• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

NFSv4 /etc/exports syntax and overall docs

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#1
Hi guys,

I've started playing/learning NFSv4 on a amd64 8.2-RELEASE box and I have to admit I didn't come across any docs that will explain the /etc/exports syntax from A to Z and all the options in it. I've read the man pages for exports, nfsv4, nfsd, checked on google but the syntax example I always come across is something like this:
Code:
/export    192.168.0.12(rw,fsid=0,no_subtree_check,async,no_root_squash)
/export/music 192.168.0.12(rw,no_subtree_check,async,no_root_squash)
but this fails with "bad export list".

Currently I have:
Code:
# V4 definitions
V4: /
/usr/ports   -network 192.168.0.0 -mask 255.255.0.0
and I was surprised to see that I cannot use "192.168.0.0/16" instead of "-network 192.168.0.0 -mask 255.255.0.0".

Docs anyone ?
 

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#3
phoenix said:
exports(5)FreeBSD NFS uses a different exports syntax from Linux NFS.
Ok, good to know; I was going slightly mad not finding anything else.

With that aside, I have to admit I don't see that much of a difference beetween V3 and V4 (as far as the export file goes).
 

phoenix

Administrator
Staff member
Administrator
Moderator

Thanks: 1,106
Best answers: 1
Messages: 3,924

#4
The major difference between NFSv3 and NFSv4 is how the mounting of shares works.

With NFSv3, the client needs to know the full path to the shared directory on the server. And the exports line includes the full path to the shared folder. So, if you have /home/coolstuff listed in the exports file, the client mounts it like so:
$ mount -t nfs myserver:/home/coolstuff

With NFSv4, the client mounts are relative to the shared directory. Thus, whatever is listed in the exports file is considered / (root) when the client mounts it. So, if you have /home/coolstuff in the exports file, then the client mounts it like so:
$ mount -t nfs myserver:/

To get the "old-style" client mount commands to work, you have to export / on the server.

If you don't want clients to have access to your whole filesystem, then you put the path into the exports file, and the clients mount /.

This makes some things easier (hiding the path to the files on the server) and other things harder (6 clients all use / in the mount command, but have access to 6 different directories on the server; which one is mounting which directory can't be determined on the client side of things).
 

Carpetsmoker

Daemon

Thanks: 180
Messages: 1,010

#5
While we're on the subject of NFSv4:
Is it stable in production use?

Last I checked, it wasn't. But that was a few years ago ...
 

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#6
We have it at work and it does it's job (so far) but it is still considered experimental :)
 

phoenix

Administrator
Staff member
Administrator
Moderator

Thanks: 1,106
Best answers: 1
Messages: 3,924

#7
The "experimental" NFS server and client are now the default in -CURRENT, as of this week. As far as they can tell, so far, it is a drop-in replacement for the old NFS server/client code. For those using NFSv3, there's no noticable changes. And for those wanting to use NFSv4, they can. :)

Using NFSv4 at home between my FreeBSD storage box and my Linux media player without issues. But, that's a read-mostly setup with only a single client. :)
 

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#8
I ran into some error at the exports file. Apparently:
Code:
# V4 definitions
V4: /   -network 192.168.0.0 -mask 255.255.0.0
/usr/src -alldirs -maproot=root
/usr/obj -alldirs -maproot=root
is wrong. Now, as far as I've read the man for exports, this should work but something is slipping me.

If I understood correctly, with v4 you set the "root" export (not exported by default) and then you can export any of its subtree directories but it doesn't work.

My logic seems to be wrong somewhere. Any help is appreciated.

PS: I also tried:
Code:
V4: /usr   -network 192.168.0.0 -mask 255.255.0.0
src -alldirs -maproot=root
obj -alldirs -maproot=root
but it didn't work.
 

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#12
That's the point, yeah.
So I imagine I need to set the "root" ( "/" ) and the the subtree ( "usr" and "obj" ).
 

phoenix

Administrator
Staff member
Administrator
Moderator

Thanks: 1,106
Best answers: 1
Messages: 3,924

#13
On the server, you only need the V4 line in the exports file, with all the security settings on there.

Then, on the client, mount /usr/src and /usr/obj via nfsv4.

Or, is that not working?

What's the mount command you are using on the clients? Any error messages on the server? Do you have all the NFSv4 daemons running?
 

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#14
Ah, my bad.

