| Message ID | 115d8b45e84f3cecc9f5623e39f5078315d3ebbd.camel@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | nfs-utils: nfs.conf features to enable use of machine-id as nfs4_unique_id | expand |
Hello, On 7/10/20 12:44 PM, Alice Mitchell wrote: > systemd service to grab the config value and feed it to the kernel module Again, I'm wondering if the systemd/README should be updated to explain this new script... steved. > --- > nfs.conf | 1 + > systemd/Makefile.am | 3 +++ > systemd/nfs-conf-export.sh | 28 ++++++++++++++++++++++++++++ > systemd/nfs-config.service.in | 17 +++++++++++++++++ > 4 files changed, 49 insertions(+) > create mode 100755 systemd/nfs-conf-export.sh > create mode 100644 systemd/nfs-config.service.in > > diff --git a/nfs.conf b/nfs.conf > index 186a5b19..8bb41227 100644 > --- a/nfs.conf > +++ b/nfs.conf > @@ -4,6 +4,7 @@ > # > [general] > # pipefs-directory=/var/lib/nfs/rpc_pipefs > +# nfs4_unique_id = ${machine-id} > # > [exports] > # rootdir=/export > diff --git a/systemd/Makefile.am b/systemd/Makefile.am > index 75cdd9f5..51acdc3f 100644 > --- a/systemd/Makefile.am > +++ b/systemd/Makefile.am > @@ -9,6 +9,7 @@ unit_files = \ > nfs-mountd.service \ > nfs-server.service \ > nfs-utils.service \ > + nfs-config.service \ > rpc-statd-notify.service \ > rpc-statd.service \ > \ > @@ -69,4 +70,6 @@ genexec_PROGRAMS = nfs-server-generator rpc-pipefs-generator > install-data-hook: $(unit_files) > mkdir -p $(DESTDIR)/$(unitdir) > cp $(unit_files) $(DESTDIR)/$(unitdir) > + mkdir -p $(DESTDIR)/$(libexecdir)/nfs-utils > + install nfs-conf-export.sh $(DESTDIR)/$(libexecdir)/nfs-utils/ > endif > diff --git a/systemd/nfs-conf-export.sh b/systemd/nfs-conf-export.sh > new file mode 100755 > index 00000000..486e8df9 > --- /dev/null > +++ b/systemd/nfs-conf-export.sh > @@ -0,0 +1,28 @@ > +#!/bin/bash > +# > +# This script pulls values out of /etc/nfs.conf and configures > +# the appropriate kernel modules which cannot read it directly > + > +NFSMOD=/sys/module/nfs/parameters/nfs4_unique_id > +NFSPROBE=/etc/modprobe.d/nfs.conf > + > +# Now read the values from nfs.conf > +MACHINEID=`nfsconf --get general nfs4_unique_id` > +if [ $? -ne 0 ] || [ "$MACHINEID" == "" ] > +then > +# No config vaue found, assume blank > +MACHINEID="" > +fi > + > +# Kernel module is already loaded, update the live one > +if [ -e $NFSMOD ]; then > +echo -n "$MACHINEID" >> $NFSMOD > +fi > + > +# Rewrite the modprobe file for next reboot > +echo "# This file is overwritten by systemd nfs-config.service" > $NFSPROBE > +echo "# with values taken from /etc/nfs.conf" >> $NFSPROBE > +echo "# Do not hand modify" >> $NFSPROBE > +echo "options nfs nfs4_unique_id=\"$MACHINEID\"" >> $NFSPROBE > + > +echo "Set to: $MACHINEID" > diff --git a/systemd/nfs-config.service.in b/systemd/nfs-config.service.in > new file mode 100644 > index 00000000..c5ef1024 > --- /dev/null > +++ b/systemd/nfs-config.service.in > @@ -0,0 +1,17 @@ > +[Unit] > +Description=Preprocess NFS configuration > +PartOf=nfs-client.target > +After=nfs-client.target > +DefaultDependencies=no > + > +[Service] > +Type=oneshot > +# This service needs to run any time any nfs service > +# is started, so changes to local config files get > +# incorporated. Having "RemainAfterExit=no" (the default) > +# ensures this happens. > +RemainAfterExit=no > +ExecStart=@_libexecdir@/nfs-utils/nfs-conf-export.sh > + > +[Install] > +WantedBy=nfs-client.target >
Speaking of which, it would be great if the distros (or whomever) stopped setting up the unit files so that rpcbind is a required service. This is a headache for me, as our security group flags machines running rpcbind and it's entirely useless if you only use NFSv4. In fact, isn't it about time to EOL NFSv3? <:) On 7/15/20 12:44 PM, Steve Dickson wrote: > Hello, > > On 7/10/20 12:44 PM, Alice Mitchell wrote: >> systemd service to grab the config value and feed it to the kernel module > Again, I'm wondering if the systemd/README should be updated to explain > this new script... > > steved. > >> --- >> nfs.conf | 1 + >> systemd/Makefile.am | 3 +++ >> systemd/nfs-conf-export.sh | 28 ++++++++++++++++++++++++++++ >> systemd/nfs-config.service.in | 17 +++++++++++++++++ >> 4 files changed, 49 insertions(+) >> create mode 100755 systemd/nfs-conf-export.sh >> create mode 100644 systemd/nfs-config.service.in >> >> diff --git a/nfs.conf b/nfs.conf >> index 186a5b19..8bb41227 100644 >> --- a/nfs.conf >> +++ b/nfs.conf >> @@ -4,6 +4,7 @@ >> # >> [general] >> # pipefs-directory=/var/lib/nfs/rpc_pipefs >> +# nfs4_unique_id = ${machine-id} >> # >> [exports] >> # rootdir=/export >> diff --git a/systemd/Makefile.am b/systemd/Makefile.am >> index 75cdd9f5..51acdc3f 100644 >> --- a/systemd/Makefile.am >> +++ b/systemd/Makefile.am >> @@ -9,6 +9,7 @@ unit_files = \ >> nfs-mountd.service \ >> nfs-server.service \ >> nfs-utils.service \ >> + nfs-config.service \ >> rpc-statd-notify.service \ >> rpc-statd.service \ >> \ >> @@ -69,4 +70,6 @@ genexec_PROGRAMS = nfs-server-generator rpc-pipefs-generator >> install-data-hook: $(unit_files) >> mkdir -p $(DESTDIR)/$(unitdir) >> cp $(unit_files) $(DESTDIR)/$(unitdir) >> + mkdir -p $(DESTDIR)/$(libexecdir)/nfs-utils >> + install nfs-conf-export.sh $(DESTDIR)/$(libexecdir)/nfs-utils/ >> endif >> diff --git a/systemd/nfs-conf-export.sh b/systemd/nfs-conf-export.sh >> new file mode 100755 >> index 00000000..486e8df9 >> --- /dev/null >> +++ b/systemd/nfs-conf-export.sh >> @@ -0,0 +1,28 @@ >> +#!/bin/bash >> +# >> +# This script pulls values out of /etc/nfs.conf and configures >> +# the appropriate kernel modules which cannot read it directly >> + >> +NFSMOD=/sys/module/nfs/parameters/nfs4_unique_id >> +NFSPROBE=/etc/modprobe.d/nfs.conf >> + >> +# Now read the values from nfs.conf >> +MACHINEID=`nfsconf --get general nfs4_unique_id` >> +if [ $? -ne 0 ] || [ "$MACHINEID" == "" ] >> +then >> +# No config vaue found, assume blank >> +MACHINEID="" >> +fi >> + >> +# Kernel module is already loaded, update the live one >> +if [ -e $NFSMOD ]; then >> +echo -n "$MACHINEID" >> $NFSMOD >> +fi >> + >> +# Rewrite the modprobe file for next reboot >> +echo "# This file is overwritten by systemd nfs-config.service" > $NFSPROBE >> +echo "# with values taken from /etc/nfs.conf" >> $NFSPROBE >> +echo "# Do not hand modify" >> $NFSPROBE >> +echo "options nfs nfs4_unique_id=\"$MACHINEID\"" >> $NFSPROBE >> + >> +echo "Set to: $MACHINEID" >> diff --git a/systemd/nfs-config.service.in b/systemd/nfs-config.service.in >> new file mode 100644 >> index 00000000..c5ef1024 >> --- /dev/null >> +++ b/systemd/nfs-config.service.in >> @@ -0,0 +1,17 @@ >> +[Unit] >> +Description=Preprocess NFS configuration >> +PartOf=nfs-client.target >> +After=nfs-client.target >> +DefaultDependencies=no >> + >> +[Service] >> +Type=oneshot >> +# This service needs to run any time any nfs service >> +# is started, so changes to local config files get >> +# incorporated. Having "RemainAfterExit=no" (the default) >> +# ensures this happens. >> +RemainAfterExit=no >> +ExecStart=@_libexecdir@/nfs-utils/nfs-conf-export.sh >> + >> +[Install] >> +WantedBy=nfs-client.target >> >
