Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp780696pxa; Wed, 12 Aug 2020 13:11:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwkXfDDg++hhWVc42UJkAYKGPPERnXUR+yJDcTxcQObAZ2gSieZOYbfhi60eXB3UK+/zfp+ X-Received: by 2002:a05:6402:3193:: with SMTP id di19mr1578187edb.98.1597263101980; Wed, 12 Aug 2020 13:11:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597263101; cv=none; d=google.com; s=arc-20160816; b=WYrDBmQvdNFQBrj7ZB1Ry4DG1I4mgMBjfgPhy2Sc8Fp0zxBWpco7jFFTD4yCzW+1ti QuqwgwiC7kTrlV9Bkwj7IsuhePF1fp27vDkLbIPj++lup/Xy22xE7kv88rBlrRb49Tye 1VOdewgZRoLlF5HRPXpagk4Awqqvrj2SpOG48lZ/yLnXNG0AQUCn5HiKjjaY/lky8jHt 20x3YF07/Vov6B2Xmpox97wfJURKxbe4Z8nP1t52btX0AV1wSEeKiLTejD1YJKEwNpSI RN1Jr5gPabgpEF5gZLPU/jdhW+4F7beS9Cyb0DSFD0CS5QVWo6zohR11JUwzYiX3Voj7 rtCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:message-id:subject:to:from :date:content-transfer-encoding:mime-version; bh=7fcZrWwmqA4B2AGlAoEVL1orDfHJcxtoDjlfaS6y5sM=; b=pleUkb2HtkpinTIqO3B21B322aCqkjuKawMMGotbF1VtSBlsnrshDWdyx4cwW0/JZu bKwI2wMMWB7DWIDvZX074emTg4pJVj7AlxhNq4Kk0NWBULE3Pi8V4Go+liOxzVPnv7NY MojVp1p6CBTL0whrvC+3ApY8wxagcQH8I+coQ5PfjgY7xe1cxIzBScU0cw2ySLmXYaww N8Azhc9NVS38RuVOe7WflS9T1tWQImy5f/1Fr0afzgqxIQhiExHH6ri5MXrRkK2D9TT3 0DYyTmUxCavIXjIPuLnAtjKIiMk3eJnBKz+4omD2qAGdEETP/IL/1hONavX0Dvm8tYU5 eQ5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f16si1741755ejx.464.2020.08.12.13.11.07; Wed, 12 Aug 2020 13:11:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726574AbgHLULE (ORCPT + 99 others); Wed, 12 Aug 2020 16:11:04 -0400 Received: from busy-byte.org ([176.10.100.20]:18116 "EHLO mail.busy-byte.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726557AbgHLULE (ORCPT ); Wed, 12 Aug 2020 16:11:04 -0400 X-Greylist: delayed 349 seconds by postgrey-1.27 at vger.kernel.org; Wed, 12 Aug 2020 16:11:03 EDT Received: from webmail.busy-byte.org (localhost [127.0.0.1]) by mail.busy-byte.org (Postfix) with ESMTP id BDF5E85A699 for ; Wed, 12 Aug 2020 22:05:08 +0200 (CEST) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Wed, 12 Aug 2020 22:05:08 +0200 From: NFS Traumatized Linux User To: linux-nfs@vger.kernel.org Subject: CentOS 8 + Kerberized NFS homes / AutoFS -> can't get this to run properly, many actions heavily delayed, freq. mouse/kbd freezes -> NFS issue? Message-ID: X-Sender: nfstrauma@busy-byte.org User-Agent: Roundcube Webmail/1.1.12 Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org Hi there, sorry for bothering here, but I did not fing anything useful on Google... occasianally searching for serveral months. I'm running a CentOs 8.2.2004 file server on KVM, kernel version 4.18.0-193.6.3.el8_2. That file server VM is part of a FreeeIPA domain. Domain users (=extended family) can log in via SSH: this works very reliable. At home, I have set up some CentOS 8 clients, two for my kids and one for myself. I'll focus on my own client for now the kids one's are the same/similar. My personal client is a HP z420 with 12 cores and 64GB of RAM, so pleanty of resources. Kernel 4.18.0-193.14-2. This machine has a 1GBit link to the file server. I registered the client machine in the domain: id works just fine: the userid and the associated groups are returned as would be expected. There is no clock skew between the client and the NFS & Kerberos servers: I have a Stratum 1 Meinberg NTP appliance providing accurate GPS time to the entire network. I export the home directories on the NFS server to the local network (rw,sec=krb5p,root_squash,async,subtree_check) and configured autofs on the clients to mount the respective user home directory when a user logs into a client: /etc/auto.master: /home /etc/auto.home --timeout=600 /etc/auto.home * -rw,nfs4,nfsvers=4.1,soft fileserver:/home/& When a user logs into a client, the user automatically gets a 24h Kerberos ticket that can be displayed with klist. Upon login, AutoFS does its thing by mounting the user's home directory in the expected location. ID mappiung works as expected: ls -l therefore shows usernames/groupnames instead of numeric UIDs/GIDs. Write access to the exported FS works: For instance touch test rm test in the user's home all just work fine. BUT starting a normal GNOME session after accepting the login credentials takes VERY long (2-3 minutes). Opening a simple GNOME terminal takes long (~1 minute), starting Nautilus takes ages (firing it up from the terminal until an empty window appear takes ~1 minute, then I get a spinning wheel in the lower right corner saying "Loading" for another couple of minutes before the home directory contents is displayed in the window). Lauching programs in GNOME frequently makes the mouse&keyboard freeze for several minutes. SELinux does not seem to be the culprit: I tried with "setenforce 0" on both the server and the client without success. My feeling is that something with NFS is wrong here, but I don't see what it might be. Both, the client and the server run on quite powerful hardware, so I would expect sec=krb5p not to be an issue. I have a few questions: * What is the right approach to debug this? * Are there any known issues with kerberized NFS and exported home directories similar to what I described above? Any pointers / help would be greatly appreciated. -- Cheers, Ray