Specifically, I put the new option line in the wrong place, and then fixed
up the rest without realizing it. This puts the usage statement back to
what it was, with an additional line for the new -V option.
Reported by: mav
Sponsored by: iXsystems Inc.
Specifically, this allows (via "-V vhostname") telling nfsd what principal
to use, instead of the hostname. This is used at iXsystems for fail-over in
HA systems.
Reviewed by: macklem
Sponsored by: iXsystems Inc.
Differential Revision: https://reviews.freebsd.org/D19191
Factorize code by using struct sockaddr_storage to handle both ipv6 and ipv4
Discussed with: rmacklem
Reviewed by: manu
MFC after: 1 month
Sponsored by: Gandi.net
Differential Revision: https://reviews.freebsd.org/D13223
This patch adds code to handle IPv6 addresses returned by getaddrinfo()
for the host entries in the "-p" command line argument.
If the IPv6 address is a link local address, only use it if it is the
only address for the host. This is done since there is no way to know
if the NFSv4.1 pNFS client is in the same scope zone as the MDS.
inet_ntop() is used for the IPv6 address translation, since the client
will have no use for the scope zone suffix and inet_ntop() does not
put this in the address string.
Discussed with: bu7cher@yandex.ru
Without this patch, the pNFS server distributes the data storage files across
all of the specified DSs.
A tester noted that it would be nice if a system administrator could control
which DSs are used to store the file data for a given exported MDS file system.
This patch adds an optional suffix for each entry in the "-p" option argument
that specifies "store file data for this MDS file system" in this DS.
The patch should only affect sites using the pNFS server (specified via the
"-p" command line option for nfsd.
The interface between the nfsd and the kernel has changed with this patch,
so anyone using the "-p" option needs to rebuild their nfsd from sources
with this patch applied to them.
Discussed with: james.rose@framestore.com
The kernel code assumes that nfsdargs.addr == NULL and nfsdargs.addrlen == 0
when there is no "-p" argument used for starting the nfsd.
This small patch ensures this is the case. In practice, I believe this always
happened, since "nfsdargs" was the last element on the stack for "main()",
but this little patch ensures it will be the case.
Spotted by inspection while adding a new optional field for "-p".
The "-p" option specifies that the nfsd should run a pNFS service instead
of a regular NFS service. The "-m" option is only meaningful when used with
"-p" to specify that mirroring on the DSs should be done and on how many of
them.
This change requires the kernel changes committed as r334930.
The man page update will be committed as a separate commit soon.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
server.
This patch uses the sysctl vfs.nfsd.server_min_nfsvers to determine
if/what versions of NFS service should be registered with rpcbind.
For NFSv4 only, it does not register at all, since NFSv4 always uses 2049
and does not require rpcbind.
For NFSv3 minimum, it registers NFSv3 but not NFSv2.
Tested by: jmader2@gmu.edu
Submitted by: jmader2@gmu.edu (earlier version)
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D8696
to meaningful value:
- When nfsdcnt is set, it dictates all values;
- Otherwise, nfsdargs.minthreads is set to user specified value, or the
automatically detected value if there is no one specified;
nfsdargs.maxthreads is set to the user specified value, or the value
of nfsdargs.minthreads if there is no one specified; when it is smaller
than nfsdargs.minthreads, the latter's value is always used.
MFC after: 2 weeks
Rick Macklem and I discussed the default number of nfsd threads and
concluded that it is too low to perform adiquitely on today's hardware.
We decided to auto tune the number of nfsds based on the number of cpus
in the system.
While I'm here I've also added:
1) ability to set the minthreads/maxthreads from userland.
2) ability to run nfsd in debug mode via the cli.
Reviewed by: rmacklem
MFC after: 2 weeks
In addition to adding `static' where possible:
- bin/date: Move `retval' into extern.h to make it visible to date.c.
- bin/ed: Move globally used variables into ed.h.
