Bug 151166
| Summary: | system-config-nfs needs updating | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Steve Dickson <steved> | ||||
| Component: | system-config-nfs | Assignee: | Nils Philippsen <nphilipp> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | rawhide | CC: | jparsons, nphilipp | ||||
| Target Milestone: | --- | Keywords: | FutureFeature | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 1.3.16-0.fc4.2 | Doc Type: | Enhancement | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2006-05-05 01:43:40 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 150221 | ||||||
| Attachments: |
|
||||||
Steve, can you try system-config-nfs-1.3.0-1? It contains a new NFS backend which was necessary to support the options not yet known to s-c-nfs (and stay sane at the same time). While the GUI doesn't know about nohide/mountpoint/fsid yet, it should at least leave these options alone -- in fact it should leave all unknown options alone (unless you remove the client in question) and code is in place to issue warnings like 'unknown option foo in line bar', 'duplicate option baz in line gna' etc. after reading /etc/exports. Re gss/krb5: this isn't implemented yet, at the moment it will treat it as a host and make something like gss/krb5(ro,sync) out of it ;-). I plan to revamp the GUI as well so you only see the "Shares", i.e. paths in the main window and things like gss/krb5 can come as an option of that share. While we're at it: we need to start rpc.svcgssd for gss/krb5, but should it be stopped as well if there isn't any gss/krb5 export anymore? Anyway, in the case of gss/krb5 I think a dialog may be due that tells the user to ensure starting rpc.gssd on the client, do you concur? The port options will come later as well ;-). Something else: s-c-nfs is only handling the server side of the equation so
anything client related can't be much more than info dialogs (a'la "ensure that
this and that is the case on the client"). Debugging is a bit "out of scope" for
the tool, but you could put a "debug_nfs" script into nfs-utils which could look
like this (rough, untested, to be filled with meat at some places ;-):
--- 8< ---
#!/bin/bash
usage () {
cat << EOF >&2
Usage: debug_nfs [on|off]
Turns debugging settings for NFS server and client programs on or off.
EOF
exit 42
}
if [ $# -ne 1 ]; then
usage
fi
SERVICES="nfs nfslock rpcgssd svcrpcgssd"
case "$1" in
on)
echo 65535 > /proc/sys/sunrpc/rpc_debug
echo 65535 > /proc/sys/sunrpc/nfsd_debug
echo 65535 > /proc/sys/sunrpc/nfs_debug
echo 65535 > /proc/sys/sunrpc/nlm_debug
[... set your env vars ... ]
for service in $SERVICES; do
/sbin/service "$service" condrestart
done
;;
off)
echo 0 > /proc/sys/sunrpc/rpc_debug
echo 0 > /proc/sys/sunrpc/nfsd_debug
echo 0 > /proc/sys/sunrpc/nfs_debug
echo 0 > /proc/sys/sunrpc/nlm_debug
[... unset your env vars ...]
for service in $SERVICES; do
/sbin/service "$service" condrestart
done
;;
*)
usage
esac
--- >8 ---
Of course this would leave a bit to be desired w.r.t. granularity of the debug
settings on the kernel side how it is (feel free to extend).
Steve, please try out system-config-nfs-1.3.1-1. It should make nohide, mp, fsid configurable. On a fairly old fc3 machine, I got the following:
(system-config-nfs.py:4089): libglade-WARNING **: could not find glade file
'/usr/share/system-config-nfs/system-config-nfs.glade'
Traceback (most recent call last):
File "/usr/share/system-config-nfs/system-config-nfs.py", line 41, in ?
mainWindow.mainWindow()
File "/usr/share/system-config-nfs/mainWindow.py", line 62, in __init__
self.xml = gtk.glade.XML
("/usr/share/system-config-nfs/system-config-nfs.glade", domain=domain)
RuntimeError: could not create GladeXML object
Do I need to up date something?
