down.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
If we build without rpc-svcgssd (the default), don't install matching
.service file.
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
| |
Signed-off-by: Aurelien Chabot <aurelien@chabot.fr>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OSTree is a mechanism for atomic updates of operating systems, with
designs for how system state is managed; in particular, `/var` should
start out empty, and components are responsible for creating content
there at runtime.
rpm-ostree consumes RPMs and commits them to an OSTree repository.
It has some support for automatically synthesizing systemd `tmpfiles.d`
snippets from RPM content in `/var` using systemd-tmpfiles.
However, in this case nfs-utils wants a mount point directory, and
it's running before systemd-tmpfiles. It should be perfectly fine to
do this mount after tmpfiles has run.
A better fix for this would be to move transient directories to
`/run`; However, that would be an invasive change, which can happen
after this fix.
Signed-off-by: Colin Walters <walters@verbum.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
To trigger the systemd socket activation support
in rpcbind, nfs-service needs to Requires/After
rpcbind.service instead of rpbind.target
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
| |
Fixes: https://bugzilla.linux-nfs.org/show_bug.cgi?id=281
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems that the purpose of nfs-blkmap.target was to enable and
disable nfs-blkmap.service. This can be done directly by adding
an [Install] section in nfs-blkmap.service.
The downside of the previous arrangement, apart from the unnecessary
complexity, was a warning during boot:
[ INFO ] PNFS blkmaping enablement. is not active.
[DEPEND] Dependency failed for pNFS block layout mapping daemon.
https://bugzilla.redhat.com/show_bug.cgi?id=1088665
Signed-off-by: Zbigniew J?drzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Stop depending on basic.target in the daemons which still do;
i. e. add DefaultDependencies=no. This makes it possible to
run NFS during early boot, and helps if you e. g. have /var
on NFS. We don't require much else than local-fs.
Acked-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This makes mounting NFS shares from localhost work reliably,
as you need to start the server before attempting (client)
mounts, and conversely on shutdown need to unmount all
shares before stopping the server to avoid hangs.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Its been reported that having the rpc-statd-notify service
depend on network.target instead network-online.target
decrease boot times as much as 10 seconds on some
installs
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1183293
Signed-off-by: Steve Dickson <steved@redhat.com>
Reported-by: Eric Work <work.eric@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rpc-statd-notify only needs to wait for the network
interface to be configured not to be connected since
it forks into background and will wait 15mins for
the network to come up.
This decrease boot times when networks are not
and will not be connected.
Signed-off-by: Steve Dickson <steved@redhat.com>
Reported-By: Eric Work <work.eric@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
rpc.idmapd aborts on start-up if RPC pipefs is not present.
Needed if GSS services are not used.
Signed-off-by: Chris Mayo <aklhfex@gmail.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
sm-notify needs to notify hosts in background so the boot
will not hang when the notified hosts do not answer.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use BindsTo, instead of PartOf, to bind the rpc-mountd
service to the nfs-server service. Its a much tighter
bind than PartOf.
The Partof=nfs-utils.service was not needed.
One side effect of this tighter bond is when rpc.mountd
is stop, that will also bring the nfs server down
as well, due to the Requires=nfs-mountd.service in
the nfs-server service
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since rpc.idmapd is only used by the nfs server,
to do its id mapping, bind the rpc-idmapd service
to the nfs-server service so rpc.idmapd will
started and stopped with the server.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
| |
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
New configure option "--with-systemd" will causes systemd
unit files to be installed in /usr/lib/systemd/system.
Alternalte a path can be given:
--with-systemd=/lib/systemd/system
Also, systemd files get included in "make dist" now.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this patch either gssproxy or rpc.svcgssd are started only if the
auth module is requested, and it finds a keytab.
If the wants are in the main nfs-client or nfs-server unit files then
the two deamons are started unconditionally and would require
conditions which we can test once and for all in a single unit file
instead.
Change also Before and After statments accordingly to properly
serialize loading modules and starting daemons in 3 steps
1. load kernel GSS auth module
2. start GSS handling daemons
3. start NFS client/server daemons
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
On a VM that boots very fast and with out kerberos
enabled a systemd ordering cycle happens between
nfs-client and nfs-server units when both were
enabled.
Having nfs-client start the gssd daemons in the
same matter as the nfs-server does ('After=') seemed
to eliminated the ordering cycle.
Acked-by: J. Bruce Fields <bfields@fieldses.org>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When kernel have gssproxy support the the gssproxy
daemon should be used to manage the GSSAPI creds.
So this patch adds "calls" to the gssproxy daemon
from the NFS server systemd unit file.
When gssproxy is installed, gssproxy will be start
and rpc.svcgssd will not be. When gssproxy is not
installed the rpc.svcgssd daemon will be started.
Note, there are already existing hooks in the
rpc-svcgssd service file that will ensure the
gssproxy will be started before rpc.svcgssd
which allows the script not to start rpc.svcsdd
when gssproxy is installed and running.
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to insert the auth_rpcgss module before starting rpc.svcgssd or
gss-proxy, for two reasons:
- gss-proxy needs access to the /proc/net/rpc/use-gss-proxy file
to set up communication with knfsd.
- the unit files need to able to test for the existance of the
same path in order to decide whether the kernel supports
gss-proxy or not.
Currently we're using dependencies on proc-fs-nfsd.mount for this, but
that works only because of the nfsd kernel module references some
symbols in auth_rpcgss, which is an odd implementation detail we're
likely to fix some day.
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
| |
Only two of our daemons write out pid files.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
For NFSv4.0 callbacks, the server needs the client code and
the client needs the server code.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This isn't used so currently is inconvenient.
Once we decide how to handle this sort of thing we can apply
the change uniformly.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Instead of processing the config information into command lines every
time it might be needed, do it once in a separate service that other
services can Want.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
| |
This line was somehow missed in a recent patch. nfs-server.target
doesn't exists, so nothing can be part of it.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configuration.
This patch removes nfs-secure.target. Instead, rpc.gssd and
rpc.svcgssd start started if they appear to be needed.
For rpc.gssd, this means if the file /etc/krb5.keytab exists.
As the only security mechanism supported is krb5, that file must exist
for rpc.gssd to be useful. Conversely, if it does exist, it seems very
likely that krb5 is configured on the system an may be used for NFS.
For rpc.svcgssd, it also means checking if gss-proxy might be performing
the equivalent task instead. So we check if it is running, and if the
kernel is able to talk to it.
Signed-off-by: NeilBrown <neilb@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>
|