Server (192.168.0.1) rc.conf
Code:
nfs_client_enable="YES"                                          # Enable NFS client
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
#nfsuserd_flags=""                                               # Flags for nfsuserd
nfscbd_enable="YES"                                              # NFSv4 client side callback daemon
#nfscbd_flags=""                                                 # Flags for nfscbd

nfs_server_enable="YES"                                          # Enable the NFS Server
nfs_server_flags="-u -t -n 6"                                    # -u(dp), -t(cp), -n(umber of servers to create (6), use between 4 and 6)
nfsv4_server_enable="YES"                                        # Enable NFSv4 server
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
rpcbind_enable="YES"                                             # Run the portmapper service
mountd_flags="-r"                                                # Flags to mountd
/etc/exports
Code:
# V4 definitions
V4: /   -network 192.168.0.0 -mask 255.255.0.0
V4: /usr/ports -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
V4: /usr/obj -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
Client (192.168.1.1) /etc/rc.conf
Code:
nfs_client_enable="YES"                                          # Enable NFS client
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
#nfsuserd_flags=""                                               # Flags for nfsuserd
nfscbd_enable="YES"                                              # NFSv4 client side callback daemon
#nfscbd_flags=""                                                 # Flags for nfscbd

nfs_server_enable="YES"                                          # Enable the NFS Server
nfs_server_flags="-u -t -n 6"                                    # -u(dp), -t(cp), -n(umber of servers to create (6), use between 4 and 6)
nfsv4_server_enable="YES"                                        # Enable NFSv4 server
nfsuserd_enable="YES"                                            # NFSv4 user/group name mapping daemon
rpcbind_enable="YES"                                             # Run the portmapper service
mountd_flags="-r"                                                # Flags to mountd
no settings in /etc/exports yet.

I'm not sure how correct is the syntax I have in the "server" exports file but the cmd I use to mount the nfs share is:
Code:
mount_nfs -o nfsv4 192.168.0.1:/usr/src /usr/src
The idea is to have the sources on the "client", mount them via NFS to the "server" and compile the world/kernel there (the "server" is a core2duo CPU vs the 200MHz of the "client").
 

obscurant

New Member

Thanks: 1
Messages: 3

#16
/etc/exports
Code:
# V4 definitions
V4: /   -network 192.168.0.0 -mask 255.255.0.0
V4: /usr/ports -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
V4: /usr/obj -network 192.168.0.0 -mask 255.255.0.0 -alldirs -maproot=root
That does not look correct - you have defined the V4 roots, which is what the V4: lines do, but you have not exported any filesystems.

In my working kerberized nfs4 setup, I have the following:

/etc/exports
Code:
/export -sec=krb5:krb5i:krb5p -network 192.168.255.0 -mask 255.255.255.0 
V4: /export -sec=krb5:krb5i:krb5p -network 192.168.255.0 -mask 255.255.255.0
 

obscurant

New Member

Thanks: 1
Messages: 3

#18
I disagree, based upon my experience - I thought so too until I tried to get it setup with just V4 lines. V4 line just sets the root, at least in 8.1.

From exports(5), which could be clearer, imo:
...This location can be any directory and does not
need to be within an exported file system. If it is not in an exported
file system, a very limited set of operations are permitted, so that an
NFSv4 client can traverse the tree to an exported file system. Although
parts of the NFSv4 tree can be non-exported, the entire NFSv4 tree must
consist of local file systems capable of being exported via NFS.
If you attempt to mount with just V4 line in exports, you should get a no file handle errror (10020). If you have multiple V4 directories, you'll get an error for different V4 dirpath. Check mountd.c, it notes that "V4: just indicates that it is the v4 root point"

Here's a mailing list post by one of the devs regarding this.
 

da1

Aspiring Daemon

Thanks: 92
Messages: 865

#19
Code:
# nfsV4 definitions below:
V4: /
/usr/src /usr/ports -maproot=root -network 192.168.1.0 -mask 255.255.255.0
/usr/home -ro
Based on the last posts by obscurant, I modified my exports file and I tried a couple of things. This is what I've noticed:

1) There can be only 1 "V4" line in the exports file (and that has to be the "root tree" declaration). If there is more than 1 "V4" line [CMD=""]/etc/rc.d/mountd onereload[/CMD] will fail with "bad export list" (see /var/log/messages)
2) All other export lines have to be written in "old" V3 style.
3) Having a "V4" line and all other export lines in "old" V3 style, allows one to choose how to mount the exported FS (as "V3" or as "V4") by simply doing either (for V3):
[CMD=""]mount -v -t nfs <IP/hostname>:/path/to/dir /local/dir[/CMD]
or (for "V4")
[CMD=""]mount -v -t nfs -o nfsv4 <IP/hostname>:/path/to/dir /local/dir[/CMD]
4) As long as a "V4" (root) line is present in the exports file, there is no restrain as to where the "V4" line itself is situated (long ago it had to be at he end of the file).
5) The last export is set to be readonly. However, it gets mounted as readwrite; using:
[cmd=""]mount -v -t nfs -o nfsv4 192.168.1.27:/usr/home /mnt/home/[/cmd]. Ideas?
 

obscurant

New Member

Thanks: 1
Messages: 3

#20
I am seeing the same thing in my setup - specifying '-ro' is ignored. If I find out more I'll update this thread.

There can be multiple V4: lines, but nfsv4 root has to be the same in each. The purpose here I guess would be if you wanted to specify different security flavors for subnets/hosts.
 
Top