Chuck Lever [Mon, 18 May 2009 17:29:38 +0000 (13:29 -0400)]
umount.nfs: Harden umount.nfs error reporting
Add additional error reporting to nfs_advise_umount().
These messages can be displayed if the "-v" option
is specified with umount.nfs. Normally these
messages do not appear.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 15:17:49 +0000 (11:17 -0400)]
mount: remove legacy version of nfs_name_to_address()
Currently we have two separate copies of nfs_name_to_address() since
some older glibc's don't define AI_ADDRCONFIG. This means extra
work to build- and run-test both functions when code is changed in
this area.
It is also the case that gethostbyname(3) is deprecated, and should
not be used in new code.
Remove the legacy code in favor of always using getaddrinfo(3).
We can also get rid of nfs_name_to_address()'s @family argument as
well.
Note also this addresses a bug in nfsumount.c -- it was calling
nfs_name_to_address() with AF_UNSPEC unconditionally, even if the
legacy version of nfs_name_to_address(), which doesn't support
AF_UNSPEC, was in use.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 15:08:53 +0000 (11:08 -0400)]
sm-notify: Failed DNS lookups should be retried
Currently, if getaddrinfo(3) fails when trying to resolve a hostname,
sm-notify gives up immediately on that host. If sm-notify is started
before network service is available on a system, that means it quits
without notifying anyone. Or, if DNS service isn't available due to
a network partition or because the DNS server crashed, sm-notify will
simply remove all of its callback files and exit.
Really, sm-notify should try harder. We know that the hostnames
passed in to notify_host() have already been vetted by statd, which
won't monitor a hostname that it can't resolve. So it's likely that
any DNS failure we meet here is a temporary condition. If it isn't,
then sm-notify will stop trying to notify that host in 15 minutes
anyway.
[ The host's file is left in /var/lib/nfs/sm.bak in this case, but
sm.bak is not read again until the next time sm-notify runs. ]
sm-notify already has retry logic for handling RPC timeouts. We can
co-opt that to drive DNS resolution retries.
We also add AI_ADDRCONFIG because on systems whose network startup is
handled by NetworkManager, there appears to be a bug that causes
processes that started calling getaddinfo(3) before the network came
up to continue getting EAI_AGAIN even after the network is fully
operating.
As I understand it, legacy glibc (before AI_ADDRCONFIG was exposed in
headers) sets AI_ADDRCONFIG by default, although I haven't checked
this. In any event, pre-glibc-2.2 systems probably won't run
NetworkManager anyway, so this may not be much of a problem for them.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Mon, 18 May 2009 15:03:54 +0000 (11:03 -0400)]
sm-notify: Don't orphan addrinfo structs
sm-notify orphans an addrinfo struct in its address list rotation
logic if only a single result was returned from getaddrinfo(3).
For each host, the first time through notify_host(), we want to
send a PMAP_GETPORT request. ->ai is NULL, and retries is set to 100,
forcing a DNS lookup and an address rotation. If only a single
addrinfo struct is returned, the rotation logic causes a NULL to be
planted in ->ai, copied from the ai_next field of the returned result.
This means that the second time through notify_host() (to perform the
actual SM_NOTIFY call) we do a second DNS lookup, since ->ai is NULL.
The result of the first lookup has been orphaned, and extra network
traffic is generated.
This scenario is actually fairly common. Since we pass
.ai_protocol = IPPROTO_UDP,
to getaddrinfo(3), for most hosts, which have a single forward and
reverse pointer in the DNS database, we get back a single addrinfo
struct as a result.
To address this problem, only perform the address list rotation if
there is more than one element on the list returned by getaddrinfo(3).
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Benny Halevy [Mon, 4 May 2009 15:44:49 +0000 (11:44 -0400)]
utils/nfsd: add support for minorvers4
minorvers4 can be used to either enable or disable nfsv4.x.
If minorvers4 is a positive integer n, in the allowed range (only
minorversion 1 is supported for now), the string "+4.n" is appended
to the versions string written onto /proc/fs/nfsd/versions.
Correspondingly, if minorver4 is a negative integer -n, the string
"-4.n" is written.
With the default value, minorvers4==0, the minor version
setting is not changed.
Note that unlike the protocol versions 2, 3, or 4. The minor version
setting controls the *maximum* minor version nfsd supports. Particular
minor version cannot be controlled on their own. With only minor
version 1 supported at the moment the difference doesn't matter,
but for future minor versions greater than 1, enabling minor
version X will enable support for all minor versions 1 through X.
Disabling minor version X will disable support for minor
versions X and up, enabling 1 through X-1.
Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Sat, 18 Apr 2009 13:43:58 +0000 (09:43 -0400)]
support: Provide an API for creating a privileged RPC client
We needed to guarantee that some RPC programs, such as PMAP, got an
unprivileged port, to prevent exhausting the local privileged port
space sending RPC requests that don't need such privileges.
nfs_get_rpcclient() provides that feature.
