diff --git a/0001-Make-location-of-nfs-utils_env.sh-configurable.patch b/0001-Make-location-of-nfs-utils_env.sh-configurable.patch deleted file mode 100644 index a894d32..0000000 --- a/0001-Make-location-of-nfs-utils_env.sh-configurable.patch +++ /dev/null @@ -1,67 +0,0 @@ -From dc071e55135019d4503930f204674219a9f8676b Mon Sep 17 00:00:00 2001 -From: NeilBrown -Date: Sun, 21 Aug 2016 14:53:57 +1000 -Subject: [PATCH] Make location of nfs-utils_env.sh configurable. - -A recent patch moved this file to /usr/libexec/... -That directory isn't universal, and doesn't exist on openSUSE or -Debian for example. -So change it to use the $libexecdir directory determined by configure - -Signed-off-by: NeilBrown - ---- - configure.ac | 6 ++++++ - systemd/nfs-config.service | 13 ------------- - systemd/nfs-config.service.in | 13 +++++++++++++ - 3 files changed, 19 insertions(+), 13 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -511,8 +511,14 @@ AC_SUBST([AM_CFLAGS], ["$my_am_cflags"]) - # Make sure that $ACLOCAL_FLAGS are used during a rebuild - AC_SUBST([ACLOCAL_AMFLAGS], ["-I $ac_macro_dir \$(ACLOCAL_FLAGS)"]) - -+# make libexecdir available for substituion in config files -+# 2 "evals" needed late to expand variable names. -+AC_SUBST([_libexecdir]) -+AC_CONFIG_COMMANDS_PRE([eval eval _libexecdir=$libexecdir]) -+ - AC_CONFIG_FILES([ - Makefile -+ systemd/nfs-config.service - linux-nfs/Makefile - support/Makefile - support/export/Makefile ---- a/systemd/nfs-config.service -+++ /dev/null -@@ -1,13 +0,0 @@ --[Unit] --Description=Preprocess NFS configuration --After=local-fs.target --DefaultDependencies=no -- --[Service] --Type=oneshot --# This service needs to run any time any nfs service --# is started, so changes to local config files get --# incorporated. Having "RemainAfterExit=no" (the default) --# ensures this happens. --RemainAfterExit=no --ExecStart=/usr/libexec/nfs-utils/nfs-utils_env.sh ---- /dev/null -+++ b/systemd/nfs-config.service.in -@@ -0,0 +1,13 @@ -+[Unit] -+Description=Preprocess NFS configuration -+After=local-fs.target -+DefaultDependencies=no -+ -+[Service] -+Type=oneshot -+# This service needs to run any time any nfs service -+# is started, so changes to local config files get -+# incorporated. Having "RemainAfterExit=no" (the default) -+# ensures this happens. -+RemainAfterExit=no -+ExecStart=@_libexecdir@/nfs-utils/nfs-utils_env.sh diff --git a/0001-conffile-ignore-empty-environment-variables.patch b/0001-conffile-ignore-empty-environment-variables.patch new file mode 100644 index 0000000..4d9d2c5 --- /dev/null +++ b/0001-conffile-ignore-empty-environment-variables.patch @@ -0,0 +1,38 @@ +From 5ec9d9034650ae4372dc1bd44d33a1e8768e3409 Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Wed, 8 Feb 2017 08:18:34 +1100 +Subject: [PATCH] conffile: ignore empty environment variables. + +conf_set() already refuses to set an empty value, so if + foo= +appear in the config file, it will be ignored. +This patch extends the policy to environment variables, so empty +environment variables are treats as though they didn't exist. + +This means that a separate environment file (e.g. /etc/sysconfig/nfs) +will be treated the same way whether it is: + - included in the [environment] section of /etc/nfs.conf + - sourced by the shell before running code + - sourced by the systemd EnvironmentFile directive. + +Signed-off-by: NeilBrown +--- + support/nfs/conffile.