[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Buyer Beware: A Major Change in NFS (in Rawhide) is about to happen

On 11/03/2009 07:47 AM, Steve Dickson wrote:
> On 11/02/2009 03:02 PM, Jesse Keating wrote:
>> On Mon, 2009-11-02 at 14:23 -0500, Steve Dickson wrote:
>>> I'm not sure about this... Actually I like the fact we can define a 
>>> pseudo root other than '/'... which means you really want a live exported
>>> directory with the fsid=0 option... If I am understanding what you are 
>>> saying... 
>> No, that's not what he's saying.  Even if you define a different psuedo
>> root other than /, it's likely more common to /not/ want that root
>> exported in whole, but rather smaller parts of it, just like you don't
>> want / exported in whole, you only want subdirectories exported.
> Lets add some context to this since I *really* do want to understand 
> what you guys are saying... 
> /export *(ro,fsid=0)
> /export/home *(rw)
> With the above exports the only part of the server's real root ('/')
> that is exposed is the /export directory. So when a client does a 
>      'mount -o v4 server:/ /mnt'
> The client will only be able to see /mnt/home (or the /export/home
> export).
> So as far as exposure, being able to define the root the client 
> will see, I think, is good thing since it will protect (or hide) 
> the rest of server's real root directories... 
> So this is why I'm understanding why the '/export' of the 
> '/export *(ro,fsid=0)' should not be a live export directory? 

I understand that, what I'm saying is that the setting of the pseudo
root and the setting of an export *NEED* to be two different things.  In
the past, any NFS export was always a real export and the only pseudo
root was always the / filesystem, *BUT* just because the / filesystem
was the pseudo root did *NOT* mean that the / filesystem itself was
mountable by clients unless it was exported in a separate export line
(get the distinction here: pseudo root existed, but wasn't exported).
Now you are telling us to create a pseudo root entry in the exports
file, and that entry is indicated by fsid=0, but you are also telling us
that simply the act of setting that entry will then add *both* a pseudo
root and a live export of the pseudo root to the world.  There are many
situations I can imagine where I need the pseudo root to be something I
don't actually export, the most common and immediate case being that I
serve both NFSv4 and NFSv{3,2} where their pseudo root is always / and I
want both to have the same namespace and therefore I need v4 to have a /
pseudo root.

So, what should an exports file look like if I want to have a shared
v2/v3/v4 exports?  Let's say I actually *do* want my / filesystem to be
ro mountable, then it should look like this:

/ *(ro,fsid=0) # this to set the pseudo root for v4
/ *(ro)        # this to export /
/home *(rw)    # you get the point

If, on the other hand, I have v2/v3/v4 enabled and I want them to have
the same mount points, and / is not one of those mount points, it should
look like this:

/ *(ro,fsid=0) # again, this should set the pseudo root *only*
/home *(rw)    # now all versions see this mount, and this mount only

Now, are you saying that we should just leave out setting the pseudo
root if we don't want / to be exported in this case and that will get us
the same thing because the default pseudo root will be / anyway?  If so,
that's broken behavior (that leaving the pseudo root to be a default
will set the root but not export it while setting the root will cause
the root to be exported).

As another scenario consider this:  I serve out files to Windows, Mac,
and Linux computers.  The files are all located under /srv.  It would be
reasonable for me to define /srv as my pseudo root, especially as I have
multiple linux specific directories immediately under /srv (/srv/Linux,
/srv/Fedora, /srv/RHEL*, /srv/koji).  However, I also have /srv/OS-X and
/srv/Windows.  So let's say I create the exports file as such:

/srv *(ro,fsid=0)
/srv/Linux *(rw)
/srv/Fedora *(ro)
/srv/RHEL4 *(ro)
/srv/RHEL5 *(ro)
/srv/koji *(ro)

What I want out of this is on all of my clients, I want (expect) the
following command to fail:

mount server:/ /srv

I want the following command to succeed:

mount server:/Linux /srv/Linux

So, my point in all of this is that for the entire existence of the
pseudo root to date, it has always existed without also being exported
unless explicitly exported aside from being set.  You can not now change
that so that setting the pseudo root also exports it.  This would be a
massive regression.  More importantly though, there are any number of
perfectly valid scenarios where one might want to set the pseudo root
without also exporting it.  Forcing those two acts to be one and the
same more or less renders the whole feature so broken as to be
impractical to use, by design.

Doug Ledford <dledford redhat com>
              GPG KeyID: CFBFF194

Infiniband specific RPMs available at

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]