However, some RPC programs, such as MNT and UMNT, require a privileged
port. So, let's provide an additional API for this that also supports
IPv6 and setting a destination port.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
as currently printed c is the version number, not a string char,
therefore is should be printed as %d not %c. That said, just print
optarg as %s since it might be non-numeric.
Signed-off-by: Benny Halevy <bhalevy@panasas.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Chuck Lever [Wed, 15 Apr 2009 16:38:40 +0000 (12:38 -0400)]
nfs-utils: reverse order of librpcsecgss and libgssglue checks
The check that validates the version of librpcsecgss also needs to
have libgssglue installed. Without libgssglue, ./configure complains
that it can't find rpcsecgss, even though it's installed.
It also turns out that the error message generated by pkg-config is
more complete than the one we have in aclocal/rpcsec_vers.m4, so just
let those PKG_CHECK_MODULES m4 macros use the default error message.
Signed-off-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 16:04:06 +0000 (12:04 -0400)]
nfs-utils: add IPv6 code to gssd
All of the pieces to handle IPv6 are now in place. Add IPv6-specific
code wrapped in the proper #ifdef's so that IPv6 support works when
it's enabled at build-time.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 16:01:46 +0000 (12:01 -0400)]
nfs-utils: switch gssd to use standard function for getting an RPC client
We already have a common function for setting up an RPC client. That
function uses the tirpc API when tirpc is enabled and is also already
IPv6 enabled. Switch gssd to use it.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 15:36:07 +0000 (11:36 -0400)]
nfs-utils: query for remote port using rpcbind instead of getaddrinfo
We already have the server's address from the upcall, so we don't really
need to look it up again, and querying the local services DB for the
port that the remote server is listening on is just plain wrong.
Use rpcbind to set the port for the program and version that we were
given in the upcall. The exception here is NFSv4. Since NFSv4 mounts
are supposed to use a well-defined port then skip the rpcbind query
for that and just set the port to the standard one (2049).
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 15:34:51 +0000 (11:34 -0400)]
nfs-utils: store the address given in the upcall for later use
The current upcall could be more efficient. We first convert the address
to a hostname, and then later when we set up the RPC client, we do a
hostname lookup to convert it back to an address.
Begin to change this by keeping the address in the clnt_info that we get
out of the upcall. Since a sockaddr has a port field, we can also
eliminate the port from the clnt_info.
Finally, switch to getnameinfo() instead of gethostbyaddr(). We'll need
to use that call anyway when we add support for IPv6.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Jeff Layton [Wed, 15 Apr 2009 14:29:04 +0000 (10:29 -0400)]
nfs-utils: make getnameinfo() required for --enable-gss
Systems that are so old that they don't have getnameinfo() in glibc are
probably also running kernels that are so old that they don't support
gssapi upcalls anyway.
Make --enable-gss dependent on the presence of the getnameinfo()
function. This allows us to reduce some conditional compilation.
Reviewed-by: Chuck Lever <chuck.lever@oracle.com> Signed-off-by: Jeff Layton <jlayton@redhat.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Steve Dickson [Wed, 8 Apr 2009 14:26:26 +0000 (10:26 -0400)]
The --list option does not work on server stats.
The print_stats_list() routine was using the client's
stats to decide whether to display any stats. This did
not work when there was only server stats.
This patch breaks up print_stats_list into two different
routines allowing both server and clients stats to be
listed.
Steve Dickson [Wed, 8 Apr 2009 13:28:22 +0000 (09:28 -0400)]
Eliminate the displaying zero stats when the explicit protocol
is specified (-2, -3, -4) the -Z and or --list options.
When a particular protocol is specified and either
the -Z or --list options are used, zeros or blank lines
are echoed to the screen when there is not any NFS traffic.
This cause any useful data to be scroll off the screen.
With this patch only non-zero stats will be shown, which
makes the output of these options more condensed and
in turn more useful.
nfsstat.c: Adds the --list flag to print information in a list format
instead of the standard multi-column format
nfsstat.man: Updates the manpage to include the --list flag.
Signed-off-by: Kevin Constantine <kevin.constantine@disneyanimation.com> Signed-off-by: Steve Dickson <steved@redhat.com>
Kevin Coffman [Fri, 3 Apr 2009 19:18:16 +0000 (15:18 -0400)]
svcgssd: check the return code from qword_eol() and log failures
If qword_eol() fails while writing the context information, log
an indication of the failure.
This addresses at least one cause of the intermittent, and
previously undiagnosed, problem of the server returning
GSS_S_NO_CONTEXT when a context was seemingly successfully
created and sent down to the kernel. In my case there was a
mis-match between kernel and user-land configuration resulting in
the proper kernel module not being loaded. Therefore the write
of the context failed, but was not logged by svcgssd. When the
kernel goes to find the resulting context, it was really not
there and correctly returned GSS_S_NO_CONTEXT to the client.
Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Steve Dickson <steved@redhat.com>