Return-Path: linux-nfs-owner@vger.kernel.org Received: from cantor2.suse.de ([195.135.220.15]:57596 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753108AbaA3WPF (ORCPT ); Thu, 30 Jan 2014 17:15:05 -0500 Date: Fri, 31 Jan 2014 09:14:55 +1100 From: NeilBrown To: Steve Dickson Cc: linux-nfs@vger.kernel.org Subject: Re: [PATCH/RFC: nfs-utils] Common systemd unit files for nfs-utils. Message-ID: <20140131091455.550e59a8@notabene.brown> In-Reply-To: <52EAB0CA.2090204@RedHat.com> References: <20140130172451.7a354ce4@notabene.brown> <52EAB0CA.2090204@RedHat.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/0XNlqiR/24z=JaSfW17HuVV"; protocol="application/pgp-signature" Sender: linux-nfs-owner@vger.kernel.org List-ID: --Sig_/0XNlqiR/24z=JaSfW17HuVV Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 30 Jan 2014 15:06:34 -0500 Steve Dickson wrote: >=20 >=20 > On 01/30/2014 01:24 AM, NeilBrown wrote: > >=20 > > Hi all, > >=20 > > I would really like to see a common set of systemd unit files used for > > nfs-utils by every distribution (that actually uses systemd), and woul= d like > > those unit files to be in the upstream nfs-utils package. > >=20 > > To that end I have put together the following collection of unit files= which > > seem right to me, and appear to work as I think I want them to work. > >=20 > > I've looked at the unit files in Fedora and borrowed some ideas while > > discarding and changing others. I won't try to list and justify all t= he > > changes here, but I'm perfectly willing (possibly even eager) to justi= fy > > anything specific that anyone cares to ask about. > >=20 > > So: > > 1/ Do you agree that a collection of systemd unit files belongs in > > nfs-utils? > I would think so...=20 > > 2/ Do you think it reasonable to expect most (systemd using) distros = to > > use the one set? I will certainly try to ensure openSUSE does if > > upstream accepts them. > > 3/ Do you have any comments/question about those below? > >=20 > >=20 > > Thanks, > > NeilBrown > >=20 > > diff --git a/systemd/README b/systemd/README > > new file mode 100644 > > index 000000000000..f0fb68825499 > > --- /dev/null > > +++ b/systemd/README > > @@ -0,0 +1,50 @@ > > + > > +Notes about systemd unit files for nfs-utils. > > + > > +The unit files provided here should be sufficient for systemd > > +to manage all daemons and related services provides by nfs-utils. > > + > > +They do *not* include any unit files for separate services such as > > +rpc.rquotad (in the 'quota' package) or rpcbind. > > + > > +There are 4 units that can be 'enabled' or 'disabled' by systemctl, or > > +by a suitable 'preset' setting: > > + > > + nfs-server.target > > + If enabled, nfs service is started together with dependencies > > + such as mountd, statd, rpc.idmapd > > + > > + nfs-client.target > > + If enabled, daemons needs for an nfs client are enabled. > > + This does *not* include rpc.statd. the rpc-statd.service unit > > + is started by /usr/sbin/start-statd which mount.nfs will run > > + if statd is needed. > > + > > + nfs-secure.target > > + If enabled, then rpc.gssd will be run when either -client or > > + -server is started, and rpc.svcgssd will be run when -server > > + is started > > + > > + nfs-blkmap.target > > + If enabled, then blkmapd will be run when nfs-client.target is > > + started. > Do we really need all of these targets? Could we cut it down to > two. nfs.target and nfs-secure.target? >=20 Excellent question. My thought was to err on the side of providing too many rather than too few. If a distro wants to remove a particular choice it can use the "presets" feature off systemd to make sure that target is always enabled. But I think you might be questioning specific targets rather than the gener= al number of targets - I respond to that below. > > + > > + > > +It is possible that we should have an nfs-statd.target which can > > +selectively enable statd being stared by -server and sm-notify > > +being started by -server or -client. That way it could be disabled > > +completely on V4-only configurations. Currently statd is always > > +started on the server and sm-notify is always run if server or > > +client is enabled. > > + > > +Stopping nfs-server will also stop rpc.mountd, and rpc.svcgssd. > > +It cannot stop rpc.statd or rpc.gssd as they may be in use by the > > +client and systemd cannot specify is two-pronged reverse dependency. > > +(i.e. stop this unit if none of these units are running) > > + > > +Distro specific commandline configuration can be provided by > > +installing a script /usr/lib/systemd/scripts/nfs-utils_env.sh > > +This should write /run/sysconfig/nfs-utils based on configuration > > +information such as in /etc/sysconfig/nfs or /etc/defaults/nfs. > > +It should write to a tmp file and rename to the target to > > +avoid parallel units seeing incomplete copies of the file. >=20 > > diff --git a/systemd/nfs-blkmap.service b/systemd/nfs-blkmap.service > > new file mode 100644 > > index 000000000000..7319a88661cc > > --- /dev/null > > +++ b/systemd/nfs-blkmap.service > > @@ -0,0 +1,11 @@ > > +[Unit] > > +Description=3DpNFS block layout mapping daemon > > +After=3Dvar-lib-nfs-rpc_pipefs.mount > > +Requires=3Dvar-lib-nfs-rpc_pipefs.mount > > + > > +Requisite=3Dnfs-blkmap.target > > +After=3Dnfs-blkmap.target > > + > > +[Service] > > +Type=3Dforking > > +ExecStart=3D/usr/sbin/blkmapd > Is this even supported anymore? Maybe we can just drop it??? No idea. I found it as I was looking around and assumed it should be start= ed. If it is no longer supported, how does NFS now find the block devices for direct pnfs access? >=20 >=20 > > diff --git a/systemd/nfs-blkmap.target b/systemd/nfs-blkmap.target > > new file mode 100644 > > index 000000000000..fbcc111152ee > > --- /dev/null > > +++ b/systemd/nfs-blkmap.target > > @@ -0,0 +1,8 @@ > > +[Unit] > > +Description=3D PNFS blkmaping enablement. > > +# If this target is enabled, then blkmapd will be started > > +# as required. If it is not enabled it won't. > > + > > +[Install] > > +WantedBy=3Dremote-fs.target > > +WantedBy=3Dmulti-user.target > > \ No newline at end of file >=20 > Again, why is a client target needed? Now that idmappings are > stored in the key ring what needs to be started on the client? rpc.gssd? Also sm-notify needs to be run on a machine this is used as an NFS client. This should happen even if no NFS filesystems are mounted at boot. An 'nfs-client' target seems the natural place to put that requirement. >=20 > > diff --git a/systemd/nfs-client.target b/systemd/nfs-client.target > > new file mode 100644 > > index 000000000000..fa591354abf3 > > --- /dev/null > > +++ b/systemd/nfs-client.target > > @@ -0,0 +1,13 @@ > > +[Unit] > > +Description=3DNFS client services > > +Before=3Dremote-fs-pre.target > > +Wants=3Dremote-fs-pre.target > > + > > +# Note: we don't "Wants=3Drpc-statd.service" as "mount.nfs" will arran= ge to > > +# start that on demand if needed. > > +Wants=3Drpc-gssd.service nfs-blkmap.service rpc-statd-notify.service > > +Before=3Drpc-gssd.service nfs-blkmap.service > > + > > +[Install] > > +WantedBy=3Dmulti-user.target > > +WantedBy=3Dremote-fs.target >=20 >=20 > > diff --git a/systemd/nfs-idmapd.service b/systemd/nfs-idmapd.service > > new file mode 100644 > > index 000000000000..6c2e1537f064 > > --- /dev/null > > +++ b/systemd/nfs-idmapd.service > > @@ -0,0 +1,9 @@ > > +[Unit] > > +Description=3DNFSv4 ID-name mapping service > Fedora has in the [Unit]: > BindTo=3Dnfs-server.service > After=3Dnfs-server.service > I guess I thought they were needed at the time.. Yes, I saw that. So I looked