Buyer Beware: A Major Change in NFS is about to happen

Howard Wilkinson howard at cohtech.com
Wed Sep 30 15:07:22 UTC 2009 

Steve,

On Wed, 2009-09-30 at 08:36 -0400, Steve Dickson wrote:
> On 09/30/2009 07:22 AM, Howard Wilkinson wrote:
> > Steve,
> > 
> > just for clarity what you are actually saying is that.
> > On Tue, 2009-09-29 at 22:45 -0400, Steve Dickson wrote:
> >> On 09/29/2009 09:42 PM, Chris Adams wrote:
> >>> Once upon a time, Steve Dickson <SteveD at redhat.com> said:
> >>>> On the server (Which is suggested):
> >>>>    * Add the following entry to the /etc/exports file:
> >>>>      / *(ro,fsid=0) Note: 'fsid=0' is explained in the exports(5) man pages.
> >>>
> >>> The "suggested solution" is to change your NFS servers (that work just
> >>> fine with other clients today) to export the root filesystem to
> >>> everybody?
> >>>
> >> Unfortunately the answer to your question yes... 
> >>
> >> With version 4 there is this concept of a pseudo root. Which meanings
> >> one can define, through exports, what the root of an export
> >> can be. Which is a good idea because you can define /export as
> >> the root, and nothing above /export can be accessed... 
> > But if there is a /data *(ro,fsid=0) export then that will do, but it
> > becomes the root of the export tree against which mounts are made?
> Yes.. For example say the directory tree under /data looks like
>    /data
>         dir1/
>             subdir1/
>         dir2/
>             subdir2/
> 
> Then the client could do a
>      mount server:/ /mnt/
> 
> which would make every thing under /data visible, meaning
>      ls /mnt/dir1
>      ls /mnt/dir2
> 
> Now the client could also do a
>      mount server:/dir1 /mnt
> 
> which would only make the the directories under /data/dir1 visible, meaning
>     ls /mnt/subdir1
> 
This is the scheme we use here already and we are running V4 on
everything except the kickstart network based builds as that only seems
to understand V3. This is F11 with a few additions from F12 backported.
>         
> >>
> >> So the idea was to use 'fsid=0' to define the V4 root of the
> >> exports. Which, in theory is a good idea because you can define
> >> the namespace the client have access to. A feature, I believe,
> >> is not available in any other NFS implementation... But...  
> >>
> >> The problem is the V4 protocol requires a pseudo root to exist. 
> >> So with Linux servers, if the fsid=0 export does not exist, the
> >> mount will die with ENOENT (or 'No such file or directory').
> >>
> >> Other NFS implementation decided not to support a definable pseudo
> >> roots and they just made, under the covers, their '/' as the pseudo 
> >> root, along with the appropriate protections.
> > So putting the / *(ro,fsid=0) is only adding an export of that part of
> > the name space into the tree to make it compatible with pre-V4 name
> > spaces.
> Exactly...
> 
> >>
> >> With F-12, I have added code to both the kernel and nfs-utils that will 
> >> do both. Allow the 'fsid=0' export to define the pseudo root and 
> >> make '/' the pseudo root (with the appropriate protections) when
> >> there is not an fsid=0 entry.
> >>
> >> So Yes, one work around to make F-12 mounts work with Linux servers is 
> >> to define a pseudo root on the server with a fsid=0 export. But if
> >> that is not an option, you can make the F12 clients only use V3 mount
> >> (which would avoid the problem, but not take advantage of the
> >> V4 protocol) by set either setting the '-o v3' mount option or 
> >> set the Nfsvers=3 in the new /etc/nfsmount.conf file (which would make
> >> all mounts from that machine v3 mounts).
> >>
> > But the downside of the / *(ro,fsid=0) approach is we now have all of
> > the root files (but not any other filing systems visible).
> No, other mounts files systems would be visible as well..
That is not what we see today - at least I do not think so. We still
have to add exports statements to get filing system transitions to
export.
> 
> > 
> > So perhaps a better approach would be to specify a /V4root *(ro,fsid=0)
> > directory being created and a bind mount for each export from the pre-V3
> > name space being made into that tree. Or have I missed something
> > entirely?
> That sounds like it could work, although it may not be too scalable with
> large and complicated export tree... 
> 
Works with a medium size network here - we export about 100 filing
systems in a single tree!
> The real answer is use a F-12 NFS server since all this stuff goes away..
Does that mean the F12 provides V4 servers for preference and F11 does
not? I must have done something in the past to make F11 serve V4 by
default then - wonder what it was?
> 
> steved.
> 
-- 
Howard Wilkinson <howard at cohtech.com>
Coherent Technology Limited

More information about the fedora-devel-list mailing list