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/support/nfs/conffile.c b/support/nfs/conffile.c +index e717c1e39bab..203efd2aa602 100644 +--- a/support/nfs/conffile.c ++++ b/support/nfs/conffile.c +@@ -533,7 +533,7 @@ retry: + * or from environment + */ + char *env = getenv(cb->value+1); +- if (env) ++ if (env && *env) + return env; + section = "environment"; + tag = cb->value + 1; +-- +2.11.0 + diff --git a/0002-mount-call-setgroups-before-setuid.patch b/0002-mount-call-setgroups-before-setuid.patch new file mode 100644 index 0000000..2b87140 --- /dev/null +++ b/0002-mount-call-setgroups-before-setuid.patch @@ -0,0 +1,43 @@ +From 5b7da9d70261583e67e114b36cb19973de15606d Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Wed, 8 Feb 2017 08:22:36 +1100 +Subject: [PATCH] mount: call setgroups() before setuid() + +It is generally wise to call setgroups() (and setgid()) before calling +setuid() to ensure no unexpected permission leaks happen. +SUSE's build system check all binaries for conformance with this +and generates a warning for mountd. + +As we set setting the uid to 0, there is no risk that the group list +will provide extra permissions, so there is no real risk here. +But it is nice to silence warnings, and including a setgroups() +call is probably a good practice to encourage. + +Signed-off-by: NeilBrown +--- + utils/mount/network.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/utils/mount/network.c b/utils/mount/network.c +index d1c8fec75174..281e9354a7fa 100644 +--- a/utils/mount/network.c ++++ b/utils/mount/network.c +@@ -33,6 +33,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -804,6 +805,7 @@ int start_statd(void) + pid_t pid = fork(); + switch (pid) { + case 0: /* child */ ++ setgroups(0, NULL); + setgid(0); + setuid(0); + execle(START_STATD, START_STATD, NULL, envp); +-- +2.11.0 + diff --git a/0003-nfs-server-generator-handle-noauto-mounts-correctly.patch b/0003-nfs-server-generator-handle-noauto-mounts-correctly.patch new file mode 100644 index 0000000..5f2b77f --- /dev/null +++ b/0003-nfs-server-generator-handle-noauto-mounts-correctly.patch @@ -0,0 +1,71 @@ +From 93b39628e0a2053d9b37cab7a60d78f782cb88ea Mon Sep 17 00:00:00 2001 +From: NeilBrown +Date: Wed, 8 Feb 2017 12:56:38 +1100 +Subject: [PATCH] nfs-server-generator: handle 'noauto' mounts correctly. + +When this code was written the systemd documentation stated +that "RequiresMountsFor" ignored mountpoints marked as "noauto". +Unfortunately this is incorrect. Consquently a filesystem marked +as noauto that is also NFS exported will currently be mounted when +the NFS server is started. This is not what people expect. + +So add a check for the noauto flag. If any ancestor of a given +export point has the noauto flag, no RequiresMountsFor will be +generated for that point. + +Also skip RequiresMountsFor for exports marked 'mountpoint', as their +absence is, theoretically, already handled by mountd. + +URL: https://github.com/systemd/systemd/issues/5249 +Signed-off-by: NeilBrown +--- + systemd/nfs-server-generator.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/systemd/nfs-server-generator.c b/systemd/nfs-server-generator.c +index cc99969e9922..4aa65094ca07 100644 +--- a/systemd/nfs-server-generator.c ++++ b/systemd/nfs-server-generator.c +@@ -84,6 +84,28 @@ static void systemd_escape(FILE *f, char *path) + } + } + ++static int has_noauto_flag(char *path) ++{ ++ FILE *fstab; ++ struct mntent *mnt; ++ ++ fstab = setmntent("/etc/fstab", "r"); ++ if (!fstab) ++ return 0; ++ ++ while ((mnt = getmntent(fstab)) != NULL) { ++ int l = strlen(mnt->mnt_dir); ++ if (strncmp(mnt->mnt_dir, path, l) != 0) ++ continue; ++ if (path[l] && path[l] != '/') ++ continue; ++ if (hasmntopt(mnt, "noauto")) ++ break; ++ } ++ fclose(fstab); ++ return mnt != NULL; ++} ++ + int main(int argc, char *argv[]) + { + char *path; +@@ -124,6 +146,10 @@ int main(int argc, char *argv[]) + for (exp = exportlist[i].p_head; exp; exp = exp->m_next) { + if (!is_unique(&list, exp->m_export.e_path)) + continue; ++ if (exp->m_export.e_mountpoint) ++ continue; ++ if (has_noauto_flag(exp->m_export.e_path)) ++ continue; + if (strchr(exp->m_export.e_path, ' ')) + fprintf(f, "RequiresMountsFor=\"%s\"\n", + exp->m_export.e_path); +-- +2.11.0 + diff --git a/nfs-config.restart.conf b/nfs-config.restart.conf deleted file mode 100644 index 728e578..0000000 --- a/nfs-config.restart.conf +++ /dev/null @@ -1,4 +0,0 @@ -[Unit] -# Ensure config file is re-processed when nfs or nfsserver -# is restarted -PartOf = nfs-server.service nfs-client.target diff --git a/nfs-mountd.options.conf b/nfs-mountd.options.conf new file mode 100644 index 0000000..0857a40 --- /dev/null +++ b/nfs-mountd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.mountd $MOUNTD_OPTIONS diff --git a/nfs-server.options.conf b/nfs-server.options.conf new file mode 100644 index 0000000..54a855c --- /dev/null +++ b/nfs-server.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.nfsd $NFSD_OPTIONS diff --git a/nfs-utils-1.3.4.tar.xz b/nfs-utils-1.3.4.tar.xz deleted file mode 100644 index ede7b56..0000000 --- a/nfs-utils-1.3.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b42a5bc0a8d80d04650030ceb9a11f08f4acfbcb1ee297f657fb94e339c45975 -size 602240 diff --git a/nfs-utils-2.1.1.tar.xz b/nfs-utils-2.1.1.tar.xz new file mode 100644 index 0000000..910ad88 --- /dev/null +++ b/nfs-utils-2.1.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0faeb54c70b84e6bd3b9b6901544b1f6add8d246f35c1683e402daf4e0c719ef +size 606028 diff --git a/nfs-utils.changes b/nfs-utils.changes index 113461b..320aae5 100644 --- a/nfs-utils.changes +++ b/nfs-utils.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Wed Feb 8 02:32:37 UTC 2017 - nfbrown@suse.com + +- update upstream version from 1.3.4 to 2.1.1 + The significant update is that configuration can + now be read from a central /etc/nfs.conf file, and + it can include other files such as /etc/sysconfig/nfs + This means that the old nfs-config.service systemd + unit is no longer needed. +- /etc/nfs.conf file created to import all sysconfig + settings except *_OPTIONS directly into running code. +- dropins created to pass *_OPTIONS sysconfig setting to + the various daemons. +- various specfile improvements, such as using "-D" in + "install" commands, and adding "verify_permissions". +- "xtab" has not been needed for years and has now been remove. +- sysconfig.nfs updated, particular the ServiceRestart + declarations have been tuned for systemd units. +- 0003-nfs-server-generator-handle-noauto-mounts-correctly.patch + Fix the nfs-server-generator so that mounts marked "noauto" + are not automatically mounted when NFS exported. + (bsc#1019211) +- 0001-conffile-ignore-empty-environment-variables.patch + 0002-mount-call-setgroups-before-setuid.patch + Other minor fixes found during testing. +- REMOVED 0001-Make-location-of-nfs-utils_env.sh-configurable.patch + now included upstream + ------------------------------------------------------------------- Thu Jan 19 10:17:03 UTC 2017 - jengelh@inai.de diff --git a/nfs-utils.spec b/nfs-utils.spec index fe3ccf8..9064493 100644 --- a/nfs-utils.spec +++ b/nfs-utils.spec @@ -17,7 +17,7 @@ Name: nfs-utils -Version: 1.3.4 +Version: 2.1.1 Release: 0 Summary: Support Utilities for Kernel nfsd License: GPL-2.0+ @@ -32,15 +32,23 @@ Source6: README.NFSv4 Source7: fw-client Source8: fw-server Source11: idmapd.conf -Source12: nfs-config.restart.conf Source13: nfs-utils.rpmlintrc -Source14: nfs-utils_env.sh Source15: nfsserver.service Source16: nfs.service Source17: nfs-server.nfsserver.conf