into it. Apart from being a typo ("BindsTo" with an 's' is correct), BindsTo has an extra effect if the target unit - nfs-server.service in this case - disappears unexpectedly. e.g. if the process dies. However nfs-server.service doesn't have a process which can die. Rather it starts some kernel threads. I'm pretty sure systemd won't be able to link those threads with nfs-server.service. So nfs-server.service can never "die", so "BindsTo" add nothing useful. "After" just seems wrong. The moment nfsd is started a request could come = in which could require an idmap lookup, so nfs-idmapd should already be there. >=20 > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D-/usr/lib/systemd/scritps/nfs-utils_env.sh > > + > > +Type=3Dforking > > +ExecStart=3D/usr/sbin/rpc.idmapd $RPCIDMAPDARGS >=20 >=20 > > diff --git a/systemd/nfs-mountd.service b/systemd/nfs-mountd.service > > new file mode 100644 > > index 000000000000..92e05ca309ee > > --- /dev/null > > +++ b/systemd/nfs-mountd.service > > @@ -0,0 +1,13 @@ > > +[Unit] > > +Description=3DNFS Mount Daemon > > +Requires=3Dproc-fs-nfsd.mount > > +After=3Dproc-fs-nfsd.mount > > +After=3Dnetwork.target > > +PartOf=3Dnfs-server.service > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D-/usr/lib/systemd/scritps/nfs-utils_env.sh > How does this script know who is calling it and what it > has to do?=20 Its task is to read some config file like /etc/sysconfig/nfs and determine what the command line arguments for each nfs program should be and write out FOO_ARGS=3D lines to /run/sysconfig/nfs-utils for each FOO which is an nfs program. I have since thought this would work better as a separate unit which creates the nfs-utils env file once, and have all the other units have Wants/After dependencies. >=20 > > + > > +Type=3Dforking > > +ExecStart=3D/usr/sbin/rpc.mountd $RPCMOUNTDARGS >=20 >=20 > > diff --git a/systemd/nfs-secure.target b/systemd/nfs-secure.target > > new file mode 100644 > > index 000000000000..0127fdb07dbd > > --- /dev/null > > +++ b/systemd/nfs-secure.target > > @@ -0,0 +1,8 @@ > > +[Unit] > > +Description=3DSecure NFS client/server services > > +# If this target is enabled, then rpc.gssd and rpc.svcgssd will be sta= rted > > +# as required. If it is not enabled they won't. > So the "Requisite=3Dnfs-secure.target" in rpc-gssd.service cause the=20 > daemon to started? This is a bit subtle. The "Requisite=3Dnfs-secure.target" in rpc-gssd.service means that service = is only allowed to start if this unit (nfs-secure.target) is already started. So if nfs-secure.target is enabled, then rpc-gssd.service will start when anything Wants it. If nfs-secure.target is not enabled, then rpc-gssd.service will not start, even if something Wants it. So enabling nfs-secure.target doesn't start anything, just allows a couple = of things to start if they are Wanted. >=20 > > + > > +[Install] > > +WantedBy=3Dremote-fs.target > > +WantedBy=3Dmulti-user.target > > \ No newline at end of file >=20 >=20 > > diff --git a/systemd/nfs-server.service b/systemd/nfs-server.service > > new file mode 100644 > > index 000000000000..9812866c66aa > > --- /dev/null > > +++ b/systemd/nfs-server.service > > @@ -0,0 +1,24 @@ > > +[Unit] > > +Description=3DNFS server > > +DefaultDependencies=3Dno > > +Requires=3D network.target proc-fs-nfsd.mount rpcbind.target > > +PartOf=3Dnfs-server.target > > + > > +After=3D network.target proc-fs-nfsd.mount rpcbind.target nfs-mountd.s= ervice > > +After=3D nfs-idmapd.service rpc-statd.service > > +After=3D rpc-gssd.service rpc-svcgssd.service > > +Before=3D rpc-statd-notify.service > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D-/usr/lib/systemd/scritps/nfs-utils_env.sh > > + > > +Type=3Doneshot > > +RemainAfterExit=3Dyes > > +ExecStartPre=3D/usr/sbin/exportfs -r > > +ExecStart=3D/usr/sbin/rpc.nfsd $RPCNFSDARGS > Having ExecStartPre and ExecStartPost scripts gives > us a place to do some pre and post server configuration. >=20 > Granted it has not been needed in a while but I'm thinking > it could come in handing...=20 systemd supports so-called "dropins". If a distro wants to add an ExecStartPre for some distro-specific reason they can put it in /etc/systemd/system/nfs-server.service.d/04-Fedora-hacks.conf and it will be understood by systemd to be part of this service. Of course if they were not distro-specific reasons we would include them in the upstream package :-) I note that the Fedora nfs-server.service has a preconfig echo "$NFSD_V4_GRACE" > /proc/fs/nfsd/nfsv4gracetime and a postconfig /sbin/modprobe svcrdma echo "rdma $RDMA_PORT" > /proc/fs/nfsd/portlist These seem reasonably general, though I'm wondering why the RDMA port is set in postconfig rather than preconfig. Do you know why that is? >=20 > > +ExecStop=3D/usr/sbin/rpc.nfsd 0 > > +ExecStopPost=3D/usr/sbin/exportfs -au > > +ExecStopPost=3D/usr/sbin/exportfs -f > > + > > +ExecReload=3D/usr/sbin/exportfs -r >=20 >=20 > > diff --git a/systemd/nfs-server.target b/systemd/nfs-server.target > > new file mode 100644 > > index 000000000000..a3e629f022a9 > > --- /dev/null > > +++ b/systemd/nfs-server.target > > @@ -0,0 +1,8 @@ > > +[Unit] > > +Description=3DNFS server services > > +Requires=3Dnfs-server.service nfs-mountd.service > > +Wants=3Drpc-statd.service nfs-idmapd.service rpc-gssd.service rpc-svcg= ssd.service > > +Wants=3Drpc-statd-notify.service > > + > > +[Install] > > +WantedBy=3Dmulti-user.target >=20 >=20 > > diff --git a/systemd/proc-fs-nfsd.mount b/systemd/proc-fs-nfsd.mount > > new file mode 100644 > > index 000000000000..f44d52f3d67b > > --- /dev/null > > +++ b/systemd/proc-fs-nfsd.mount > > @@ -0,0 +1,8 @@ > > +[Unit] > > +Description=3DNFSD configuration filesystem > > +DefaultDependencies=3Dno > > + > > +[Mount] > > +What=3Dnfsd > > +Where=3D/proc/fs/nfsd > > +Type=3Dnfsd >=20 >=20 > > diff --git a/systemd/rpc-gssd.service b/systemd/rpc-gssd.service > > new file mode 100644 > > index 000000000000..f0fef007d480 > > --- /dev/null > > +++ b/systemd/rpc-gssd.service > > @@ -0,0 +1,14 @@ > > +[Unit] > > +Description=3DRPC security service for NFS client and server > > +Requires=3Dvar-lib-nfs-rpc_pipefs.mount > > +After=3Dvar-lib-nfs-rpc_pipefs.mount > > + > > +Requisite=3Dnfs-secure.target > > +After=3Dnfs-secure.target > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D-/usr/lib/systemd/scritps/nfs-utils_env.sh > > + > > +Type=3Dforking > > +ExecStart=3D/usr/sbin/rpc.gssd $GSSDARGS >=20 >=20 > > diff --git a/systemd/rpc-statd-notify.service b/systemd/rpc-statd-notif= y.service > > new file mode 100644 > > index 000000000000..9d972fc7753a > > --- /dev/null > > +++ b/systemd/rpc-statd-notify.service > > @@ -0,0 +1,17 @@ > > +[Unit] > > +Description=3DNotify NFS peers of a restart > > +DefaultDependencies=3Dno > > +Requires=3Dnetwork-online.target > > +After=3Dnetwork-online.target nss-lookup.target > > + > > +# if we run an nfs server, it needs to be running before we > > +# tell clients that it has restarted. > > +After=3Dnfs-server.service > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D/usr/lib/systemd/scritps/nfs-utils_env.sh > > + > > +Type=3Doneshot > > +RemainAfterExit=3Dyes > > +ExecStart=3D-/usr/sbin/sm-notify -d $SMNOTIFYARGS >=20 >=20 > > diff --git a/systemd/rpc-statd.service b/systemd/rpc-statd.service > > new file mode 100644 > > index 000000000000..04962e542fbc > > --- /dev/null > > +++ b/systemd/rpc-statd.service > > @@ -0,0 +1,12 @@ > > +[Unit] > > +Description=3DNFS status monitor for NFSv2/3 locking. > > +DefaultDependencies=3Dno > > +Requires=3Dnss-lookup.target rpcbind.target > > +After=3Dnetwork.target nss-lookup.target rpcbind.target > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D-/usr/lib/systemd/scritps/nfs-utils_env.sh > > + > > +Type=3Dforking > > +ExecStart=3D/usr/sbin/rpc.statd --no-notify $STATDARGS >=20 >=20 > > diff --git a/systemd/rpc-svcgssd.service b/systemd/rpc-svcgssd.service > > new file mode 100644 > > index 000000000000..f024d40a8f41 > > --- /dev/null > > +++ b/systemd/rpc-svcgssd.service > > @@ -0,0 +1,15 @@ > > +[Unit] > > +Description=3DRPC security service for NFS server > > +Requires=3Dvar-lib-nfs-rpc_pipefs.mount > > +After=3Dvar-lib-nfs-rpc_pipefs.mount > > +PartOf=3Dnfs-server.service > > + > > +Requisite=3Dnfs-secure.target > > +After=3Dnfs-secure.target > > + > > +[Service] > > +EnvironmentFile=3D-/run/sysconfig/nfs-utils > > +ExecStartPre=3D-/usr/lib/systemd/scritps/nfs-utils_env.sh > > + > > +Type=3Dforking > > +ExecStart=3D/usr/sbin/rpc.svcgssd $SVCGSSDARGS >=20 >=20 > > diff --git a/systemd/var-lib-nfs-rpc_pipefs.mount b/systemd/var-lib-nfs= -rpc_pipefs.mount > > new file mode 100644 > > index 000000000000..cd614cf49f00 > > --- /dev/null > > +++ b/systemd/var-lib-nfs-rpc_pipefs.mount > > @@ -0,0 +1,8 @@ > > +[Unit] > > +Description=3DRPC Pipe File System > > +DefaultDependencies=3Dno > > + > > +[Mount] > > +What=3Dsunrpc > > +Where=3D/var/lib/nfs/rpc_pipefs > > +Type=3Drpc_pipefs >=20 >=20 > > diff --git a/utils/statd/start-statd b/utils/statd/start-statd > > index 1b345a547932..cde3583238e3 100644 > > --- a/utils/statd/start-statd > > +++ b/utils/statd/start-statd > > @@ -5,5 +5,8 @@ > > # It should run statd with whatever flags are apropriate for this > > # site. > > PATH=3D/sbin:/usr/sbin > > -exec rpc.statd --no-notify > > - > > +if systemctl start statd.service > > +then : > > +else > > + exec rpc.statd --no-notify > > +fi > >=20 >=20 > How does lockd get started and configured? Lockd is automatically started by the kernel (nfs and nfsd) when needed. I noticed that Fedora had some scripts to optionally set the port numbers that lockd would use. I left that out because I hoped we could find a bett= er way. If lockd is compiled in to the kernel, then I think fs.nfs.nlm_XXXport shou= ld be set via /etc/sysctl.conf. If it is a module, then the module parameters should be configured via an /etc/modprobe.d/lockd.conf file. I wish this was unified somehow (should modprobe call sysctl??) but it isn'= t. I appreciate that in neither case is it easy to get values out of a 'sysconfig' file in to the right place. I cannot really think of a better solution than an 'nfs-lock' service which sets these values, so I'll probably add it. >=20 > Overall it looks reasonable... But this is a change > of ABI... so it will be painful... :-( What exactly is changing that will be painful? I would certainly like to arrange the unit files to minimise your pain as much as possible, as long as it doesn't compromise effectiveness. Thanks for your review! NeilBrown --Sig_/0XNlqiR/24z=JaSfW17HuVV Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIVAwUBUurO3znsnt1WYoG5AQKXpQ/6Anp00fx/0QtDeP9B/9fPrA9PwsUxS8pl 4Of7C4zUsYjt5Ib59sl8KWKRBr9d/f/qYqX7BdzfzSc7vtp5K6JZ1F8HA1K0nV1O 69uYlbV4PhygV5fh0x9J2Wl+ztcNA9TaaFfqOZ7G46OZhx+Dk6f/F8C3PjA0clZP MHQelOcnzbjSrd5q+tSsPiT8h1PtXIo4BBKqyuDWHkxkwRJNURBwqbpzqrgWQlPK VKOqsjuqVIcTM+Pi0W1na/VnB7KFZWVKELF9/OACMRXTfB31ui1IbLlygGz0CHpM YsERCF8/S2z33oCfEZ3wd2az6TsInxuP7UMDIWlDnzJVqeWPmKr9lztddeBks7Q+ gDGHMpk9thbSA4KzllS2IfKoxwY65UWDfGR24vQh+c8bW9dbC9J5nXGGF4pYnPz1 Rja2bvxauRjoJOZqEeLBe8ezgkPbJaZYybRPPaMHWeAHpaYiLTIQOCV7MNBWdXuR VlONyRe2/tzMR0qSpoBMnPSJyRRQgllypCWqU+qS5+FC4PRoEDPl7+q6tP7o5g+x UcRhv1SV2rVXis3qlEwjPa1JCCjvrgkpYmd+1TlEswMGtTCipfdtIHUBK6qWbc6o IZihXNjfB5kVeFo4GW+MlEhG9brEQ7XUqx8/CApJihYGN7bQ39P8pydfIogevX7T Cdsb6kR2pWc= =ASlU -----END PGP SIGNATURE----- --Sig_/0XNlqiR/24z=JaSfW17HuVV--