On 7/16/20 11:52 AM, Patrick Goetz wrote: > Speaking of which, it would be great if the distros (or whomever) stopped setting up the unit files so that rpcbind is a required service. This is a headache for me, as our security group flags machines running rpcbind and it's entirely useless if you only use NFSv4. Why do you see rpcbind as such a security risk? > > In fact, isn't it about time to EOL NFSv3? <:) You are not the first to suggest this... No so much of EOLing v3... more of a V4only client. Personally I don't see EOL-ing v3 anytime soon. steved. > > On 7/15/20 12:44 PM, Steve Dickson wrote: >> Hello, >> >> On 7/10/20 12:44 PM, Alice Mitchell wrote: >>> systemd service to grab the config value and feed it to the kernel module >> Again, I'm wondering if the systemd/README should be updated to explain >> this new script... >> >> steved. >> >>> --- >>> nfs.conf | 1 + >>> systemd/Makefile.am | 3 +++ >>> systemd/nfs-conf-export.sh | 28 ++++++++++++++++++++++++++++ >>> systemd/nfs-config.service.in | 17 +++++++++++++++++ >>> 4 files changed, 49 insertions(+) >>> create mode 100755 systemd/nfs-conf-export.sh >>> create mode 100644 systemd/nfs-config.service.in >>> >>> diff --git a/nfs.conf b/nfs.conf >>> index 186a5b19..8bb41227 100644 >>> --- a/nfs.conf >>> +++ b/nfs.conf >>> @@ -4,6 +4,7 @@ >>> # >>> [general] >>> # pipefs-directory=/var/lib/nfs/rpc_pipefs >>> +# nfs4_unique_id = ${machine-id} >>> # >>> [exports] >>> # rootdir=/export >>> diff --git a/systemd/Makefile.am b/systemd/Makefile.am >>> index 75cdd9f5..51acdc3f 100644 >>> --- a/systemd/Makefile.am >>> +++ b/systemd/Makefile.am >>> @@ -9,6 +9,7 @@ unit_files = \ >>> nfs-mountd.service \ >>> nfs-server.service \ >>> nfs-utils.service \ >>> + nfs-config.service \ >>> rpc-statd-notify.service \ >>> rpc-statd.service \ >>> \ >>> @@ -69,4 +70,6 @@ genexec_PROGRAMS = nfs-server-generator rpc-pipefs-generator >>> install-data-hook: $(unit_files) >>> mkdir -p $(DESTDIR)/$(unitdir) >>> cp $(unit_files) $(DESTDIR)/$(unitdir) >>> + mkdir -p $(DESTDIR)/$(libexecdir)/nfs-utils >>> + install nfs-conf-export.sh $(DESTDIR)/$(libexecdir)/nfs-utils/ >>> endif >>> diff --git a/systemd/nfs-conf-export.sh b/systemd/nfs-conf-export.sh >>> new file mode 100755 >>> index 00000000..486e8df9 >>> --- /dev/null >>> +++ b/systemd/nfs-conf-export.sh >>> @@ -0,0 +1,28 @@ >>> +#!/bin/bash >>> +# >>> +# This script pulls values out of /etc/nfs.conf and configures >>> +# the appropriate kernel modules which cannot read it directly >>> + >>> +NFSMOD=/sys/module/nfs/parameters/nfs4_unique_id >>> +NFSPROBE=/etc/modprobe.d/nfs.conf >>> + >>> +# Now read the values from nfs.conf >>> +MACHINEID=`nfsconf --get general nfs4_unique_id` >>> +if [ $? -ne 0 ] || [ "$MACHINEID" == "" ] >>> +then >>> +# No config vaue found, assume blank >>> +MACHINEID="" >>> +fi >>> + >>> +# Kernel module is already loaded, update the live one >>> +if [ -e $NFSMOD ]; then >>> +echo -n "$MACHINEID" >> $NFSMOD >>> +fi >>> + >>> +# Rewrite the modprobe file for next reboot >>> +echo "# This file is overwritten by systemd nfs-config.service" > $NFSPROBE >>> +echo "# with values taken from /etc/nfs.conf" >> $NFSPROBE >>> +echo "# Do not hand modify" >> $NFSPROBE >>> +echo "options nfs nfs4_unique_id=\"$MACHINEID\"" >> $NFSPROBE >>> + >>> +echo "Set to: $MACHINEID" >>> diff --git a/systemd/nfs-config.service.in b/systemd/nfs-config.service.in >>> new file mode 100644 >>> index 00000000..c5ef1024 >>> --- /dev/null >>> +++ b/systemd/nfs-config.service.in >>> @@ -0,0 +1,17 @@ >>> +[Unit] >>> +Description=Preprocess NFS configuration >>> +PartOf=nfs-client.target >>> +After=nfs-client.target >>> +DefaultDependencies=no >>> + >>> +[Service] >>> +Type=oneshot >>> +# This service needs to run any time any nfs service >>> +# is started, so changes to local config files get >>> +# incorporated. Having "RemainAfterExit=no" (the default) >>> +# ensures this happens. >>> +RemainAfterExit=no >>> +ExecStart=@_libexecdir@/nfs-utils/nfs-conf-export.sh >>> + >>> +[Install] >>> +WantedBy=nfs-client.target >>> >> >
diff --git a/nfs.conf b/nfs.conf index 186a5b19..8bb41227 100644 --- a/nfs.conf +++ b/nfs.conf @@ -4,6 +4,7 @@ # [general] # pipefs-directory=/var/lib/nfs/rpc_pipefs +# nfs4_unique_id = ${machine-id} # [exports] # rootdir=/export diff --git a/systemd/Makefile.am b/systemd/Makefile.am index 75cdd9f5..51acdc3f 100644 --- a/systemd/Makefile.am +++ b/systemd/Makefile.am @@ -9,6 +9,7 @@ unit_files = \ nfs-mountd.service \ nfs-server.service \ nfs-utils.service \ + nfs-config.service \ rpc-statd-notify.service \ rpc-statd.service \ \ @@ -69,4 +70,6 @@ genexec_PROGRAMS = nfs-server-generator rpc-pipefs-generator install-data-hook: $(unit_files) mkdir -p $(DESTDIR)/$(unitdir) cp $(unit_files) $(DESTDIR)/$(unitdir) + mkdir -p $(DESTDIR)/$(libexecdir)/nfs-utils + install nfs-conf-export.sh $(DESTDIR)/$(libexecdir)/nfs-utils/ endif diff --git a/systemd/nfs-conf-export.sh b/systemd/nfs-conf-export.sh new file mode 100755 index 00000000..486e8df9 --- /dev/null +++ b/systemd/nfs-conf-export.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# +# This script pulls values out of /etc/nfs.conf and configures +# the appropriate kernel modules which cannot read it directly + +NFSMOD=/sys/module/nfs/parameters/nfs4_unique_id +NFSPROBE=/etc/modprobe.d/nfs.conf + +# Now read the values from nfs.conf +MACHINEID=`nfsconf --get general nfs4_unique_id` +if [ $? -ne 0 ] || [ "$MACHINEID" == "" ] +then +# No config vaue found, assume blank +MACHINEID="" +fi + +# Kernel module is already loaded, update the live one +if [ -e $NFSMOD ]; then +echo -n "$MACHINEID" >> $NFSMOD +fi + +# Rewrite the modprobe file for next reboot +echo "# This file is overwritten by systemd nfs-config.service" > $NFSPROBE +echo "# with values taken from /etc/nfs.conf" >> $NFSPROBE +echo "# Do not hand modify" >> $NFSPROBE +echo "options nfs nfs4_unique_id=\"$MACHINEID\"" >> $NFSPROBE + +echo "Set to: $MACHINEID" diff --git a/systemd/nfs-config.service.in b/systemd/nfs-config.service.in new file mode 100644 index 00000000..c5ef1024 --- /dev/null +++ b/systemd/nfs-config.service.in @@ -0,0 +1,17 @@ +[Unit] +Description=Preprocess NFS configuration +PartOf=nfs-client.target +After=nfs-client.target +DefaultDependencies=no + +[Service] +Type=oneshot +# This service needs to run any time any nfs service +# is started, so changes to local config files get +# incorporated. Having "RemainAfterExit=no" (the default) +# ensures this happens. +RemainAfterExit=no +ExecStart=@_libexecdir@/nfs-utils/nfs-conf-export.sh + +[Install] +WantedBy=nfs-client.target