On Fri, Mar 31 2017, Scott Mayhew wrote:
> These patches aim to make it a little easier to change the mountpoint.
> Right now if you change the pipefs-directory in /etc/nfs.conf, you still
> need to manually override the dependencies in the systemd unit files in
> order for the change to actually work.
>
> The first patch moves rpc.idmapd's (mostly) undocumented
> pipefs-directory from /etc/idmapd.conf to /etc/nfs.conf, which rpc.gssd
> already can use for it's pipefs-directory configuration.
>
> The second patch adds a systemd generator that reads the
> pipefs-directory configurations from /etc/nfs.conf, and if they differ
> from the default it will automatically 1) create a systemd mount unit
> file for the pipefs mountpoint and 2) it will create a drop-in
> configuration file to override the Requires= and After= directives for
> that service.
>
> I did run into a bit of a snag though. Depsite overriding the
> dependencies for both idmapd and gssd, I wind up with two pipefs
> filesystems mounted:
>
> [root@coeurl ~]# grep pipefs /proc/mounts
> sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw,relatime 0 0
> sunrpc /run/rpc_pipefs rpc_pipefs rw,relatime 0 0
>
> systemd still shows the dependency on the default pipefs mountpoint:
>
> [root@coeurl ~]# systemctl list-dependencies --before var-lib-nfs-rpc_pipefs.mount
> var-lib-nfs-rpc_pipefs.mount
> ● ├─nfs-idmapd.service
> ● └─rpc-gssd.service
>
> as well as the new one:
>
> [root@coeurl ~]# systemctl list-dependencies --before run-rpc_pipefs.mount
> run-rpc_pipefs.mount
> ● ├─nfs-idmapd.service
> ● └─rpc-gssd.service
>
> The drop-in configs to override the pipefs mountpoint look correct. I'm
> clearing both Requires= and After= before setting them:
>
> [root@coeurl ~]# cat /run/systemd/generator/nfs-idmapd.service.d/10-pipefs.conf
> # Automatically generated by rpc-pipefs-generator
>
> [Unit]
> Requires=
> Requires=run-rpc_pipefs.mount
> After=
> After=run-rpc_pipefs.mount local-fs.target
>
> [root@coeurl ~]# cat /run/systemd/generator/rpc-gssd.service.d/10-pipefs.conf
> # Automatically generated by rpc-pipefs-generator
>
> [Unit]
> Requires=
> Requires=run-rpc_pipefs.mount
> After=
> After=run-rpc_pipefs.mount
>
> The generated mount unit file also looks correct:
>
> [root@coeurl ~]# cat /run/systemd/generator/run-rpc_pipefs.mount
> # Automatically generated by rpc-pipefs-generator
>
> [Unit]
> Description=RPC Pipe File System
> DefaultDependencies=no
> After=systemd-tmpfiles-setup.service
> Conflicts=umount.target
>
> [Mount]
> What=sunrpc
> Where=/run/rpc_pipefs
> Type=rpc_pipefs
>
> systemd shows that the drop-in config was picked up:
>
> [root@coeurl ~]# systemctl status nfs-idmapd
> ● nfs-idmapd.service - NFSv4 ID-name mapping service
> Loaded: loaded (/usr/lib/systemd/system/nfs-idmapd.service; static; vendor preset: disabled)
> Drop-In: /run/systemd/generator/nfs-idmapd.service.d
> └─10-pipefs.conf
> Active: active (running) since Fri 2017-03-31 16:54:24 EDT; 5min ago
> Process: 27831 ExecStart=/usr/sbin/rpc.idmapd $RPCIDMAPDARGS (code=exited, status=0/SUCCESS)
> Main PID: 27832 (rpc.idmapd)
> Tasks: 1 (limit: 4915)
> CGroup: /system.slice/nfs-idmapd.service
> └─27832 /usr/sbin/rpc.idmapd
>
> and lsof shows that the correct mountpoint is being used:
>
> [root@coeurl ~]# lsof -p 27832 2>/dev/null | grep pipefs
> rpc.idmap 27832 root 10r DIR 0,42 0 103 /run/rpc_pipefs/nfs
>
> The same for gssd:
>
> [root@coeurl ~]# systemctl status rpc-gssd
> ● rpc-gssd.service - RPC security service for NFS client and server
> Loaded: loaded (/usr/lib/systemd/system/rpc-gssd.service; static; vendor preset: disabled)
> Drop-In: /run/systemd/generator/rpc-gssd.service.d
> └─10-pipefs.conf
> Active: active (running) since Fri 2017-03-31 16:54:29 EDT; 6min ago
> Process: 27839 ExecStart=/usr/sbin/rpc.gssd $RPCGSSDARGS (code=exited, status=0/SUCCESS)
> Main PID: 27840 (rpc.gssd)
> Tasks: 1 (limit: 4915)
> CGroup: /system.slice/rpc-gssd.service
> └─27840 /usr/sbin/rpc.gssd
>
> [root@coeurl ~]# lsof -p 27840 2>/dev/null | grep pipefs
> rpc.gssd 27840 root cwd DIR 0,42 0 24637 /run/rpc_pipefs
> rpc.gssd 27840 root 7r DIR 0,42 0 24637 /run/rpc_pipefs
> rpc.gssd 27840 root 11u FIFO 0,42 0t0 112 /run/rpc_pipefs/gssd/clntXX/gssd
>
> So it looks like systemd is using both sets of dependencies, even though
> the programs themselves are only looking for what's specified in
> /etc/nfs.conf. I'm not sure what to do about that. Maybe remove the
> var-lib-nfs-rpc_pipefs.mount unit as well as the dependencies in the
> nfs-idmapd.service and rpc-gssd.service files, and have the generator
> create those automatically as well?
>
Towards the end of the systemd.unit man page is the text:
Note that dependencies (After=, etc.) cannot be reset to an empty list,
so dependencies can only be added in drop-ins. If you want to remove
dependencies, you have to override the entire unit.
which is consistent with what you discovered.
Maybe create a "rpc_pipefs.target" which
Requires=var-lib-nfs-rpc_pipefs.mount
After=var-lib-nfs-rpc_pipefs.mount
and have all the other unit files specified their dependencies
against this target.
Then your generator would conditionally create a new "rpc_pipefs.target"
and matching foo.mount. The new .target would depend in the foo.mount,
and the service files would already depend on that.
Might work.
Thanks,
NeilBrown
> -Scott
>
> Scott Mayhew (2):
> idmapd: move the pipefs-directory config option to nfs.conf
> systemd: add a generator for the rpc_pipefs mountpoint
>
> .gitignore | 1 +
> nfs.conf | 3 +
> systemd/Makefile.am | 4 +-
> systemd/nfs.conf.man | 9 ++
> systemd/rpc-pipefs-generator.c | 256 +++++++++++++++++++++++++++++++++++++++++
> systemd/rpc-svcgssd.service | 3 +-
> utils/idmapd/idmapd.c | 35 +++---
> utils/idmapd/idmapd.man | 19 ++-
> 8 files changed, 305 insertions(+), 25 deletions(-)
> create mode 100644 systemd/rpc-pipefs-generator.c
>
> --
> 2.9.3
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
Attachment:
signature.asc
Description: PGP signature
