On Mon, 02 Dec 2024, Steve Dickson wrote:
> Hey,
>
> On 12/2/24 3:30 PM, Scott Mayhew wrote:
> > Commit 15dc0bea ("exportd: Moved cache upcalls routines into
> > libexport.a") caused write_fsloc() to be elided when junction support is
> > disabled. Get rid of the bogus #ifdef HAVE_JUNCTION_SUPPORT blocks so
> > that referrals work again (the only #ifdef HAVE_JUNCTION_SUPPORT should
> > be around actual junction code).
> Why not just take the enable_junction config variable
> out of configure.ac as well?
>
> If we want junctions/referrals (which are the same)
> IMHO... on all the time... Lets not be able to
> turn them off at all?
>
> Point being... if we are going remove 3 of the 4
> HAVE_JUNCTION_SUPPORT ifdefs... let get ride of
> all of them.
Junctions and referrals are _not_ the same. A junction is one mechanism
that can be used to generate a referral. The other way to generate a
referral is with an export entry, and that is the method that stopped
working after 15dc0bea.
When you set up a referral via an export entry you use the refer=
export option, and the directory must be a mountpoint so that nfsd will
consult the export cache when the client tries to access the directory.
For example, I set up the following in /etc/exports:
/export *(rw,insecure,no_root_squash)
/export/ref *(rw,insecure,no_root_squash,refer=/export@192.168.124.66)
After the client tries to access /export/ref, this is what I see when I
dump the export cache without my fix:
[root@rawhide ~]# cat /proc/net/rpc/nfsd.export/content
#path domain(flags)
/ *(ro,insecure,no_root_squash,sync,no_wdelay,no_subtree_check,v4root,fsid=0,sec=1)
/export *(rw,insecure,no_root_squash,sync,wdelay,no_subtree_check,uuid=c4eeda84:ea1a4dcd:a043fdc1:372d7878,sec=1)
/export/ref *(rw,insecure,no_root_squash,sync,wdelay,no_subtree_check,uuid=c4eeda84:ea1a4dcd:a043fdc1:372d7878,sec=1)
Notice there's no refer= option. So when the client does a LOOKUP of
/export/ref, the server treats it as a normal directory... it doesn't
return NFS4ERR_MOVED and so the client doesn't know to query
fs_locations.
Here is what the export cache looks like with my fix:
[root@rawhide ~]# cat /proc/net/rpc/nfsd.export/content
#path domain(flags)
/export *(rw,insecure,no_root_squash,sync,wdelay,no_subtree_check,uuid=c4eeda84:ea1a4dcd:a043fdc1:372d7878,sec=1)
/ *(ro,insecure,no_root_squash,sync,no_wdelay,no_subtree_check,v4root,fsid=0,sec=1)
/export/ref *(rw,insecure,no_root_squash,sync,wdelay,no_subtree_check,refer=/export@192.168.124.66,uuid=c4eeda84:ea1a4dcd:a043fdc1:372d7878,sec=1)
Note the refer= option is present, and the referral works normally.
A junction is basically a fancy directory that has the user/group/other
mode bits set to 0 and the sticky bit turned on. The original mode bits
are stored in the trusted.junction.mode extended attribute and the
referral information is stored in the trusted.junction.nfs extended
attribute.
Continuing with my previous example, I have this in my /etc/exports
[root@rawhide ~]# cat /etc/exports
/export *(rw,insecure,no_root_squash)
/export/ref *(rw,insecure,no_root_squash,refer=/export@192.168.124.66)
Let's add a referral using a junction.
[root@rawhide ~]# nfsref add /export/junc 192.168.124.66 /export
Created junction /export/junc
In this case, /export/junc didn't previously exist, so the nfsref tool
created it. If /export/junc did already exist, then the original mode
would be stored in the trusted.junction.mode and the original contents
of the directory would be hidden from the client (as well as
non-privileged users on the server).
You can look up the referral info using 'nfsref lookup':
[root@rawhide ~]# nfsref lookup /export/junc
192.168.124.66:/export
NFS port: 2049
Valid for: 0
Currency: -1
Flags: varsub(false)
GenFlags: writable(false), going(false), split(true)
TransFlags: rdma(true)
Class: simul(0), handle(0), fileid(0)
Class: writever(0), change(0), readdir(0)
Read: rank(0), order(0)
Write: rank(0), order(0)
Or you can just use getfattr if you want to see the raw xml:
[root@rawhide ~]# getfattr --only-values -d -m trusted.junction.nfs /export/junc
getfattr: Removing leading '/' from absolute path names
<?xml version="1.0" encoding="UTF-8"?>
<junction>
<savedmode bits="755"/>
<fileset>
<location>
<host name="192.168.124.66"/>
<path>
<component>export</component>
</path>
<currency>-1</currency>
<genflags writable="false" going="false" split="true"/>
<transflags rdma="true"/>
<class simul="0" handle="0" fileid="0" writever="0" change="0" readdir="0"/>
<read rank="0" order="0"/>
<write rank="0" order="0"/>
<flags varsub="false"/>
<validfor>0</validfor>
</location>
</fileset>
</junction>
Note that since the /export/junc referral is stored in a junction, it
doesn't appear in the export info:
[root@rawhide ~]# exportfs -v
/export <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,insecure,no_root_squash,no_all_squash)
/export/ref <world>(sync,wdelay,hide,no_subtree_check,refer=/export@192.168.124.66,sec=sys,rw,insecure,no_root_squash,no_all_squash)