- sbin/camcontrol: Move `verbose' into camcontrol.h and fix shadow warnings.
- usr.bin/calendar: Remove unneeded variables.
- usr.bin/chat: Make `line' local instead of global.
- usr.bin/elfdump: Comment out unneeded function.
- usr.bin/rlogin: Use _Noreturn instead of __dead2.
- usr.bin/tset: Pull `Ospeed' into extern.h.
- usr.sbin/mfiutil: Put global variables in mfiutil.h.
- usr.sbin/pkg: Remove unused `os_corres'.
- usr.sbin/quotaon, usr.sbin/repquota: Remove unused `qfname'.
referred to as the experimental server. It also adds a new command
line option "-o" to both mountd and nfsd that forces them to use the
old/regular NFS server. The "-e" option for these commands is now
a no-op, since the new server is the default. I will be committing rc
script and man changes soon. Discussed on freebsd-fs@.
used for NFSv4 restart. This permits the nfsd to create
the stable restart file as required and minimizes the risk
of trouble if the file is lost.
Suggested by: Tim Kientzle
Reviewed by: jhb
MFC after: 2 weeks
I was considering committing all these patches one by one, but as
discussed with brooks@, there is no need to do this. If we ever
need/want to merge these changes back, it is still possible to do this
per application.
This includes the addition of a new flag "-4" that will force
use of the experimental server with nfsv4 support in it. This
commit also adds two new man pages to the repository that are
NFSv4 specific. One describes the file used by the server to
restart nfsv4 services safely. The other is a brief overview
of nfsv4 and its setup.
Reviewed by: dfr
Approved by: kib (mentor)
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager. I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.
The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.
To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.
As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.
Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.
The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.
Sponsored by: Isilon Systems
MFC after: 1 month
measurements suggest that higher degrees of parallelism for large
numbers of clients help performance substantially.
Submitted by: Eric Anderson <anderson at centtech dot com>
This commit does not affect the code generated, as proven by md5'ing
resulting binaries.
Bump WARNS accordingly.
Compiled on: sparc64, ia64, i386
Reviewed by: alfred (but blame me if anything goes wrong :-)
When an NFS server is port-scanned nfsd sometimes exits. This has
happened 3 times the last few weeks.
Nfsd has been written to exit when accept(2) fails. Unfortunately
accept can sometimes make a "normal" return with errno ECONNABORTED
and in this case nfsd exits prematurely.
Solution:
Check for ECONNABORTED (and also EINTR, since nfsd uses signals)
and continue.
Submitted by: Bjoern Groenvall <bg@sics.se>
PR: 61084
with random garbage in lower bits corresponding to stdin, stdout and
stderr to select(2).
This fixes the problem with nfsd sometimes getting stuck in a tight
select(2) loop eating 100% CPU time.
Reviewed by: iedowse
Approved by: obrien
fatal if the declaration of strdup() isn't in scope. The upper 32 bits
of the pointer are lost since it defaults to returning "int". Fix some
warnings while here, including trying to make gcc-3.1 happy.
spin in a loop eating CPU time. This bug has existed since the
TI-RPC import. The problem is that we should only enter the select
loop if at least one TCP server was started. Fix this by having
the master nfsd become a UDP server itself if there are no TCP
servers.
Also improve/correct the code for cleaning up slave nfsd processes
and unregistering with rpcbind when the master nfsd exits.
One issue that remains open is that if a slave nfsd dies, then all
nfsds will shut down. This is because nfssvc() in the master nfsd
returns 0 when the master nfsd receives a SIGCHLD.
Submitted by: tmm
and do the unregister/reregister work.
Don't call syslog in the unregister/reregister code as we haven't called
openlog() yet.
Be a more conservative about accepting errno values from socket(2),
only EPROTONOSUPPORT means that the kernel isn't supporting it
something like INET6. The other possible errnos would be returned
if there was a mistake in the socket(2) call so remove them from the
list of "acceptable" return values.
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul