Bug 1076255 - Unable to set fs.nfs.nfs_callback_tcpport via sysctl at startup using systemd-sysctl.service
Summary: Unable to set fs.nfs.nfs_callback_tcpport via sysctl at startup using systemd...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: nfs-utils
Version: 20
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Kernel Maintainer List
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-13 22:53 UTC by Raman Gupta
Modified: 2016-06-22 10:07 UTC (History)
17 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-03-26 01:15:22 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Raman Gupta 2014-03-13 22:53:02 UTC
Description of problem:

The NFS client delegation port is set to a random value by default. If an NFS client is running a firewall, the server will attempt (repeatedly, as per bug #1073196) to connect to that delegation port on the client and fail.

The solution to this is to set the port to a fixed value via sysctl i.e.:

fs.nfs.nfs_callback_tcpport = xxxx

However, doing this via a file in /etc/sysctl.d/ which is read by systemd systemd-sysctl.service at startup does not work correctly, since this value appears to be undefined by the kernel when systemd-sysctl.service is executed. The value only appears in /proc/sys once an NFS fs has been mounted.

Systemd does not report any errors at startup time (which is in itself an annoying problem as the sysop has no indication of why the value was not set properly), but when running:

SYSTEMD_LOG_LEVEL=debug /usr/lib/systemd/systemd-sysctl

the output states that fs.nfs.nfs_callback_tcpport does not exist.


Version-Release number of selected component (if applicable):

# rpm -q systemd
systemd-208-15.fc20.x86_64

# uname -a
Linux edison 3.13.6-200.fc20.x86_64 #1 SMP Fri Mar 7 17:02:28 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux


How reproducible:

100% of the time. Simply reboot.


Steps to Reproduce:
1. Define /etc/sysctl.d/nfs.conf containing a fixed port e.g.:

fs.nfs.nfs_callback_tcpport = 4005

2. Reboot

3. Mount an NFS fs


Actual results:

The callback port is "0", i.e. random.


Expected results:

The callback port should be configurable.


Additional info:

Comment 1 Raman Gupta 2014-03-18 15:41:57 UTC
Forcing NFS to version 4.1 works around the problem, as in NFS 4.1 the client creates the callback channel, and so the callback port is no longer necessary.

Mount options:

-tnfs4 -ominorversion=1

But I'm not sure why 4.1 needs to be forced anyway, it seems like it should be enabled by default:

# cat /proc/fs/nfsd/versions 
-2 +3 +4 +4.1 -4.2

Comment 2 Lennart Poettering 2014-03-19 01:23:27 UTC
The systemd sysctl variable logic doesn't work for "dynamic" sysctls that come and go, and I am pretty sure we shouldn't have anything like that ever. 

The NFS folks really need to deal with this one. or stop doing magic sysctls that come and go.

Comment 3 Raman Gupta 2014-03-19 06:47:23 UTC
Thanks Lennart. That makes sense.

For the NFS folks: this is even worse than Lennart describes -- this sysctl only shows up *after* a mount command is executed. So one has to mount before one can change the callback port sysctl. That's really dumb.

Comment 4 Jeff Layton 2014-03-19 10:35:50 UTC
That's not exactly true. It shows up when nfsv4.ko is plugged in, it's just that the mount in your case is triggering that module load as well.

The best way to configure this is to use the nfs.ko module parm:

    parm:           callback_tcpport:portnr

So dropping a file that has contents like this in /etc/modprobe.d ought to do it:

    options nfs callback_tcpport=4005

...but I haven't the time to test it at the moment.

Comment 5 Raman Gupta 2014-03-26 01:15:22 UTC
(In reply to Jeff Layton from comment #4)
> That's not exactly true. It shows up when nfsv4.ko is plugged in, it's just
> that the mount in your case is triggering that module load as well.
> 
> The best way to configure this is to use the nfs.ko module parm:
> 
>     parm:           callback_tcpport:portnr

Jeff, thanks, that explains the proper way to set the callback port. I'll close this as WONTFIX, given Lennart's comments and that explanation.


Note You need to log in before you can comment on or make changes to this bug.