3 .\" Copyright (C) 2004 Olaf Kirch <okir@suse.de>
5 .\" Rewritten by Chuck Lever <chuck.lever@oracle.com>, 2009.
6 .\" Copyright 2009 Oracle. All rights reserved.
8 .TH SM-NOTIFY 8 "1 November 2009
10 sm-notify \- send reboot notifications to NFS peers
12 .BI "/usr/sbin/sm-notify [-dfn] [-m " minutes "] [-v " name "] [-p " notify-port "] [-P " path "]
14 File locks are not part of persistent file system state.
15 Lock state is thus lost when a host reboots.
17 Network file systems must also detect when lock state is lost
18 because a remote host has rebooted.
19 After an NFS client reboots, an NFS server must release all file locks
20 held by applications that were running on that client.
21 After a server reboots, a client must remind the
22 server of file locks held by applications running on that client.
24 For NFS version 2 and version 3, the
25 .I Network Status Monitor
26 protocol (or NSM for short)
27 is used to notify NFS peers of reboots.
28 On Linux, two separate user-space components constitute the NSM service:
31 A helper program that notifies NFS peers after the local system reboots
34 A daemon that listens for reboot notifications from other hosts, and
35 manages the list of hosts to be notified when the local system reboots
37 The local NFS lock manager alerts its local
39 of each remote peer that should be monitored.
40 When the local system reboots, the
42 command notifies the NSM service on monitored peers of the reboot.
43 When a remote reboots, that peer notifies the local
45 which in turn passes the reboot notification
46 back to the local NFS lock manager.
47 .SH NSM OPERATION IN DETAIL
48 The first file locking interaction between an NFS client and server causes
49 the NFS lock managers on both peers to contact their local NSM service to
50 store information about the opposite peer.
51 On Linux, the local lock manager contacts
55 records information about each monitored NFS peer on persistent storage.
56 This information describes how to contact a remote peer
57 in case the local system reboots,
58 how to recognize which monitored peer is reporting a reboot,
59 and how to notify the local lock manager when a monitored peer
60 indicates it has rebooted.
62 An NFS client sends a hostname, known as the client's
64 in each file lock request.
65 An NFS server can use this hostname to send asynchronous GRANT
66 calls to a client, or to notify the client it has rebooted.
68 The Linux NFS server can provide the client's
70 or the client's network address to
72 For the purposes of the NSM protocol,
73 this name or address is known as the monitored peer's
75 In addition, the local lock manager tells
77 what it thinks its own hostname is.
78 For the purposes of the NSM protocol,
79 this hostname is known as
82 There is no equivalent interaction between an NFS server and a client
83 to inform the client of the server's
85 Therefore NFS clients do not actually know what
87 an NFS server might use in an SM_NOTIFY request.
88 The Linux NFS client records the server's hostname used on the mount command
89 to identify rebooting NFS servers.
90 .SS Reboot notification
91 When the local system reboots, the
93 command reads the list of monitored peers from persistent storage and
94 sends an SM_NOTIFY request to the NSM service on each listed remote peer.
97 string as the destination.
98 To identify which host has rebooted, the
100 command normally sends the results of
107 matches incoming SM_NOTIFY requests using this string,
108 or the caller's network address,
109 to one or more peers on its own monitor list.
113 does not find a peer on its monitor list that matches
114 an incoming SM_NOTIFY request,
115 the notification is not forwarded to the local lock manager.
116 In addition, each peer has its own
117 .IR "NSM state number" ,
118 a 32-bit integer that is bumped after each reboot by the
122 uses this number to distinguish between actual reboots
123 and replayed notifications.
125 Part of NFS lock recovery is rediscovering
126 which peers need to be monitored again.
129 command clears the monitor list on persistent storage after each reboot.
135 attached to its controlling terminal and running in the foreground
136 so that notification progress may be monitored directly.
139 Send notifications even if
141 has already run since the last system reboot.
144 Specifies the length of time, in minutes, to continue retrying
145 notifications to unresponsive hosts.
146 If this option is not specified,
148 attempts to send notifications for 15 minutes.
149 Specifying a value of 0 causes
151 to continue sending notifications to unresponsive peers
152 until it is manually killed.
154 Notifications are retried if sending fails,
155 the remote does not respond,
156 the remote's NSM service is not registered,
157 or if there is a DNS failure
158 which prevents the remote's
160 from being resolved to an address.
162 Hosts are not removed from the notification list until a valid
163 reply has been received.
164 However, the SM_NOTIFY procedure has a void result.
167 to tell if the remote recognized the sender and has started
168 appropriate lock recovery.
173 from updating the local system's NSM state number.
176 Specifies the source port number
178 should use when sending reboot notifications.
179 If this option is not specified, a randomly chosen ephemeral port is used.
181 This option can be used to traverse a firewall between client and server.
183 .BI "\-P, " "" \-\-state\-directory\-path " pathname
184 Specifies the pathname of the parent directory
185 where NSM state information resides.
186 If this option is not specified,
194 attempts to set its effective UID and GID to the owner
195 and group of this directory.
197 .BI -v " ipaddr " | " hostname
198 Specifies the network address from which to send reboot notifications,
201 argument to use when sending SM_NOTIFY requests.
202 If this option is not specified,
204 uses a wildcard address as the transport bind address,
205 and uses the results of
213 form can be expressed as either an IPv4 or an IPv6 presentation address.
215 This option can be useful in multi-homed configurations where
216 the remote requires notification from a specific network address.
220 command must be started as root to acquire privileges needed
221 to access the state information database.
222 It drops root privileges
223 as soon as it starts up to reduce the risk of a privilege escalation attack.
225 During normal operation,
226 the effective user ID it chooses is the owner of the state directory.
227 This allows it to continue to access files in that directory after it
228 has dropped its root privileges.
229 To control which user ID
236 Lock recovery after a reboot is critical to maintaining data integrity
237 and preventing unnecessary application hangs.
241 match SM_NOTIFY requests to NLM requests, a number of best practices
242 should be observed, including:
244 The UTS nodename of your systems should match the DNS names that NFS
245 peers use to contact them
247 The UTS nodenames of your systems should always be fully qualified domain names
249 The forward and reverse DNS mapping of the UTS nodenames should be
252 The hostname the client uses to mount the server should match the server's
254 in SM_NOTIFY requests it sends
256 The use of network addresses as a
260 string should be avoided when
261 interoperating with non-Linux NFS implementations.
263 Unmounting an NFS file system does not necessarily stop
264 either the NFS client or server from monitoring each other.
265 Both may continue monitoring each other for a time in case subsequent
266 NFS traffic between the two results in fresh mounts and additional
271 kernel module is unloaded during normal operation,
272 all remote NFS peers are unmonitored.
273 This can happen on an NFS client, for example,
274 if an automounter removes all NFS mount
275 points due to inactivity.
276 .SS IPv6 and TI-RPC support
277 TI-RPC is a pre-requisite for supporting NFS on IPv6.
278 If TI-RPC support is built into the
280 command ,it will choose an appropriate IPv4 or IPv6 transport
281 based on the network address returned by DNS for each remote peer.
282 It should be fully compatible with remote systems
283 that do not support TI-RPC or IPv6.
287 command supports sending notification only via datagram transport protocols.
291 directory containing monitor list
293 .I /var/lib/nfs/sm.bak
294 directory containing notify list
296 .I /var/lib/nfs/state
297 NSM state number for this host
299 .I /proc/sys/fs/nfs/nsm_local_state
300 kernel's copy of the NSM state number
307 RFC 1094 - "NFS: Network File System Protocol Specification"
309 RFC 1813 - "NFS Version 3 Protocol Specification"
311 OpenGroup Protocols for Interworking: XNFS, Version 3W - Chapter 11
313 Olaf Kirch <okir@suse.de>
315 Chuck Lever <chuck.lever@oracle.com>