FedFsNfsReferrals

From Linux NFS

(Difference between revisions)
Jump to: navigation, search
m (New-style referral support)
(Request key DNS resolution: add convenience link to kernel docs)
 
(27 intermediate revisions not shown)
Line 13: Line 13:
== Introduction ==
== Introduction ==
-
FedFS relies on existing support for ''referrals'' in standard network file system clients like the NFS or CIFS client built into Linux.
+
FedFS relies on existing support for [[FedFsGlossary#Referral|referrals]] in standard network file system clients like the NFS or CIFS client built into Linux.  A referral is a file server response that tells a file-access client to look elsewhere for the shared file system it wants.
-
A referral is a file server response that tells a client to look elsewhere for the shared file system it wantsDuring a referral event, the file server provides a list of locations a client can try.  Each location consists of an export path paired with a server hostname or IP addressA client can use any one of these pairs to mount the file system.
+
When client NFSv4 support is enabled, NFSv4 referral support is enabled by default in all recent Linux kernel versionsWhen a referral is encountered, the Linux NFS client automatically retrieves a list of [[FedFsGlossary#Location|locations]] from the file server.  The client attempts to mount each location in the list until one succeeds.
-
NFSv4 referral support is enabled by default (when client NFSv4 support is enabled) in all recent Linux kernel versionsWhen a referral is encountered, the Linux NFS client automatically retrieves a location list from the file server and attempts to mount each location in the list until one succeeds.
+
When a file server returns a location containing a DNS hostname, the client must resolve that to an IP address before it can contact the referred-to server.  Early NFSv4 referral support had no ability to resolve a hostname contained in a locationMore recently, DNS resolution capability was added to the Linux NFS client.
-
Note that when a file server returns a location containing a DNS hostname, the client must resolve that to an IP address before it can mount a new server.
+
I've found that recent Fedora distributions (Fedora 16 and later) use new-style DNS resolution, and no further set-up is required.  However, earlier distributions (even EL6-based ones) do need some attention in this area.  The following steps may be required.
-
=== Legacy referral support ===
+
== Request key DNS resolution ==
-
With kernels before 2.6.36, an upcall is needed to perform DNS resolution.  The kernel executes the script /sbin/nfs_cache_getent to resolve a hostname.
+
The request key DNS resolver is a generic upcall and cache mechanism that is shared by the Linux CIFS, NFS, and AFS client implementations.  To perform a DNS resolution, the kernel runs the /sbin/request-key program, which sorts out upcall request based on a key and the contents of /etc/request-key.conf.  For further details, see the [https://www.kernel.org/doc/Documentation/networking/dns_resolver.txt Documentation/networking/dns_resolver.txt] file in the Linux kernel source.
-
If your Linux distributor doesn't provide this script, you can find it in the Linux kernel source in either Documentation/filesystems/nfs.txt or Documentation/filesystems/nfs/nfs.txtSimply copy the script into /sbin/nfs_cache_getent and make the script executableAfter the client is rebooted (or the NFS module is reloaded), NFSv4 referral locations containing hostnames should be handled correctly.
+
With kernel 2.6.36 and following, the kernel NFS client can use this mechanism to perform DNS resolution. Your distributor must provide the user space infrastructure to support request key DNS resolutionIf the file /etc/request-key.conf does not contain a line that says "dns_resolver" somewhere in it, do not attempt to use this mechanismFor example, Fedora 15 does not provide the proper user space components, but Fedora 16 does.
-
=== New-style referral support ===
+
==== Enabling request key DNS resolution ====
-
With kernel 2.6.36 and following, the kernel NFS client can continue to use the upcall mechanism described above if the CONFIG_NFS_USE_LEGACY_DNS build option is set to YHowever, an in-kernel DNS resolver is used if this build option is set to N.
+
To enable the NFS client in a custom-built kernel later than 2.6.36, set CONFIG_NFS_USE_LEGACY_DNS to "n" and CONFIG_DNS_RESOLVER to "m" or "y"Be sure your Linux distributor provides the necessary user space executables to handle request key upcalls for the dns_resolve key.
-
Typically your Linux distributor provides the build option settings used to compile their kernel in /boot/config-''foo'' (where ''foo'' is the kernel version)You can look in this file to see how the CONFIG_NFS_USE_LEGACY_DNS build option is set in your distribution.
+
== Legacy kernel DNS resolution ==
 +
 
 +
The legacy DNS resolution mechanism is a kernel upcall that is specific to the NFS client.  The kernel executes the script /sbin/nfs_cache_getent to resolve a hostname, and it writes the result back to /var/lib/nfs/rpc_pipefs/cache/dns_resolve/channel.  The kernel caches the result.
 +
 
 +
==== Enabling legacy DNS resolution ====
 +
 
 +
With kernels before 2.6.36, this mechanism is always enabled.  With 2.6.36 and later, a Kconfig option, CONFIG_NFS_USE_LEGACY_DNS, is available to switch between the legacy DNS resolver and the request_key DNS resolver.  To use the legacy resolver, set this option to "y".  To use the request key resolver, see the previous section of this article.
 +
 
 +
If your Linux distributor doesn't provide the /sbin/nfs_cache_getent script, you can set up the script yourself.  Find it in the Linux kernel source contained in either Documentation/filesystems/nfs.txt or Documentation/filesystems/nfs/nfs.txt.  Simply copy the file into /sbin/nfs_cache_getent, edit it to remove the instructions, and make the file executable.
 +
 
 +
'''Note:''' A change made in 2.6.37 causes the legacy DNS resolver to failApply commit 8d96b10639fb402357b75b055b1e82a65ff95050 "NFS: fix bug in legacy DNS resolver."  Backports to stable kernels are available.
 +
 
 +
== Which resolver should I use? ==
 +
 
 +
Fedora 16 and later enable the request key resolver, and provide proper user space support for it.  Nothing more is required.
 +
 
 +
Otherwise, try one of these options:
 +
 
 +
* Fedora 15 kernels are configured to use the request key resolver, but Fedora 15 does not provide the request key user space components needed to perform DNS resolution.  Rebuild the kernel with CONFIG_NFS_USE_LEGACY_DNS=y and install /sbin/nfs_cache_getent.
 +
* RHEL 6 and Oracle Linux 6 have the legacy DNS resolver enabled, but do not provide /sbin/nfs_cache_getent, and require the patch mentioned above.  An update with this fix will be available soon.
 +
* Oracle UEK release 1 kernels use the legacy DNS resolver.  Simply install the /sbin/nfs_cache_getent script.
 +
* Oracle UEK release 2 kernels have the legacy DNS resolver enabled, but require the patch mentioned above.  An update with this fix will be available soon.

Latest revision as of 15:44, 9 September 2015

Contents

Project: fedfs-utils

[ Project Home | News | Downloads | Docs | Mailing Lists | Source Control | Issues ]


Introduction

FedFS relies on existing support for referrals in standard network file system clients like the NFS or CIFS client built into Linux. A referral is a file server response that tells a file-access client to look elsewhere for the shared file system it wants.

When client NFSv4 support is enabled, NFSv4 referral support is enabled by default in all recent Linux kernel versions. When a referral is encountered, the Linux NFS client automatically retrieves a list of locations from the file server. The client attempts to mount each location in the list until one succeeds.

When a file server returns a location containing a DNS hostname, the client must resolve that to an IP address before it can contact the referred-to server. Early NFSv4 referral support had no ability to resolve a hostname contained in a location. More recently, DNS resolution capability was added to the Linux NFS client.

I've found that recent Fedora distributions (Fedora 16 and later) use new-style DNS resolution, and no further set-up is required. However, earlier distributions (even EL6-based ones) do need some attention in this area. The following steps may be required.

Request key DNS resolution

The request key DNS resolver is a generic upcall and cache mechanism that is shared by the Linux CIFS, NFS, and AFS client implementations. To perform a DNS resolution, the kernel runs the /sbin/request-key program, which sorts out upcall request based on a key and the contents of /etc/request-key.conf. For further details, see the Documentation/networking/dns_resolver.txt file in the Linux kernel source.

With kernel 2.6.36 and following, the kernel NFS client can use this mechanism to perform DNS resolution. Your distributor must provide the user space infrastructure to support request key DNS resolution. If the file /etc/request-key.conf does not contain a line that says "dns_resolver" somewhere in it, do not attempt to use this mechanism. For example, Fedora 15 does not provide the proper user space components, but Fedora 16 does.

Enabling request key DNS resolution

To enable the NFS client in a custom-built kernel later than 2.6.36, set CONFIG_NFS_USE_LEGACY_DNS to "n" and CONFIG_DNS_RESOLVER to "m" or "y". Be sure your Linux distributor provides the necessary user space executables to handle request key upcalls for the dns_resolve key.

Legacy kernel DNS resolution

The legacy DNS resolution mechanism is a kernel upcall that is specific to the NFS client. The kernel executes the script /sbin/nfs_cache_getent to resolve a hostname, and it writes the result back to /var/lib/nfs/rpc_pipefs/cache/dns_resolve/channel. The kernel caches the result.

Enabling legacy DNS resolution

With kernels before 2.6.36, this mechanism is always enabled. With 2.6.36 and later, a Kconfig option, CONFIG_NFS_USE_LEGACY_DNS, is available to switch between the legacy DNS resolver and the request_key DNS resolver. To use the legacy resolver, set this option to "y". To use the request key resolver, see the previous section of this article.

If your Linux distributor doesn't provide the /sbin/nfs_cache_getent script, you can set up the script yourself. Find it in the Linux kernel source contained in either Documentation/filesystems/nfs.txt or Documentation/filesystems/nfs/nfs.txt. Simply copy the file into /sbin/nfs_cache_getent, edit it to remove the instructions, and make the file executable.

Note: A change made in 2.6.37 causes the legacy DNS resolver to fail. Apply commit 8d96b10639fb402357b75b055b1e82a65ff95050 "NFS: fix bug in legacy DNS resolver." Backports to stable kernels are available.

Which resolver should I use?

Fedora 16 and later enable the request key resolver, and provide proper user space support for it. Nothing more is required.

Otherwise, try one of these options:

  • Fedora 15 kernels are configured to use the request key resolver, but Fedora 15 does not provide the request key user space components needed to perform DNS resolution. Rebuild the kernel with CONFIG_NFS_USE_LEGACY_DNS=y and install /sbin/nfs_cache_getent.
  • RHEL 6 and Oracle Linux 6 have the legacy DNS resolver enabled, but do not provide /sbin/nfs_cache_getent, and require the patch mentioned above. An update with this fix will be available soon.
  • Oracle UEK release 1 kernels use the legacy DNS resolver. Simply install the /sbin/nfs_cache_getent script.
  • Oracle UEK release 2 kernels have the legacy DNS resolver enabled, but require the patch mentioned above. An update with this fix will be available soon.
Personal tools