From nobody Fri Mar 28 21:37:51 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZPYm05cYtz5rSbZ; Fri, 28 Mar 2025 21:37:52 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZPYm03GNGz44Xq; Fri, 28 Mar 2025 21:37:52 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743197872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pL19qFbhewTreXP7T+aDedESBv+o7uSNmCt4psxeP0Q=; b=qeg9lppOXphZ4NTbvzTgYpiDn7yRkoeZP1a/GYPwARMbb0UxhJK/bqYvK9bqC/KHOCeBw+ QI1m076ePTglmBaV5ZaaSBTLAn35wis5Jr0PPdkJGlUSQ/1c70DrDddkTVvyFp5v2XxJXK KRAwPeFyAITtG2r7GJ+MxHY9OpvNbVZcCT9wFW68K35XaDoKktV2cwsXcjWL4ZLm8LhrX8 iikTF/8MbXZkUi5fPLAVDUfVFcfuX7YJpvp3ow4D6WU4qCuBsaEVBOHF5RrWX0fezhgHrE frCZK899diuuxMIHrsbVgh5h3l5BnIoQyN8IxEpqHAkfNg6deifmYogekrItog== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1743197872; a=rsa-sha256; cv=none; b=RrqXVil8kcUjL8O33GdPyWifj1ttoqSVt/Aa0mKTmPyUyKTxFU3+dlvT7lZ7Au1Pvo2Caw 3czZWtFD5EtTMw4drmIIedha1I2mvaXlvMhWaE4BFtIViM91YLMOk03h6dnfAi0pt4aLNn N84Wn1PEza1mkTOR34yGTvtbZ57gTpUGR2hBkCUQYoQKS867cBdm63vLktuuo6qTr+PTMj aaB1QSzm0wQt6uyGriGM3sXRdGsbORVXyStdW/zO5DwmQgpgRddpeR1wtwqBCXpOViKhx4 drmykBYQATmhT92GATJELdXgqQOcC7ZoLFoaYGKTqrb4z7oqqKZ1vGUfUvReOQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1743197872; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=pL19qFbhewTreXP7T+aDedESBv+o7uSNmCt4psxeP0Q=; b=ddoEyz6b6B345Wz1wgkI/Xh+IaDWk1KEv2knsRYjPIglqrhrCggcVXXSxDbopJibkwPlBN lPdxThOf4Ta2cOjdiR+u9rx/sn72IzW9LbwnWyFe9/S6tNJxOx+UW/Fez+GiO9iFCmGSdO QjXoFMIc2Z5FsKC/XLIAy1UIHP8ZYMtFcbUL7qFyKtgEJtyOKQX0LbDPMjzSCiQ8TqTlgz UoUYAmnc8jZMkczGAUTR1DUtHcsJzQ9M/ht5rvhmfbW5oxFdN+ehLOi1cXR1VOsm2oyv04 zJoMYTOYm8P2c1vnbHPbVxflvx7tpdKwnNpvK9hRjaBGL4ZXL/DlKoxuIOjV1Q== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4ZPYlz6HjFz113l; Fri, 28 Mar 2025 21:37:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 52SLbpkb003567; Fri, 28 Mar 2025 21:37:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 52SLbpw4003563; Fri, 28 Mar 2025 21:37:51 GMT (envelope-from git) Date: Fri, 28 Mar 2025 21:37:51 GMT Message-Id: <202503282137.52SLbpw4003563@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Gleb Smirnoff Subject: git: 5fa093b6efcb - main - mount_nfs: make temporary DNS failure non-fatal with background mode List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: glebius X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 5fa093b6efcb7eb16a17d9830dbd4404bff5a565 Auto-Submitted: auto-generated The branch main has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=5fa093b6efcb7eb16a17d9830dbd4404bff5a565 commit 5fa093b6efcb7eb16a17d9830dbd4404bff5a565 Author: Gleb Smirnoff AuthorDate: 2025-03-28 21:31:54 +0000 Commit: Gleb Smirnoff CommitDate: 2025-03-28 21:36:40 +0000 mount_nfs: make temporary DNS failure non-fatal with background mode Typical problem with network mounts is remote equipment not being available when our host boots up after a power failure. Even if you properly configure boot order of all local services and wait for link coming up on your NIC, you still may boot faster than some intermediate switch on the network or the DNS server itself. Let's refer to this as a "server room boot race". For NFS mounts with hostname in hosts(5) the race is addressed by a retry loop on NFS mount timeout. However, a DNS resolution timeout is treated differently to NFS mount timeout. We fail on the former and keep retrying on the latter. With feedback received on current@, I see that the problem is so old, that people