Re: managing the system's NFSv4 domain name

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Jul 30, 2015, at 9:39 AM, Steve Dickson <SteveD@xxxxxxxxxx> wrote:

> On 07/29/2015 10:28 PM, Chuck Lever wrote:
>> Hi-
>> 
>> At least for testing purposes, it would be great to be able to
>> manage a system's NFSv4 domain name from the command line. I'm
>> frequently asked how to determine a system's NFSv4 domain name,
>> and I'm forced to answer something like this:
>> 
>>> Linux does not currently have a command line tool for managing
>>> the system's NFSv4 idmapping domain. Use:
>>> 
>>> awk '/^Domain/ { print $3 }' < /etc/idmapd.conf
>>> 
>>> If that fails to find anything, then use `dnsdomainname` . That
>>> won't be helpful if the system has multiple i/f's.
>> 
>> 
>> This doesn't even get into /proc/keys, or what to do to change
>> the NFSv4 domainname, or the differences between rpc.idmapd and
>> the keyring-based idmapper.
>> 
>> Linux now has hostnamectl and other tools to manage a system's
>> hostname and so on. Solaris has sharectl, which can display and
>> update the nfs4mapid_domain.
>> 
>> Does it make sense to extend the nfsidmap command to display and
>> modify the NFSv4 domain name?
> I would think so... All the tools (aka conf_XXX() calls) are there 
> and I think it would be relatively simple...

Any opinions about what command line options to use? How about:

To view:    nfsidmap -D

To update:  [sudo] nfsidmap -U new.domain.name

On the client, updating the domain name requires "nfsidmap -c"
to clear the kernel idmap keyring. That can be built in to -U.

On the server, I guess restarting rpc.idmapd would also be
required. Would be nice if server and client idmapping both used
request-key.


> Another thing I always thought would be nice is a way 
> to show the existing uid/gid keys in a human format.
> Now to see what keys exist one has to cat /proc/keys
> which is not very readable... 

Or use keyctl.

Either works for debugging and development, but neither are
appropriate as an administrative interface, IMO.

Something like "nfsidmap -l" would be simple, and could show
both legacy and id_resolv keys, if we like.

Btw, it looks like most recent kernels ignore the "-t" option.
It should be fixed or removed.


--
Chuck Lever



--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Filesystem Development]     [Linux USB Development]     [Linux Media Development]     [Video for Linux]     [Linux NILFS]     [Linux Audio Users]     [Yosemite Info]     [Linux SCSI]

  Powered by Linux