Created attachment 112149 [details]
strace of system-config-nfs-1.3.2-1
With system-config-nfs-1.3.3-1 I start with the following exportfs file: / *(ro,sync,fsid=0) /home *(rw,sync,fsid=1,nohide) /server (rw,sync,nohide,fsid=2) When I bring up s-c-nfs, I only see /home, not / or /server. The reason I'm not seeing /server is because there is no clients specified (i.e. no *) . I have not figured out why I can't see / Starting with an exports file like:
/ *(ro,sync,fsid=0)
/home *(rw,sync,fsid=1,nohide)
/home gss/krb5(rw,sync,nohide,fsid=1)
/server *(rw,sync,nohide,fsid=4,no_subtree_check,mp)
I starts s-c-nfs and chose /home, click on Properites, then OK (i.e. do nothing)
then I chose /home gss/krb5, click on Properties, then OK (again
doing nothing) I get the following exports file:
/ *(ro,sync,fsid=0)
/home gss/krb5(rw,sync,nohide,fsid=1)
/server *(rw,sync,nohide,fsid=4,no_subtree_check,mp)
which is missing the
/home *(rw,sync,fsid=1,nohide)
entry.
re comment #6: I've figured out / not being displayed, but is the /server line valid (i.e. without client)? What does it mean then? Would it be possible to display it in way that shows there is an syntax error? It probably does not have to figure out the error (which would be nice if it could), but it might be better to show it as an error verse not show it at all... You mean like in system-config-nfs-1.3.4-1 ;-)? The meat was already there, I needed only to implement the dialog. With system-config-nfs-1.3.12 the user can set specific ports to be used (if needed). Please test. From User-Agent: XML-RPC system-config-nfs-1.3.16-0.fc4.2 has been pushed for FC4, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report. *** Bug 141604 has been marked as a duplicate of this bug. *** Closing, update solved the issue. Hmm, this isn't completely done yet -- my bad, I shouldn't have let the update system make comment #12. This one is still open: """ - Turn on Secure NFS mounts - On the server this means added the string "gss/krb5" as one of the client name to the export in /etc/exports. On both the server and client the SECURE_NFS has to be set to "yes" in /etc/sysconfig/nfs. The default is no. Once SECURE_NFS is set to yes the following has to happen: On the client, rpc.gssd has to be started (ie. service rpc.gssd start) On the server rpc.svcgssd has to be started (i.e. service nfs restart) and there has to be Kerberos keytab entry define in /etc/krb5.keytab which identifies the server to the Kerberos server. Meaning klist -k should spit out something like: Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 6 nfs/pro1.lab.boston.redhat.com If this is not set up correctly there should be some type of warning displayed. """ |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020 Description of problem: The current version of system-config-nfs knows how to do the following: - The setting of static ports for (used with firewalls) LOCKD_TCPPORT - the TCP port lockd should listen on. LOCKD_UDPPORT - the UPD port rpc.lockd should listen on. MOUNTD_PORT - the network port rpc.mountd should listen on. STATD_PORT- the network port rpc.statd should listen on. Note: all this environment variables should be set in /etc/sysconfig/nfs and the default is not set. - Set the following export flags: nohide mountpoint (or mp) fsid And when these are set, the gui runs, these new flags are removed from the file. - Turn on Secure NFS mounts - On the server this means added the string "gss/krb5" as one of the client name to the export in /etc/exports. On both the server and client the SECURE_NFS has to be set to "yes" in /etc/sysconfig/nfs. The default is no. Once SECURE_NFS is set to yes the following has to happen: On the client, rpc.gssd has to be started (ie. service rpc.gssd start) On the server rpc.svcgssd has to be started (i.e. service nfs restart) and there has to be Kerberos keytab entry define in /etc/krb5.keytab which identifies the server to the Kerberos server. Meaning klist -k should spit out something like: Keytab name: FILE:/etc/krb5.keytab KVNO Principal ---- -------------------------------------------------------------------------- 6 nfs/pro1.lab.boston.redhat.com If this is not set up correctly there should be some type of warning displayed. - Turning on and off debugging. This might be a bit too much for this app, but it would be very nice to be able to turn on and off both kernel and user level debugging statements (that end up in syslog). For kernel debugging this would be echo-ing or-ed integer values into : /proc/sys/sunrpc/rpc_debug /proc/sys/sunrpc/nfsd_debug /proc/sys/sunrpc/nfs_debug /proc/sys/sunrpc/nlm_debug For user level debugging this would mean Setting env variables for the following init scripts: /etc/init.d/nfs /etc/init.d/nfslock /etc/init.d/rpcgssd /etc/init.d/svcrpcgssd Note: these debugging variables currently don't exist, but they could be added pretty easily. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.Try to use system-config-nfs to edit /etc/exports or /etc/sysconfig/nfs 2. 3. Additional info: