Print this page
Clean up merge problems with illumos#11083 (nfs-zone)
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/fs.d/nfs/svc/nfs-server
+++ new/usr/src/cmd/fs.d/nfs/svc/nfs-server
1 1 #!/sbin/sh
2 2 #
3 3 # CDDL HEADER START
4 4 #
5 5 # The contents of this file are subject to the terms of the
6 6 # Common Development and Distribution License (the "License").
7 7 # You may not use this file except in compliance with the License.
8 8 #
9 9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10 10 # or http://www.opensolaris.org/os/licensing.
11 11 # See the License for the specific language governing permissions
12 12 # and limitations under the License.
13 13 #
14 14 # When distributing Covered Code, include this CDDL HEADER in each
15 15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16 16 # If applicable, add the following below this CDDL HEADER, with the
17 17 # fields enclosed by brackets "[]" replaced with your own identifying
18 18 # information: Portions Copyright [yyyy] [name of copyright owner]
19 19 #
20 20 # CDDL HEADER END
21 21 #
22 22
23 23 #
24 24 # Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
25 25 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
26 26 # Copyright 2018 Nexenta Systems, Inc. All rights reserved.
27 27 #
28 28
29 29 # Start/stop processes required for server NFS
30 30
31 31 . /lib/svc/share/smf_include.sh
32 32 . /lib/svc/share/ipf_include.sh
33 33 zone=`smf_zonename`
34 34
35 35 #
36 36 # Handling a corner case here. If we were in offline state due to an
37 37 # unsatisfied dependency, the ipf_method process wouldn't have generated
38 38 # the ipfilter configuration. When we transition to online because the
39 39 # dependency is satisfied, the start method will have to generate the
40 40 # ipfilter configuration. To avoid all possible deadlock scenarios,
41 41 # we restart ipfilter which will regenerate the ipfilter configuration
42 42 # for the entire system.
43 43 #
44 44 # The ipf_method process signals that it didn't generate ipf rules by
45 45 # removing the service's ipf file. Thus we only restart network/ipfilter
|
↓ open down ↓ |
45 lines elided |
↑ open up ↑ |
46 46 # when the file is missing.
47 47 #
48 48 configure_ipfilter()
49 49 {
50 50 ipfile=`fmri_to_file $SMF_FMRI $IPF_SUFFIX`
51 51 ip6file=`fmri_to_file $SMF_FMRI $IPF6_SUFFIX`
52 52 [ -f "$ipfile" -a -f "$ip6file" ] && return 0
53 53
54 54 #
55 55 # Nothing to do if:
56 + # - service's policy is 'use_global'
56 57 # - ipfilter isn't online
57 58 # - global policy is 'custom'
58 59 #
59 60 [ "`get_policy $SMF_FMRI`" = "use_global" ] && return 0
60 61 service_check_state $IPF_FMRI $SMF_ONLINE || return 0
61 62 [ "`get_global_def_policy`" = "custom" ] && return 0
62 63
63 64 svcadm restart $IPF_FMRI
64 65 }
65 66
66 67 case "$1" in
67 68 'start')
68 69 # Share all file systems enabled for sharing. sharemgr understands
69 70 # regular shares and ZFS shares and will handle both. Technically,
70 71 # the shares would have been started long before getting here since
71 72 # nfsd has a dependency on them.
72 73
73 74 # restart stopped shares from the repository
74 75 /usr/sbin/sharemgr start -P nfs -a
75 76
76 77 # Options for nfsd are now set in SMF
77 78
78 79 /usr/lib/nfs/mountd
79 80 rc=$?
80 81 if [ $rc != 0 ]; then
81 82 /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server
82 83 echo "$0: mountd failed with $rc"
83 84 sleep 5 &
84 85 exit $SMF_EXIT_ERR_FATAL
85 86 fi
86 87
87 88 /usr/lib/nfs/nfsd
88 89 rc=$?
89 90 if [ $rc != 0 ]; then
90 91 /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server
91 92 echo "$0: nfsd failed with $rc"
92 93 sleep 5 &
93 94 exit $SMF_EXIT_ERR_FATAL
94 95 fi
95 96
96 97 configure_ipfilter
97 98 ;;
98 99
99 100 'refresh')
100 101 /usr/sbin/sharemgr start -P nfs -a
101 102 ;;
102 103
103 104 'stop')
104 105 /usr/bin/pkill -x -u 0,1 -z $zone '(nfsd|mountd)'
105 106
106 107 # Unshare all shared file systems using NFS
107 108
108 109 /usr/sbin/sharemgr stop -P nfs -a
109 110
110 111 # Kill any processes left in service contract
111 112 smf_kill_contract $2 TERM 1
112 113 [ $? -ne 0 ] && exit 1
113 114 ;;
114 115
115 116 'ipfilter')
116 117 #
117 118 # NFS related services are RPC. nfs/server has nfsd which has
118 119 # well-defined port number but mountd is an RPC daemon.
119 120 #
120 121 # Essentially, we generate rules for the following "services"
121 122 # - nfs/server which has nfsd and mountd
122 123 # - nfs/rquota
123 124 #
124 125 # The following services are enabled for both nfs client and
125 126 # server, if nfs/client is enabled we'll treat them as client
126 127 # services and simply allow incoming traffic.
127 128 # - nfs/status
128 129 # - nfs/nlockmgr
129 130 # - nfs/cbd
130 131 #
131 132 NFS_FMRI="svc:/network/nfs/server:default"
132 133 NFSCLI_FMRI="svc:/network/nfs/client:default"
133 134 RQUOTA_FMRI="svc:/network/nfs/rquota:default"
134 135 FMRI=$2
135 136
136 137 file=`fmri_to_file $FMRI $IPF_SUFFIX`
137 138 file6=`fmri_to_file $FMRI $IPF6_SUFFIX`
138 139 echo "# $FMRI" >$file
139 140 echo "# $FMRI" >$file6
140 141 policy=`get_policy $NFS_FMRI`
141 142
142 143 #
143 144 # nfs/server configuration is processed in the start method.
144 145 #
145 146 if [ "$FMRI" = "$NFS_FMRI" ]; then
146 147 service_check_state $FMRI $SMF_ONLINE
147 148 if [ $? -ne 0 ]; then
148 149 rm $file
149 150 exit $SMF_EXIT_OK
150 151 fi
151 152
152 153 nfs_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI 2>/dev/null`
153 154 tport=`$SERVINFO -p -t -s $nfs_name 2>/dev/null`
154 155 if [ -n "$tport" ]; then
155 156 generate_rules $FMRI $policy "tcp" $tport $file
156 157 fi
157 158
158 159 tport6=`$SERVINFO -p -t6 -s $nfs_name 2>/dev/null`
159 160 if [ -n "$tport6" ]; then
160 161 generate_rules $FMRI $policy "tcp" $tport6 $file6 _6
161 162 fi
162 163
163 164 uport=`$SERVINFO -p -u -s $nfs_name 2>/dev/null`
164 165 if [ -n "$uport" ]; then
165 166 generate_rules $FMRI $policy "udp" $uport $file
166 167 fi
167 168
168 169 uport6=`$SERVINFO -p -u6 -s $nfs_name 2>/dev/null`
169 170 if [ -n "$uport6" ]; then
170 171 generate_rules $FMRI $policy "udp" $uport6 $file6 _6
171 172 fi
172 173
173 174 # mountd IPv6 ports are also reachable through IPv4, so include
174 175 # them when generating IPv4 rules.
175 176 tports=`$SERVINFO -R -p -t -s "mountd" 2>/dev/null`
176 177 tports6=`$SERVINFO -R -p -t6 -s "mountd" 2>/dev/null`
177 178 if [ -n "$tports" -o -n "$tports6" ]; then
178 179 tports=`unique_ports $tports $tports6`
179 180 for tport in $tports; do
180 181 generate_rules $FMRI $policy "tcp" \
181 182 $tport $file
182 183 done
183 184 fi
184 185
185 186 if [ -n "$tports6" ]; then
186 187 for tport6 in $tports6; do
187 188 generate_rules $FMRI $policy "tcp" \
188 189 $tport6 $file6 _6
189 190 done
190 191 fi
191 192
192 193 uports=`$SERVINFO -R -p -u -s "mountd" 2>/dev/null`
193 194 uports6=`$SERVINFO -R -p -u6 -s "mountd" 2>/dev/null`
194 195 if [ -n "$uports" -o -n "$uports6" ]; then
195 196 uports=`unique_ports $uports $uports6`
196 197 for uport in $uports; do
197 198 generate_rules $FMRI $policy "udp" \
198 199 $uport $file
199 200 done
200 201 fi
201 202
202 203 if [ -n "$uports6" ]; then
203 204 for uport6 in $uports6; do
204 205 generate_rules $FMRI $policy "udp" \
205 206 $uport6 $file6 _6
206 207 done
207 208 fi
208 209
209 210 elif [ "$FMRI" = "$RQUOTA_FMRI" ]; then
210 211 iana_name=`svcprop -p inetd/name $FMRI`
211 212
212 213 # rquota IPv6 ports are also reachable through IPv4, so include
213 214 # them when generating IPv4 rules.