Source18: nfs-client.nfs.conf +Source20: nfs-mountd.options.conf +Source21: nfs-server.options.conf +Source22: rpc-gssd.options.conf +Source23: rpc-statd.options.conf +Source24: rpc-statd-notify.options.conf +Source25: rpc-svcgssd.options.conf +Source26: nfs.conf Patch0: nfs-utils-1.0.7-bind-syntax.patch -Patch1: 0001-Make-location-of-nfs-utils_env.sh-configurable.patch +Patch1: 0001-conffile-ignore-empty-environment-variables.patch +Patch2: 0002-mount-call-setgroups-before-setuid.patch +Patch3: 0003-nfs-server-generator-handle-noauto-mounts-correctly.patch + BuildRequires: e2fsprogs-devel BuildRequires: fedfs-utils-devel BuildRequires: gcc-c++ @@ -89,6 +97,7 @@ Requires: rpcbind Conflicts: nfs-server Provides: nfs-utils = %{version} Obsoletes: nfs-utils < 1.1.0 +PreReq: permissions %description -n nfs-kernel-server This package contains support for the kernel based NFS server. You can @@ -109,6 +118,8 @@ This package contains additional NFS documentation. %setup -q -a 1 %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 cp %{SOURCE6} . @@ -138,17 +149,17 @@ done %install make %{?_smp_mflags} DESTDIR=%{buildroot} install -install -d %{buildroot}/%{_unitdir} -install -m 644 %{SOURCE15} %{buildroot}%{_unitdir}/nfsserver.service -install -m 644 %{SOURCE16} %{buildroot}%{_unitdir}/nfs.service -install -d %{buildroot}%{_unitdir}/nfs-server.service.d -install -m 644 %{SOURCE17} %{buildroot}%{_unitdir}/nfs-server.service.d/nfsserver.conf -install -d %{buildroot}%{_unitdir}/nfs-client.target.d -install -m 644 %{SOURCE18} %{buildroot}%{_unitdir}/nfs-client.target.d/nfs.conf -install -d %{buildroot}%{_libexecdir}/nfs-utils -install -m 755 %{SOURCE14} %{buildroot}%{_libexecdir}/nfs-utils/nfs-utils_env.sh -install -d %{buildroot}%{_unitdir}/nfs-config.service.d -install -m 644 %{SOURCE12} %{buildroot}%{_unitdir}/nfs-config.service.d/restart.conf +install -D -m 644 %{SOURCE15} %{buildroot}%{_unitdir}/nfsserver.service +install -D -m 644 %{SOURCE16} %{buildroot}%{_unitdir}/nfs.service +install -D -m 644 %{SOURCE17} %{buildroot}%{_unitdir}/nfs-server.service.d/nfsserver.conf +install -D -m 644 %{SOURCE18} %{buildroot}%{_unitdir}/nfs-client.target.d/nfs.conf +install -D -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/nfs-mountd.service.d/options.conf +install -D -m 644 %{SOURCE21} %{buildroot}%{_unitdir}/nfs-server.service.d/options.conf +install -D -m 644 %{SOURCE22} %{buildroot}%{_unitdir}/rpc-gssd.service.d/options.conf +install -D -m 644 %{SOURCE23} %{buildroot}%{_unitdir}/rpc-statd.service.d/options.conf +install -D -m 644 %{SOURCE24} %{buildroot}%{_unitdir}/rpc-statd-notify.service.d/options.conf +install -D -m 644 %{SOURCE25} %{buildroot}%{_unitdir}/rpc-svcgssd.service.d/options.conf +install -D -m 644 %{SOURCE26} %{buildroot}%{_sysconfdir}/nfs.conf ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfsserver ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-server ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs @@ -157,8 +168,7 @@ ln -sf %{_sbindir}/service %{buildroot}%{_sbindir}/rcnfs-client mkdir -p %{buildroot}%{_localstatedir}/adm/fillup-templates install -m 644 %{SOURCE4} %{buildroot}%{_localstatedir}/adm/fillup-templates # idmapd setup -install -d %{buildroot}/etc -install -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/idmapd.conf +install -D -m 644 %{SOURCE11} %{buildroot}%{_sysconfdir}/idmapd.conf mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/rpc_pipefs mkdir -p -m 755 %{buildroot}%{_localstatedir}/lib/nfs/v4recovery # sm-notify state @@ -177,7 +187,7 @@ chmod 644 %{buildroot}%{_sbindir}/{mountstats,nfsiostat} /usr/bin/getent passwd statd >/dev/null || \ /usr/sbin/useradd -r -c 'NFS statd daemon' \ -s /sbin/nologin -d %{_localstatedir}/lib/nfs -g nogroup statd -%service_add_pre nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service nfs-config.service +%service_add_pre nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service %post -n nfs-client chown statd:nogroup %{_localstatedir}/lib/nfs > /dev/null 2>&1 || : @@ -196,13 +206,13 @@ fi %{fillup_only -n nfs nfs} # %set_permissions /sbin/mount.nfs -%service_add_post nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service nfs-config.service +%service_add_post nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service %preun -n nfs-client -%service_del_preun nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service nfs-config.service +%service_del_preun nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service %postun -n nfs-client -%service_del_postun nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service nfs-config.service +%service_del_postun nfs.service auth-rpcgss-module.service nfs-idmapd.service nfs-blkmap.service rpc-statd-notify.service rpc-gssd.service rpc-statd.service rpc-svcgssd.service %verifyscript -n nfs-client %verify_permissions -e /sbin/mount.nfs @@ -223,15 +233,20 @@ if [ -f %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd ]; then mv %{_localstatedir}/lock/subsys/nfsserver-rpc.idmapd /run/nfs fi ### -%service_add_post nfsserver.service rpc-svcgssd.service nfs-mountd.service nfs-server.service +%service_add_post nfsserver.service nfs-mountd.service nfs-server.service +%set_permissions /var/lib/nfs/rmtab %postun -n nfs-kernel-server -%service_del_postun nfsserver.service rpc-svcgssd.service nfs-mountd.service nfs-server.service +%service_del_postun nfsserver.service nfs-mountd.service nfs-server.service + +%verifyscript -n nfs-kernel-server +%verify_permissions -e /var/lib/nfs/rmtab %files -n nfs-client %defattr(-,root,root) %config %{_sysconfdir}/idmapd.conf %config %{_sysconfdir}/nfsmount.conf +%config %{_sysconfdir}/nfs.conf %verify(not mode) %attr(0755,root,root) /sbin/mount.nfs /sbin/mount.nfs4 /sbin/umount.nfs @@ -255,23 +270,30 @@ fi %{_unitdir}/auth-rpcgss-module.service %{_unitdir}/nfs-blkmap.service %{_unitdir}/nfs-client.target -%{_unitdir}/nfs-config.service %{_unitdir}/nfs-idmapd.service %{_unitdir}/nfs-utils.service %{_unitdir}/rpc-gssd.service +%{_unitdir}/rpc-gssd.service.d +%{_unitdir}/rpc-gssd.service.d/options.conf %{_unitdir}/rpc-statd-notify.service +%{_unitdir}/rpc-statd-notify.service.d +%{_unitdir}/rpc-statd-notify.service.d/options.conf %{_unitdir}/rpc-statd.service +%{_unitdir}/rpc-statd.service.d +%{_unitdir}/rpc-statd.service.d/options.conf %{_unitdir}/rpc-svcgssd.service +%{_unitdir}/rpc-svcgssd.service.d +%{_unitdir}/rpc-svcgssd.service.d/options.conf %{_unitdir}/var-lib-nfs-rpc_pipefs.mount %{_unitdir}/nfs.service %dir %{_unitdir}/nfs-client.target.d %{_unitdir}/nfs-client.target.d/nfs.conf -%dir %{_unitdir}/nfs-config.service.d -%{_unitdir}/nfs-config.service.d/restart.conf -%dir %{_libexecdir}/nfs-utils -%{_libexecdir}/nfs-utils/nfs-utils_env.sh +%dir /usr/lib/systemd/system-generators +/usr/lib/systemd/system-generators/nfs-server-generator %{_mandir}/man5/nfsmount.conf.5%{ext_man} +%{_mandir}/man5/nfs.conf.5%{ext_man} %{_mandir}/man5/nfs.5%{ext_man} +%{_mandir}/man7/nfs.systemd.7%{ext_man} %{_mandir}/man8/mount.nfs.8%{ext_man} %{_mandir}/man8/nfsidmap.8%{ext_man} %{_mandir}/man8/nfsstat.8%{ext_man} @@ -303,10 +325,13 @@ fi %files -n nfs-kernel-server %defattr(-,root,root) %{_unitdir}/nfs-mountd.service +%{_unitdir}/nfs-mountd.service.d +%{_unitdir}/nfs-mountd.service.d/options.conf %{_unitdir}/nfs-server.service +%{_unitdir}/nfs-server.service.d +%{_unitdir}/nfs-server.service.d/options.conf %{_unitdir}/proc-fs-nfsd.mount %{_unitdir}/nfsserver.service -%dir %{_unitdir}/nfs-server.service.d %{_unitdir}/nfs-server.service.d/nfsserver.conf %{_sbindir}/exportfs %{_sbindir}/rcnfsserver @@ -322,7 +347,6 @@ fi %{_mandir}/man8/rpc.mountd.8%{ext_man} %{_mandir}/man8/rpc.nfsd.8%{ext_man} %{_mandir}/man8/nfsdcltrack.8%{ext_man} -%config(noreplace) %{_localstatedir}/lib/nfs/xtab %config(noreplace) %{_localstatedir}/lib/nfs/etab %config(noreplace) %{_localstatedir}/lib/nfs/rmtab %config %attr(0644,root,root) %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/nfs-kernel-server diff --git a/nfs-utils_env.sh b/nfs-utils_env.sh deleted file mode 100644 index 18ac375..0000000 --- a/nfs-utils_env.sh +++ /dev/null @@ -1,80 +0,0 @@ -#!/bin/sh - -# extract configuration from /etc/sysconfig/nfs-utils and write -# environment to /run/sysconfig/nfs-utils to be used by systemd unit -# files. -# This script expects configuration as used by openSUSE-13.1 and later -# - -nfs_config=/etc/sysconfig/nfs -if test -r $nfs_config; then - . $nfs_config -fi - -pipefs= -if [ -n "$RPC_PIPEFS_DIR" -a "$RPC_PIPEFS_DIR" != "/var/lib/nfs/rpc_pipefs" ]; then - pipefs="-p $RPC_PIPEFS_DIR" -fi - -mountdport= -if [ -n "$MOUNTD_PORT" ]; then - mountdport="-p $MOUNTD_PORT" -fi - -case $NFS_GSSD_AVOID_DNS in - [Nn]*) ignore_dns=-D ;; - [Yy]*) ignore_dns= ;; - * ) ignore_dns=-D -esac - -version_params= -if [ "$NFS3_SERVER_SUPPORT" == "no" ]; then - version_params="--no-nfs-version 2 --no-nfs-version 3" -fi -if [ "$NFS4_SUPPORT" != "yes" ]; then - version_params="--no-nfs-version 4" -else - if [ "$NFS4_SERVER_MINOR_VERSION" != "0" ]; then - version_params="$version_params --nfs-version 4 --nfs-version 4.$NFS4_SERVER_MINOR_VERSION" - fi -fi -if [ "$USE_KERNEL_NFSD_NUMBER" -gt 0 ]; then - threads=$USE_KERNEL_NFSD_NUMBER -else - threads=3 -fi - -time_params= -if [ -n "$NFSV4LEASETIME" ]; then - time_params="--grace-time=$NFSV4LEASETIME --lease-time=$NFSV4LEASETIME" -fi - -if [ -n "$STATD_PORT" ]; then - STATD_OPTIONS="$STATD_OPTIONS -p $STATD_PORT" -fi -if [ -n "$STATD_HOSTNAME" ]; then - STATD_OPTIONS="$STATD_OPTIONS -n $STATD_HOSTNAME" -fi -if [ -n "$LOCKD_TCPPORT" ]; then - STATD_OPTIONS="$STATD_OPTIONS --nlm-port $LOCKD_TCPPORT" -fi -if [ -n "$LOCKD_UDPPORT" ]; then - STATD_OPTIONS="$STATD_OPTIONS --nlm-udp-port $LOCKD_UDPPORT" -fi - -case $NFS_GSSD_AVOID_DNS in - [Nn]*) ignore_dns=-D ;; - [Yy]*) ignore_dns= ;; - * ) ignore_dns=-D -esac - -mkdir -p /run/sysconfig -{ -echo "RPCIDMAPDARGS=$pipefs" -echo "RPCMOUNTDARGS=$mountdport $MOUNTD_OPTIONS $version_params" -echo "RPCNFSDARGS=$NFSD_OPTIONS $version_params $time_params $threads" -echo "GSSDARGS=$ignore_dns $GSSD_OPTIONS $pipefs" -echo "SMNOTIFYARGS=$SM_NOTIFY_OPTIONS" -echo "STATDARGS=$STATD_OPTIONS" -echo "SVCGSSDARGS=$SVCGSSD_OPTIONS" -} > /run/sysconfig/nfs-utils diff --git a/nfs.conf b/nfs.conf new file mode 100644 index 0000000..cec0943 --- /dev/null +++ b/nfs.conf @@ -0,0 +1,80 @@ +# +# This is a general configuration for the +# NFS daemons and tools +# DO NOT MAKE CHANGES TO THIS FILE as they will +# be lost on the next software update. Make changes +# to /etc/sysconfig/nfs or /etc/nfs.conf.local instead. +# /etc/nfs.conf.local can include multiple sections, just +# like this file. + +[environment] +include = /etc/sysconfig/nfs +include = /etc/nfs.conf.local +[general] + pipefs-directory=$RPC_PIPEFS_DIR +# +#[exportfs] +# debug=0 +# +#[gssd] +# use-memcache=0 +# use-machine-creds=1 + avoid-dns=$NFS_GSSD_AVOID_DNS +# limit-to-legacy-enctypes=0 +# context-timeout=0 +# rpc-timeout=5 +# keytab-file=/etc/krb5.keytab +# cred-cache-directory= +# preferred-realm= +# +[lockd] + port=$LOCKD_TCPPORT + udp-port=$LOCKD_UDPPORT +# +[mountd] +# debug=0 +# manage_gids=n +# descriptors=0 + port= $MOUNTD_PORT +# threads=1 +# reverse-lookup=n +# state-directory-path=/var/lib/nfs +# ha-callout= +# +#[nfsdcltrack] +# debug=0 +# storagedir=/var/lib/nfs/nfsdcltrack +# +[nfsd] +# debug=0 + threads= $USE_KERNEL_NFSD_NUMBER +# host= +# port=0 +# grace-time=90 + lease-time=$NFS4LEASETIME +# udp=y +# tcp=y +# vers2=n + vers3=$NFS3_SERVER_SUPPORT + vers4=$NFS4_SUPPORT +# vers4.0=y +# vers4.1=y +# vers4.2=y +# rdma=n +# +[statd] +# debug=0 + port=$STATD_PORT +# outgoing-port=0 + name=$STATD_HOSTNAME +# state-directory-path=/var/lib/nfs/statd +# ha-callout= +# +#[sm-notify] +# debug=0 +# retry-time=900 +# outgoing-port= +# outgoing-addr= +# +#[svcgssd] +# principal= diff --git a/rpc-gssd.options.conf b/rpc-gssd.options.conf new file mode 100644 index 0000000..4c14f35 --- /dev/null +++ b/rpc-gssd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.gssd $GSSD_OPTIONS diff --git a/rpc-statd-notify.options.conf b/rpc-statd-notify.options.conf new file mode 100644 index 0000000..d0ac8f5 --- /dev/null +++ b/rpc-statd-notify.options.conf @@ -0,0 +1,4 @@ +[Service] +ExecStart= +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart=-/usr/sbin/sm-notify $SM_NOTIFY_OPTIONS diff --git a/rpc-statd.options.conf b/rpc-statd.options.conf new file mode 100644 index 0000000..6c04660 --- /dev/null +++ b/rpc-statd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.statd $STATD_OPTIONS diff --git a/rpc-svcgssd.options.conf b/rpc-svcgssd.options.conf new file mode 100644 index 0000000..b9819b3 --- /dev/null +++ b/rpc-svcgssd.options.conf @@ -0,0 +1,4 @@ +[Service] +EnvironmentFile=-/etc/sysconfig/nfs +ExecStart= +ExecStart=-/usr/sbin/rpc.svcgssd $SVCGSSD_OPTIONS diff --git a/sysconfig.nfs b/sysconfig.nfs index da457aa..14b0f9d 100644 --- a/sysconfig.nfs +++ b/sysconfig.nfs @@ -2,7 +2,7 @@ ## Description: number of threads for kernel nfs server ## Type: integer ## Default: 4 -## ServiceRestart: nfsserver +## ServiceRestart: nfs-server # # the kernel nfs-server supports multiple server threads # @@ -12,7 +12,7 @@ USE_KERNEL_NFSD_NUMBER="4" ## Description: use fixed port number for mountd ## Type: integer ## Default: "" -## ServiceRestart: nfsserver +## ServiceRestart: nfs-mountd # # Only set this if you want to start mountd on a fixed # port instead of the port assigned by rpc. Only for use @@ -20,21 +20,11 @@ USE_KERNEL_NFSD_NUMBER="4" # MOUNTD_PORT="" -## Path: Network/File systems/NFS server -## Description: GSS security for NFS -## Type: yesno -## Default: yes -## ServiceRestart: nfs,nfsserver -# -# Enable RPCSEC_GSS security for NFS (yes/no) -# -NFS_SECURITY_GSS="no" - ## Path: Network/File systems/NFS server ## Description: NFSv3 server support ## Type: yesno ## Default: yes -## ServiceRestart: nfsserver +## ServiceRestart: nfs-server # # Enable NFSv3 server support (yes/no) # This causes the NFS server to respond to @@ -47,22 +37,12 @@ NFS3_SERVER_SUPPORT="yes" ## Description: NFSv4 protocol support ## Type: yesno ## Default: yes -## ServiceRestart: nfs,nfsserver +## ServiceRestart: nfs-server # # Enable NFSv4 support (server and/or client) (yes/no) # NFS4_SUPPORT="yes" -## Path: Network/File systems/NFS server -## Description: NFSv4 server minor version -## Type: integer -## Default: 0 -## ServiceRestart: nfsserver -# -# Select NFSv4 minor version for server to support (0, 1). -# If '1' is selected, NFSv4.0 will also be supported. -NFS4_SERVER_MINOR_VERSION="0" - ## Path: Network/File systems/NFS server ## Description: Network Status Monitor options ## Type: string @@ -74,26 +54,11 @@ NFS4_SERVER_MINOR_VERSION="0" # SM_NOTIFY_OPTIONS="" -## Path: Network/File systems/NFS server -## Description: Always start NFS services -## Type: yesno -## Default: yes -## ServiceRestart nfs -# -# Always start NFS services (gssd, idmapd), not only if -# there are nfs mounts in /etc/fstab. This is likely to be -# needed if you use an automounter for NFS. -# Note that the nfs service is no longer enabled by default -# and the command "chkconfig nfs on" is needed to fully enable -# NFS. -# -NFS_START_SERVICES="yes" - ## Path: Network/File systems/NFS server ## Description: Port rpc.statd should listen on ## Type: integer ## Default: "" -## ServiceRestart: nfsserver +## ServiceRestart: rpc-statd # # Statd will normally choose a random port to listen on and # SuSE-Firewall is able to detect which port and allow for it. @@ -105,7 +70,7 @@ STATD_PORT="" ## Description: Hostname used by rpc.statd ## Type: string ## Default: "" -## ServiceRestart: nfsserver +## ServiceRestart: rpc-statd # # statd will normally use the system hostname in status # monitoring conversations with other hosts. If a different @@ -118,7 +83,7 @@ STATD_HOSTNAME="" ## Description: TCP Port that lockd should listen on ## Type: integer ## Default: "" -## ServiceRestart: nfsserver +## ServiceRestart: nfs-server # # Lockd will normally choose a random port to listen on and # SuSE-Firewall is able to detect which port and allow for it. @@ -132,7 +97,7 @@ LOCKD_TCPPORT="" ## Description: UDP Port that lockd should listen on ## Type: integer ## Default: "" -## ServiceRestart: nfsserver +## ServiceRestart: nfs-server # # Lockd will normally choose a random port to listen on and # SuSE-Firewall is able to detect which port and allow for it. @@ -146,6 +111,7 @@ LOCKD_UDPPORT="" ## Description: Command line parameters for rpc.statd ## Type: string ## Default: "" +## ServiceRestart: rpc-statd # # Custom parameters for rpc.statd daemon. Typically this will # be used to set the port number (-p). @@ -171,6 +137,7 @@ NFSV4LEASETIME="" ## Description: Alternate mount point for rpc_pipefs filesystem ## Type: string ## Default: "" +## ServiceRestart: nfs-utils # # In a high-availabilty configuration it is possible that /var/lib/nfs # is redirected so some shared storage and so it is not convenient to @@ -182,6 +149,7 @@ RPC_PIPEFS_DIR="" ## Description: Options for svcgssd ## Type: string ## Default: "" +## ServiceRestart: rpc-svcgssd # # Normally svcgssd does not require any option. However in a # high-availabilty configuration it can be useful to pass "-n" @@ -194,6 +162,7 @@ SVCGSSD_OPTIONS="" ## Description: Extra options for nfsd ## Type: string ## Default: "" +## ServiceRestart nfs-server # # This setting allows extra options to be specified for NFSD, such as # -H in a high-availability configuration. @@ -203,6 +172,7 @@ NFSD_OPTIONS="" ## Description: Extra options for gssd ## Type: string ## Default: "" +## ServiceRestart: rpc-gssd # # Normally gssd does not require any options. In some circumstances, # -n, -l or other options might be useful. See "man 8 rpc.gssd" for @@ -213,6 +183,7 @@ GSSD_OPTIONS="" ## Description: Extra options for mountd ## Type: string ## Default: "" +## ServiceRestart nfs-mountd # # Normally mountd does not require any options. In some circumstances, # -n, -t, -g or other options might be useful. See "man 8 rpc.mountd" for @@ -225,7 +196,7 @@ MOUNTD_OPTIONS="" ## Description: Avoid DNS lookups for kerberos principal ## Type: yesno ## Default: no -## ServiceRestart: gssd +## ServiceRestart: rpc-gssd # # Avoid DNS lookups when determining kerberos identity # of NFS server (yes/no)