got used to it and see it as a desired behavior rather than a problem. And for those who is affected by the problem, they suggest hosts(5) as a solution. Note that using hosts(5) isn't scalable, and using bare IP addresses is neither scalable, nor compatible with Kerberized mounts. A trade-off solution would be to enable the retry cycle over DNS timeouts only when background mode is specified, which is a typical use in fstab(5) and very uncommon in a command line. That would address the server room boot race problem without breaking POLA for command line. Reviewed by: rmacklem Differential Revision: https://reviews.freebsd.org/D49145 --- sbin/mount_nfs/mount_nfs.c | 59 ++++++++++++++++++++++++++-------------------- 1 file changed, 34 insertions(+), 25 deletions(-) diff --git a/sbin/mount_nfs/mount_nfs.c b/sbin/mount_nfs/mount_nfs.c index 189bdd70b398..6ba51eeec588 100644 --- a/sbin/mount_nfs/mount_nfs.c +++ b/sbin/mount_nfs/mount_nfs.c @@ -587,6 +587,7 @@ getnfsargs(char **specp, char **hostpp, struct iovec **iov, int *iovlen) char *hostp, *delimp, *errstr, *spec; size_t len; static char nam[MNAMELEN + 1], pname[MAXHOSTNAMELEN + 5]; + bool resolved; spec = *specp; if (*spec == '[' && (delimp = strchr(spec + 1, ']')) != NULL && @@ -643,30 +644,7 @@ getnfsargs(char **specp, char **hostpp, struct iovec **iov, int *iovlen) else if (nfsproto == IPPROTO_UDP) hints.ai_socktype = SOCK_DGRAM; - if (getaddrinfo(hostp, portspec, &hints, &ai_nfs) != 0) { - hints.ai_flags = AI_CANONNAME; - if ((ecode = getaddrinfo(hostp, portspec, &hints, &ai_nfs)) - != 0) { - if (portspec == NULL) - errx(1, "%s: %s", hostp, gai_strerror(ecode)); - else - errx(1, "%s:%s: %s", hostp, portspec, - gai_strerror(ecode)); - return (0); - } - - /* - * For a Kerberized nfs mount where the "principal" - * argument has not been set, add it here. - */ - if (got_principal == 0 && secflavor != AUTH_SYS && - ai_nfs->ai_canonname != NULL) { - snprintf(pname, sizeof (pname), "nfs@%s", - ai_nfs->ai_canonname); - build_iovec(iov, iovlen, "principal", pname, - strlen(pname) + 1); - } - } + resolved = (getaddrinfo(hostp, portspec, &hints, &ai_nfs) == 0); if ((opflags & (BGRNDNOW | ISBGRND)) == BGRNDNOW) { warnx("Mount %s:%s, backgrounding", @@ -678,6 +656,37 @@ getnfsargs(char **specp, char **hostpp, struct iovec **iov, int *iovlen) ret = TRYRET_LOCALERR; for (;;) { + if (!resolved) { + hints.ai_flags = AI_CANONNAME; + if ((ecode = getaddrinfo(hostp, portspec, &hints, + &ai_nfs)) != 0) { + if (portspec == NULL) + warnx("%s: %s", hostp, + gai_strerror(ecode)); + else + warnx("%s:%s: %s", hostp, portspec, + gai_strerror(ecode)); + if (ecode == EAI_AGAIN && + (opflags & (BGRNDNOW | BGRND))) + goto retry; + else + exit(1); + } + resolved = true; + /* + * For a Kerberized nfs mount where the + * "principal" argument has not been set, add + * it here. + */ + if (got_principal == 0 && secflavor != AUTH_SYS && + ai_nfs->ai_canonname != NULL) { + snprintf(pname, sizeof (pname), "nfs@%s", + ai_nfs->ai_canonname); + build_iovec(iov, iovlen, "principal", pname, + strlen(pname) + 1); + } + } + /* * Try each entry returned by getaddrinfo(). Note the * occurrence of remote errors by setting `remoteerr'. @@ -705,7 +714,7 @@ getnfsargs(char **specp, char **hostpp, struct iovec **iov, int *iovlen) /* Exit if all errors were local. */ if (!remoteerr) exit(1); - +retry: /* * If retrycnt == 0, we are to keep retrying forever. * Otherwise decrement it, and exit if it hits zero.