214 215 tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
215 216 tports6=`$SERVINFO -R -p -t6 -s $iana_name 2>/dev/null`
216 217 if [ -n "$tports" -o -n "$tports6" ]; then
217 218 tports=`unique_ports $tports $tports6`
218 219 for tport in $tports; do
219 220 generate_rules $NFS_FMRI $policy "tcp" \
220 221 $tport $file
221 222 done
222 223 fi
223 224
224 225 if [ -n "$tports6" ]; then
225 226 for tport6 in $tports6; do
226 227 generate_rules $NFS_FMRI $policy "tcp" \
227 228 $tport6 $file6 _6
228 229 done
229 230 fi
230 231
231 232 uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
232 233 uports6=`$SERVINFO -R -p -u6 -s $iana_name 2>/dev/null`
233 234 if [ -n "$uports" -o -n "$uports6" ]; then
234 235 uports=`unique_ports $uports $uports6`
235 236 for uport in $uports; do
236 237 generate_rules $NFS_FMRI $policy "udp" \
237 238 $uport $file
238 239 done
239 240 fi
240 241
241 242 if [ -n "$uports6" ]; then
242 243 for uport6 in $uports6; do
243 244 generate_rules $NFS_FMRI $policy "udp" \
244 245 $uport6 $file6 _6
245 246 done
246 247 fi
247 248 else
248 249 #
249 250 # Handle the client services here
250 251 #
251 252 if service_check_state $NFSCLI_FMRI $SMF_ONLINE; then
252 253 policy=none
253 254 ip=any
254 255 fi
255 256
256 257 restarter=`svcprop -p general/restarter $FMRI 2>/dev/null`
257 258 if [ "$restarter" = "$INETDFMRI" ]; then
258 259 iana_name=`svcprop -p inetd/name $FMRI`
259 260 isrpc=`svcprop -p inetd/isrpc $FMRI`
260 261 else
261 262 iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
262 263 isrpc=`svcprop -p $FW_CONTEXT_PG/isrpc $FMRI`
263 264 fi
264 265
265 266 if [ "$isrpc" = "true" ]; then
266 267 tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
267 268 tports6=`$SERVINFO -R -p -t6 -s $iana_name 2>/dev/null`
268 269 uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
269 270 uports6=`$SERVINFO -R -p -u6 -s $iana_name 2>/dev/null`
270 271 else
271 272 tports=`$SERVINFO -p -t -s $iana_name 2>/dev/null`
272 273 tports6=`$SERVINFO -p -t6 -s $iana_name 2>/dev/null`
273 274 uports=`$SERVINFO -p -u -s $iana_name 2>/dev/null`
274 275 uports6=`$SERVINFO -p -u6 -s $iana_name 2>/dev/null`
275 276 fi
276 277
277 278 # IPv6 ports are also reachable through IPv4, so include
278 279 # them when generating IPv4 rules.
279 280 if [ -n "$tports" -o -n "$tports6" ]; then
280 281 tports=`unique_ports $tports $tports6`
281 282 for tport in $tports; do
282 283 generate_rules $FMRI $policy "tcp" $tport $file
283 284 done
284 285 fi
285 286
286 287 if [ -n "$tports6" ]; then
287 288 for tport6 in $tports6; do
288 289 generate_rules $FMRI $policy "tcp" $tport6 $file6 _6
289 290 done
290 291 fi
291 292
292 293 if [ -n "$uports" -o -n "$uports6" ]; then
293 294 uports=`unique_ports $uports $uports6`
294 295 for uport in $uports; do
295 296 generate_rules $FMRI $policy "udp" $uport $file
296 297 done
297 298 fi
298 299
299 300 if [ -n "$uports6" ]; then
300 301 for uport6 in $uports6; do
301 302 generate_rules $FMRI $policy "udp" $uport6 $file6 _6
302 303 done
303 304 fi
304 305 fi
305 306
306 307 ;;
307 308
308 309 *)
309 310 echo "Usage: $0 { start | stop | refresh }"
310 311 exit 1
311 312 ;;
312 313 esac
313 314 exit $SMF_EXIT_OK
|
↓ open down ↓ |
248 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX