Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp1494071rwb; Thu, 10 Nov 2022 17:32:51 -0800 (PST) X-Google-Smtp-Source: AMsMyM7mwI7US58vGtnP6K1NdlNruC2S8XmSY2TYIbDrnE7Gm2UEG0R9YJF6FSMOghHvJM5YWJVr X-Received: by 2002:a05:6402:7cc:b0:462:273b:6b5c with SMTP id u12-20020a05640207cc00b00462273b6b5cmr3966380edy.57.1668130371121; Thu, 10 Nov 2022 17:32:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668130371; cv=none; d=google.com; s=arc-20160816; b=A+M3FQcse7f2PEsOHl55DLcwvxqfZXhlu3d3U/FoBk1niAgHYxtC+5FVc2ROfg2A4U 8I/WvIEuEU6P1x+c7OT+s8VGUxE4IoyL4oEmVI52OEj4nWwXEJE1gSgaWnjHtjlHTQeu Pcflx1MWLKeq6VpthXcJNDnyO2b9+GOdmjmSmccJ9k2o3p28wJ5n5J5IvffAdnB6mRYs YEmDuwxpry21xqH3xVcQE3CHpzcmj7F5pOP32oEZuFeSzo/MgjpMyKRyoDOHT9hXuFZv ac7JxZnZjROo15Du8/ygG1KMmnTInTx28jTIIdE/NvdNdO+bzM8uFgs2vegLwZE0R3+p exbg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:message-id:date:subject:cc:to:from:mime-version :content-transfer-encoding:dkim-signature:dkim-signature; bh=6RoUN3x67sUJKpOqXFxkLv+bOeFBl8ci/5ikFzhqnPU=; b=hk2nXDRMbVJuArklHByKUA4etsuquGwaYi91OrExoTkX2cUWjb9z/bKOLyHg3x231J dW6PbS0JWxkhnsew8XBnYy4lZuNddl6DPMU1CYx/zprloOj8appshcaDw7WrlxgDNFBL OP9VTRhAsLgafr9rWkgYbChSIY+NxXS6Ko97eW4Lt2iEaaFuaNTnVZgE3Ls5K/5EDMnJ TyALXgE0z3aVxEzexx/7UMk/M++krPiYVrf9w5NIPMmkHLmRmRE+JFnzZkxQAFoeBq6W 8uvf8+KUI0xLs8hMzgjFiQUoNIzN1hRrqFVFYLwsDJ42Brbs+Bu8jXwHalnatj1dtSPv CXMw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="mCJhLY/e"; dkim=neutral (no key) header.i=@suse.de header.b="/WBSSUP0"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oz19-20020a1709077d9300b007882936242fsi838675ejc.769.2022.11.10.17.32.16; Thu, 10 Nov 2022 17:32:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@suse.de header.s=susede2_rsa header.b="mCJhLY/e"; dkim=neutral (no key) header.i=@suse.de header.b="/WBSSUP0"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229688AbiKKB2u (ORCPT + 99 others); Thu, 10 Nov 2022 20:28:50 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48404 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229536AbiKKB2t (ORCPT ); Thu, 10 Nov 2022 20:28:49 -0500 Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2001:67c:2178:6::1c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6BA3A5FE8 for ; Thu, 10 Nov 2022 17:28:48 -0800 (PST) Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 268FF2279A; Fri, 11 Nov 2022 01:28:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1668130127; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6RoUN3x67sUJKpOqXFxkLv+bOeFBl8ci/5ikFzhqnPU=; b=mCJhLY/eRUkR0q6Y9ToaTlj1VdjjLmtzAiRHRPC4gnzwoFgOxKPdnLqL1UTQa2X6b570pQ hfU12BsSCU21jEs6tyWgHLTDCG6bvq9VEUJdY9+8ShyTXhyhraNUVECJegOXFPPv+qxfKH +oi+rxq5SZfZ9gzewrHLEthI6iy15hQ= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1668130127; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=6RoUN3x67sUJKpOqXFxkLv+bOeFBl8ci/5ikFzhqnPU=; b=/WBSSUP0+6w3RygWpN7dZxMWO6c2aaBYB8RHlAlC3oQxWB+3krdztZd7r18oTtWS9fy374 kJ7ueq1b5mGMzKAA== Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 413A713357; Fri, 11 Nov 2022 01:28:45 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap2.suse-dmz.suse.de with ESMTPSA id YB50Ok2lbWP8dQAAMHmgww (envelope-from ); Fri, 11 Nov 2022 01:28:45 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 From: "NeilBrown" To: Steve Dickson Cc: Linux NFS Mailing List Subject: [PATCH nfs-utils] nfsd: allow server scope to be set with config or command line. Date: Fri, 11 Nov 2022 12:28:32 +1100 Message-id: <166813011417.19313.12216066495338584736@noble.neil.brown.name> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org NFSv4.1 and later require the server to report a "scope". Servers with the same scope are expected to understand each other's state ids etc, though may not accept them - this ensure there can be no misunderstanding. This is helpful for migration. Servers with different scope are known to be different and if a server appears to change scope on a restart, lock recovery must not be attempted. It is important for fail-over configurations to have the same scope for all server instances. Linux NFSD sets scope to host name. It is common for fail-over configurations to use different host names on different server nodes. So the default is not good for these configurations and must be over-ridden. As discussed in https://github.com/ClusterLabs/resource-agents/issues/1644 some HA management tools attempt to address this with calls to "unshare" and "hostname" before running "rpc.nfsd". This is unnecessarily cumbersome. This patch adds a "-S" command-line option and nfsd.scope config value so that the scope can be set easily for nfsd. Signed-off-by: NeilBrown --- systemd/nfs.conf.man | 1 + utils/nfsd/nfsd.c | 19 ++++++++++++++++++- utils/nfsd/nfsd.man | 13 ++++++++++++- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/systemd/nfs.conf.man b/systemd/nfs.conf.man index b95c05a68759..bfd3380ff081 100644 --- a/systemd/nfs.conf.man +++ b/systemd/nfs.conf.man @@ -172,6 +172,7 @@ for details. Recognized values: .BR threads , .BR host , +.BR scope , .BR port , .BR grace-time , .BR lease-time , diff --git a/utils/nfsd/nfsd.c b/utils/nfsd/nfsd.c index 4016a761293b..169e02a84f7b 100644 --- a/utils/nfsd/nfsd.c +++ b/utils/nfsd/nfsd.c @@ -23,6 +23,7 @@ #include #include #include +#include =20 #include "conffile.h" #include "nfslib.h" @@ -39,6 +40,7 @@ static void usage(const char *); static struct option longopts[] =3D { { "host", 1, 0, 'H' }, + { "scope", 1, 0, 'S'}, { "help", 0, 0, 'h' }, { "no-nfs-version", 1, 0, 'N' }, { "nfs-version", 1, 0, 'V' }, @@ -69,6 +71,7 @@ main(int argc, char **argv) int count =3D NFSD_NPROC, c, i, error =3D 0, portnum, fd, found_one; char *p, *progname, *port, *rdma_port =3D NULL; char **haddr =3D NULL; + char *scope =3D NULL; int hcounter =3D 0; struct conf_list *hosts; int socket_up =3D 0; @@ -168,8 +171,9 @@ main(int argc, char **argv) hcounter++; } } + scope =3D conf_get_str("nfsd", "scope"); =20 - while ((c =3D getopt_long(argc, argv, "dH:hN:V:p:P:stTuUrG:L:", longopts, N= ULL)) !=3D EOF) { + while ((c =3D getopt_long(argc, argv, "dH:S:hN:V:p:P:stTuUrG:L:", longopts,= NULL)) !=3D EOF) { switch(c) { case 'd': xlog_config(D_ALL, 1); @@ -190,6 +194,9 @@ main(int argc, char **argv) haddr[hcounter] =3D optarg; hcounter++; break; + case 'S': + scope =3D optarg; + break; case 'P': /* XXX for nfs-server compatibility */ case 'p': /* only the last -p option has any effect */ @@ -367,6 +374,16 @@ main(int argc, char **argv) if (lease > 0) nfssvc_set_time("lease", lease); =20 + if (!scope && hcounter =3D=3D 1) + scope =3D haddr[0]; + if (scope) { + if (unshare(CLONE_NEWUTS) < 0 || + sethostname(scope, strlen(scope)) < 0) { + xlog(L_ERROR, "Unable to set server scope: %m"); + error =3D -1; + goto out; + } + } i =3D 0; do { error =3D nfssvc_set_sockets(protobits, haddr[i], port); diff --git a/utils/nfsd/nfsd.man b/utils/nfsd/nfsd.man index bb99fe2b1d89..dc05f3623465 100644 --- a/utils/nfsd/nfsd.man +++ b/utils/nfsd/nfsd.man @@ -35,9 +35,17 @@ Note that .B lockd (which performs file locking services for NFS) may still accept request on all known network addresses. This may change in future -releases of the Linux Kernel. This option can be used multiple time=20 +releases of the Linux Kernel. This option can be used multiple times to listen to more than one interface. .TP +.B \S " or " \-\-scope scope +NFSv4.1 and later require the server to report a "scope" which is used +by the clients to detect if two connections are to the same server. +By default Linux NFSD uses the host name as the scope. +.sp +It is particularly important for high-availablity configurations to ensure +that all potential server nodes report the same server scope. +.TP .B \-p " or " \-\-port port specify a different port to listen on for NFS requests. By default, .B rpc.nfsd @@ -134,6 +142,9 @@ will listen on. Use of the .B --host option replaces all host names listed here. .TP +.B scope +Set the server scope. +.TP .B grace-time The grace time, for both NFSv4 and NLM, in seconds. .TP --=20 2.38.1