From owner-freebsd-stable@FreeBSD.ORG Sat Mar 20 00:18:23 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 418C81065670 for ; Sat, 20 Mar 2010 00:18:23 +0000 (UTC) (envelope-from jdc@koitsu.dyndns.org) Received: from qmta14.westchester.pa.mail.comcast.net (qmta14.westchester.pa.mail.comcast.net [76.96.59.212]) by mx1.freebsd.org (Postfix) with ESMTP id E2ECE8FC0C for ; Sat, 20 Mar 2010 00:18:22 +0000 (UTC) Received: from omta09.westchester.pa.mail.comcast.net ([76.96.62.20]) by qmta14.westchester.pa.mail.comcast.net with comcast id uz7u1d0020SCNGk5ECJPNx; Sat, 20 Mar 2010 00:18:23 +0000 Received: from koitsu.dyndns.org ([98.248.46.159]) by omta09.westchester.pa.mail.comcast.net with comcast id vCJM1d00K3S48mS3VCJNR4; Sat, 20 Mar 2010 00:18:22 +0000 Received: by icarus.home.lan (Postfix, from userid 1000) id 984D39B436; Fri, 19 Mar 2010 17:18:20 -0700 (PDT) Date: Fri, 19 Mar 2010 17:18:20 -0700 From: Jeremy Chadwick To: freebsd-stable@freebsd.org Message-ID: <20100320001820.GA92920@icarus.home.lan> References: <4BA08FA8.5000902@omnilan.de> <585602e11003170127t669ebe04k752bc4383f3fde22@mail.gmail.com> <4BA3FF91.7090903@digiware.nl> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.20 (2009-06-14) Subject: Re: Does zfs have it's own nfs server? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 20 Mar 2010 00:18:23 -0000 On Fri, Mar 19, 2010 at 07:50:24PM -0400, Charles Sprickman wrote: > On Fri, 19 Mar 2010, Willem Jan Withagen wrote: > > >On 17-3-2010 9:27, Matthias Gamsjager wrote: > >>sharenfs does work in freebsd but iscsi does not. I'm not sure about smb. > >> > >>about nfs: you should take a look at /etc/zfs/exports > >> > >> > >> > >>On Wed, Mar 17, 2010 at 9:15 AM, Harald Schmalzbauer > >> wrote: > >>>Hello, > >>> > >>>I observed some very strange filesystem security problems. > >>>Now I found that if I set sharenfs=yes data/pub I can mount_nfs but it > >>>does't respect any settings in /etc/exports. Also I get very strange uid > >>>numbers when writing. > >>>If I turn sharenfs off, limitations in /etc/exports work as expected. > >>>I thought sharenfs and sharesmb are only working on > >>>OpenSolaris. What about > >>>shareiscsi? > > > >I do not use /etc/exports for zfs shares.... > >But instead of yes as value, you can use the NFS-options as string > >and that gets it into /etc/zfs/exports. > > Just wondering, is this using the base nfsd/mountd, or is there some > in-kernel nfs code strictly for zfs? I haven't found much info on > the share* options in the manpage or wiki. ZFS on FreeBSD's "sharenfs" option does nothing more than manage data in a flat file (/etc/zfs/exports) and automatically send a SIGHUP to mountd's pid (based on reading the contents of the file _PATH_MOUNTDPID). If you grep through /usr/src/cddl you can see what I'm referring to. "So how does mountd know about /etc/zfs/exports?" $ ps -auxw | grep mount root 861 0.0 0.0 6836 1716 ?? Is 10Mar10 0:00.00 /usr/sbin/mountd -r -l /etc/exports /etc/zfs/exports This is defined/referenced in /etc/rc.d/mountd. All that said: I avoid use of the "sharenfs" option in ZFS on RELENG_7 and RELENG_8, as I found certain quirks/behavioural oddities (such as mountd not picking up changes, or claims of not exporting something which visually confirmed should have been exported -- and in one case, mounting of a ZFS-exported NFS filesystem worked but then any I/O would block on the client indefinitely. Don't ask me how/why that happened). Possibly these were bugs that existed during ZFS's transitional phase between 7.x and 8.x, but the unreliable nature of the situation left a bad taste in my mouth. The workaround: Using /etc/exports to reference the local ZFS filesystems I want exported, HUP mountd, done. Above oddities/quirks no longer happened. And there's an added bonus: all your exports are therefore kept in one single place: a text file that's existed since what, 1989 or so? Of course, the advantage is that with ZFS properties you can inherit options -- that might be useful to some, but not to me. There's also known quirks/issues with the parsing logic with "sharenfs". This was discussed in December 2009. > Could you give an example of passing options that would say, limit > to a subnet and map root to root using the zfs sharenfs command? zfs create pool/fs zfs set sharenfs="-maproot=blah -network x.x.x.x -mask y.y.y.y" pool/fs Right now I'm more or less "avoiding" NFS as much as possible, as the number of severe/major bug reports on RELENG_8 keep coming in, and that scares me greatly. -- | Jeremy Chadwick jdc@parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. PGP: 4BD6C0CB |