From patchwork Fri Jan 3 17:35:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Ricardo Wurmus X-Patchwork-Id: 19564 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 8914E179E4; Fri, 3 Jan 2020 17:36:49 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id D4A18179EA for ; Fri, 3 Jan 2020 17:36:48 +0000 (GMT) Received: from localhost ([::1]:55258 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1inQsS-0007rf-By for patchwork@mira.cbaines.net; Fri, 03 Jan 2020 12:36:48 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:37744) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1inQro-0007DE-S4 for guix-patches@gnu.org; Fri, 03 Jan 2020 12:36:11 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1inQrm-0003Np-7Y for guix-patches@gnu.org; Fri, 03 Jan 2020 12:36:08 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:35443) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1inQrm-0003M5-0a for guix-patches@gnu.org; Fri, 03 Jan 2020 12:36:06 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1inQrl-0008HX-SE for guix-patches@gnu.org; Fri, 03 Jan 2020 12:36:05 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#38902] [PATCH 9/9] services: nfs: Add nfs-service-type. Resent-From: Ricardo Wurmus Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 03 Jan 2020 17:36:05 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 38902 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 38902@debbugs.gnu.org Cc: Ricardo Wurmus Received: via spool by 38902-submit@debbugs.gnu.org id=B38902.157807295431762 (code B ref 38902); Fri, 03 Jan 2020 17:36:05 +0000 Received: (at 38902) by debbugs.gnu.org; 3 Jan 2020 17:35:54 +0000 Received: from localhost ([127.0.0.1]:41408 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inQrZ-0008GE-UG for submit@debbugs.gnu.org; Fri, 03 Jan 2020 12:35:54 -0500 Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21169) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1inQrX-0008G6-WF for 38902@debbugs.gnu.org; Fri, 03 Jan 2020 12:35:52 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1578072949; cv=none; d=zohomail.com; s=zohoarc; b=H062LegBRZsnAQ2/duG1d3aHTXWg6GbYJjp7BIq1B7oBl7YoTXtGJ53CAeEAhbCrRxNeKIucgXDolXQlCCTJYY7pU1kEUjWgJYjEUpU9cbFjWZoWYfTpUFbS9a8T5OyhugzIdIviURnjOxhlbGbyWnZ1/upXmvb2KNNtAFXIu40= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1578072949; h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:To; bh=/SlfAPWfOi4+znDeeVHkbGDk/qp03aUKx49AlN+41WE=; b=kPCeQeJoREOAWadjTrFuQzE/TGXpXvuT0enyM6ZX/IMCS/J3H9scoLZfxrs667/G/BPiDWqJPc4FV0kmz+q65lJRZP46iU8pyl0VwYv37HCn4jXnPnxjyhvpWpxQGQQQoJx47IjenxWO9naO4aTpV8yER0c0RxquCUHRMLb1VJw= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=pass header.i=elephly.net; spf=pass smtp.mailfrom=rekado@elephly.net; dmarc=pass header.from= header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1578072949; s=zoho; d=elephly.net; i=rekado@elephly.net; h=From:To:Cc:Message-ID:Subject:Date:In-Reply-To:References:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=/SlfAPWfOi4+znDeeVHkbGDk/qp03aUKx49AlN+41WE=; b=Wu9IQe1xKVciRvwcjdU88pL20dMl486zfeaJyBVAsvdiAjCuAoSrjpEbaZT5jLNM SgCsMMW5F/7unS9xZFlWrjqawTs/SVCg/iqz8EUKZYr+oVEXUwkkZhJsCOsGjFOlB8G Nk4/9UNAkW3WH0OR3mGKGfh7t+d94lFtZL37XJ+w= Received: from localhost (p54AD4FBF.dip0.t-ipconnect.de [84.173.79.191]) by mx.zohomail.com with SMTPS id 1578072947678340.83146508294124; Fri, 3 Jan 2020 09:35:47 -0800 (PST) From: Ricardo Wurmus Message-ID: <20200103173506.9779-9-rekado@elephly.net> Date: Fri, 3 Jan 2020 18:35:06 +0100 X-Mailer: git-send-email 2.24.1 In-Reply-To: <20200103173506.9779-1-rekado@elephly.net> References: <20200103173506.9779-1-rekado@elephly.net> MIME-Version: 1.0 X-ZohoMailClient: External X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/services/nfs.scm (): New record. (nfs-configuration, nfs-configuration?, nfs-configuration-nfs-utils, nfs-configuration-nfs-version, nfs-configuration-exports, nfs-configuration-rpcmountd-port, nfs-configuration-rpcstatd-port, nfs-configuration-rpcbind, nfs-configuration-idmap-domain, nfs-configuration-nfsd-port, nfs-configuration-nfsd-threads, nfs-configuration-pipefs-directory, nfs-configuration-debug, nfs-shepherd-services): New procedures. (nfs-service-type): New variable. * doc/guix.texi (Network File System): Document it. * gnu/tests/nfs.scm (%test-nfs-server): New variable. (%base-os): Use default value of rpcbind-service-type. --- doc/guix.texi | 74 +++++++++++++++++- gnu/services/nfs.scm | 181 ++++++++++++++++++++++++++++++++++++++++++- gnu/tests/nfs.scm | 157 ++++++++++++++++++++++++++++++++++++- 3 files changed, 407 insertions(+), 5 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index a26056899e..8eb31e54df 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -29,7 +29,7 @@ Copyright @copyright{} 2015, 2016 Mathieu Lirzin@* Copyright @copyright{} 2014 Pierre-Antoine Rault@* Copyright @copyright{} 2015 Taylan Ulrich Bayırlı/Kammer@* Copyright @copyright{} 2015, 2016, 2017, 2019 Leo Famulari@* -Copyright @copyright{} 2015, 2016, 2017, 2018, 2019 Ricardo Wurmus@* +Copyright @copyright{} 2015, 2016, 2017, 2018, 2019, 2020 Ricardo Wurmus@* Copyright @copyright{} 2016 Ben Woodcroft@* Copyright @copyright{} 2016, 2017, 2018 Chris Marusich@* Copyright @copyright{} 2016, 2017, 2018, 2019 Efraim Flashner@* @@ -21926,6 +21926,78 @@ The @code{(gnu services nfs)} module provides the following services, which are most commonly used in relation to mounting or exporting directory trees as @dfn{network file systems} (NFS). +While it is possible to use the individual components that together make +up a Network File System service, we recommended to configure an NFS +server with the @code{nfs-service-type}. + +@subsubheading NFS Service +@cindex NFS, server + +The NFS service takes care of setting up all NFS component services, +kernel configuration file systems, and installs configuration files in +the locations that NFS expects. + +@defvr {Scheme Variable} nfs-service-type +A service type for a complete NFS server. +@end defvr + +@deftp {Data Type} nfs-configuration +This data type represents the configuration of the NFS service and all +of its subsystems. + +It has the following parameters: +@table @asis +@item @code{nfs-utils} (default: @code{nfs-utils}) +The nfs-utils package to use. + +@item @code{nfs-version} (default: @code{#f}) +If a string value is provided, the @command{rpc.nfsd} daemon will be +limited to supporting the given version of the NFS protocol. + +@item @code{exports} (default: @code{'()}) +This is a list of directories the NFS server should export. Each entry +is a list consisting of two elements: a directory name and a string +containing all options. This is an example in which the directory +@file{/export} is served to all NFS clients as a read-only share: + +@lisp +(nfs-configuration + (exports + '(("/export" + "*(ro,insecure,no_subtree_check,crossmnt,fsid=0)")))) +@end lisp + +@item @code{rpcmountd-port} (default: @code{#f}) +The network port that the @command{rpc.mountd} daemon should use. + +@item @code{rpcstatd-port} (default: @code{#f}) +The network port that the @command{rpc.statd} daemon should use. + +@item @code{rpcbind} (default: @code{rpcbind}) +The rpcbind package to use. + +@item @code{idmap-domain} (default: @code{"localdomain"}) +The local NFSv4 domain name. + +@item @code{nfsd-port} (default: @code{2049}) +The network port that the @command{nfsd} daemon should use. + +@item @code{nfsd-threads} (default: @code{8}) +The number of threads used by the @command{nfsd} daemon. + +@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"}) +The directory where the pipefs file system is mounted. + +@item @code{debug} (default: @code{'()"}) +A list of subsystems for which debugging output should be enabled. This +is a list of symbols. Any of these symbols are valid: @code{nfsd}, +@code{nfs}, @code{rpc}, @code{idmap}, @code{statd}, or @code{mountd}. +@end table +@end deftp + +If you don't need a complete NFS service or prefer to build it yourself +you can use the individual component services that are documented below. + @subsubheading RPC Bind Service @cindex rpcbind diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm index cd7e8fab01..ddc9e2c47e 100644 --- a/gnu/services/nfs.scm +++ b/gnu/services/nfs.scm @@ -22,6 +22,7 @@ #:use-module (gnu services shepherd) #:use-module (gnu packages onc-rpc) #:use-module (gnu packages linux) + #:use-module (gnu packages nfs) #:use-module (guix) #:use-module (guix records) #:use-module (srfi srfi-1) @@ -41,7 +42,11 @@ gss-service-type gss-configuration - gss-configuration?)) + gss-configuration? + + nfs-service-type + nfs-configuration + nfs-configuration?)) (define default-pipefs-directory "/var/lib/nfs/rpc_pipefs") @@ -234,3 +239,177 @@ (compose identity) (extend (lambda (config values) (first values))) (default-value (idmap-configuration))))) + +(define-record-type* + nfs-configuration make-nfs-configuration + nfs-configuration? + (nfs-utils nfs-configuration-nfs-utils + (default nfs-utils)) + (nfs-version nfs-configuration-nfs-version + (default #f)) ; string + (exports nfs-configuration-exports + (default '())) + (rpcmountd-port nfs-configuration-rpcmountd-port + (default #f)) + (rpcstatd-port nfs-configuration-rpcstatd-port + (default #f)) + (rpcbind nfs-configuration-rpcbind + (default rpcbind)) + (idmap-domain nfs-configuration-idmap-domain + (default "localdomain")) + (nfsd-port nfs-configuration-nfsd-port + (default 2049)) + (nfsd-threads nfs-configuration-nfsd-threads + (default 8)) + (pipefs-directory nfs-configuration-pipefs-directory + (default default-pipefs-directory)) + ;; List of modules to debug; any of nfsd, nfs, rpc, idmap, statd, or mountd. + (debug nfs-configuration-debug + (default '()))) + +(define (nfs-shepherd-services config) + "Return a list of for the NFS daemons with CONFIG." + (match-record config + (nfs-utils nfs-version exports + rpcmountd-port rpcstatd-port nfsd-port nfsd-threads + pipefs-directory debug) + (list (shepherd-service + (documentation "Run the NFS statd daemon.") + (provision '(rpc.statd)) + (requirement '(rpcbind-daemon)) + (start + #~(make-forkexec-constructor + (list #$(file-append nfs-utils "/sbin/rpc.statd") + ;; TODO: notification support may require a little more + ;; configuration work. + "--no-notify" + #$@(if (member 'statd debug) + '("--no-syslog") ; verbose logging to stderr + '()) + "--foreground" + #$@(if rpcstatd-port + '("--port" (number->string rpcstatd-port)) + '())) + #:pid-file "/var/run/rpc.statd.pid")) + (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "Run the NFS mountd daemon.") + (provision '(rpc.mountd)) + (requirement '(rpc.statd)) + (start + #~(make-forkexec-constructor + (list #$(file-append nfs-utils "/sbin/rpc.mountd") + #$@(if (member 'mountd debug) + '("--debug" "all") + '()) + #$@(if rpcmountd-port + '("--port" (number->string rpcmountd-port)) + '())))) + (stop #~(make-kill-destructor))) + (shepherd-service + (documentation "Run the NFS daemon.") + (provision '(rpc.nfsd)) + (requirement '(rpc.statd networking)) + (start + #~(lambda _ + (zero? (system* #$(file-append nfs-utils "/sbin/rpc.nfsd") + #$@(if (member 'nfsd debug) + '("--debug") + '()) + "--port" #$(number->string nfsd-port) + #$@(if nfs-version + '("--nfs-version" nfs-version) + '()) + #$(number->string nfsd-threads))))) + (stop + #~(lambda _ + (zero? + (system* #$(file-append nfs-utils "/sbin/rpc.nfsd") "0"))))) + (shepherd-service + (documentation "Run the NFS mountd daemon and refresh exports.") + (provision '(nfs)) + (requirement '(rpc.nfsd rpc.mountd rpc.statd rpcbind-daemon)) + (start + #~(lambda _ + (let ((rpcdebug #$(file-append nfs-utils "/sbin/rpcdebug"))) + (cond + ((member 'nfsd '#$debug) + (system* rpcdebug "-m" "nfsd" "-s" "all")) + ((member 'nfs '#$debug) + (system* rpcdebug "-m" "nfs" "-s" "all")) + ((member 'rpc '#$debug) + (system* rpcdebug "-m" "rpc" "-s" "all")))) + (zero? (system* + #$(file-append nfs-utils "/sbin/exportfs") + "-r" ; re-export + "-a" ; everthing + "-v" ; be verbose + "-d" "all" ; debug + )))) + (stop + #~(lambda _ + (let ((rpcdebug #$(file-append nfs-utils "/sbin/rpcdebug"))) + (cond + ((member 'nfsd '#$debug) + (system* rpcdebug "-m" "nfsd" "-c" "all")) + ((member 'nfs '#$debug) + (system* rpcdebug "-m" "nfs" "-c" "all")) + ((member 'rpc '#$debug) + (system* rpcdebug "-m" "rpc" "-c" "all")))) + #t)) + (respawn? #f))))) + +(define nfs-service-type + (service-type + (name 'nfs) + (extensions + (list + (service-extension shepherd-root-service-type nfs-shepherd-services) + (service-extension activation-service-type + (const #~(begin + (use-modules (guix build utils)) + (system* "mount" "-t" "nfsd" + "nfsd" "/proc/fs/nfsd") + + (mkdir-p "/var/lib/nfs") + ;; directory containing monitor list + (mkdir-p "/var/lib/nfs/sm") + ;; Needed for client recovery tracking + (mkdir-p "/var/lib/nfs/v4recovery") + (let ((user (getpw "nobody"))) + (chown "/var/lib/nfs" + (passwd:uid user) + (passwd:gid user)) + (chown "/var/lib/nfs/v4recovery" + (passwd:uid user) + (passwd:gid user))) + #t))) + (service-extension etc-service-type + (lambda (config) + `(("exports" + ,(plain-file "exports" + (string-join + (map string-join + (nfs-configuration-exports config)) + "\n")))))) + ;; The NFS service depends on these other services. They are extended so + ;; that users don't need to configure them manually. + (service-extension idmap-service-type + (lambda (config) + (idmap-configuration + (domain (nfs-configuration-idmap-domain config)) + (verbosity + (if (member 'idmap (nfs-configuration-debug config)) + 10 0)) + (pipefs-directory (nfs-configuration-pipefs-directory config)) + (nfs-utils (nfs-configuration-nfs-utils config))))) + (service-extension pipefs-service-type + (lambda (config) + (pipefs-configuration + (mount-point (nfs-configuration-pipefs-directory config))))) + (service-extension rpcbind-service-type + (lambda (config) + (rpcbind-configuration + (rpcbind (nfs-configuration-rpcbind config))))))) + (description + "Run all NFS daemons and refresh the list of exported file systems."))) diff --git a/gnu/tests/nfs.scm b/gnu/tests/nfs.scm index 7ef9f1f7bf..014d049ab5 100644 --- a/gnu/tests/nfs.scm +++ b/gnu/tests/nfs.scm @@ -4,6 +4,7 @@ ;;; Copyright © 2017 Mathieu Othacehe ;;; Copyright © 2017 Tobias Geerinckx-Rice ;;; Copyright © 2018 Clément Lassieur +;;; Copyright © 2019, 2020 Ricardo Wurmus ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,10 +34,12 @@ #:use-module (gnu services nfs) #:use-module (gnu services networking) #:use-module (gnu packages onc-rpc) + #:use-module (gnu packages nfs) #:use-module (guix gexp) #:use-module (guix store) #:use-module (guix monads) - #:export (%test-nfs)) + #:export (%test-nfs + %test-nfs-server)) (define %base-os (operating-system @@ -53,8 +56,7 @@ rpcbind %base-packages)) (services (cons* - (service rpcbind-service-type - (rpcbind-configuration)) + (service rpcbind-service-type) (service dhcp-client-service-type) %base-services)))) @@ -133,3 +135,152 @@ (name "nfs") (description "Test some things related to NFS.") (value (run-nfs-test name "/var/run/rpcbind.sock")))) + + +(define %nfs-os + (let ((os (simple-operating-system + (simple-service 'create-target-directory activation-service-type + #~(begin + (mkdir "/remote") + (chmod "/remote" #o777) + #t)) + (service dhcp-client-service-type) + (service nfs-service-type + (nfs-configuration + (debug '(nfs nfsd mountd)) + (exports '(("/export" + ;; crossmnt = This is the pseudo root. + ;; fsid=0 = root file system of the export + "*(ro,insecure,no_subtree_check,crossmnt,fsid=0)")))))))) + (operating-system + (inherit os) + (host-name "nfs-server") + ;; We need to use a tmpfs here, because the test system's root file + ;; system cannot be re-exported via NFS. + (file-systems (cons + (file-system + (device "none") + (mount-point "/export") + (type "tmpfs") + (create-mount-point? #t)) + %base-file-systems)) + (services + ;; Enable debugging output. + (modify-services (operating-system-user-services os) + (syslog-service-type config + => + (syslog-configuration + (inherit config) + (config-file + (plain-file + "syslog.conf" + "*.* /dev/console\n"))))))))) + +(define (run-nfs-server-test) + "Run a test of an OS running a service of NFS-SERVICE-TYPE." + (define os + (marionette-operating-system + %nfs-os + #:requirements '(nscd) + #:imported-modules '((gnu services herd) + (guix combinators)))) + (define test + (with-imported-modules '((gnu build marionette)) + #~(begin + (use-modules (gnu build marionette) + (srfi srfi-64)) + + (define marionette + (make-marionette (list #$(virtual-machine os)))) + (define (wait-for-file file) + ;; Wait until FILE exists in the guest + (marionette-eval + `(let loop ((i 10)) + (cond ((file-exists? ,file) + #t) + ((> i 0) + (sleep 1) + (loop (- i 1))) + (else + (error "File didn't show up: " ,file)))) + marionette)) + + (mkdir #$output) + (chdir #$output) + + (test-begin "nfs-daemon") + (marionette-eval + '(begin + (current-output-port + (open-file "/dev/console" "w0")) + (chmod "/export" #o777) + (with-output-to-file "/export/hello" + (lambda () (display "hello world"))) + (chmod "/export/hello" #o777)) + marionette) + + (test-assert "nscd PID file is created" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'nscd)) + marionette)) + + (test-assert "nscd is listening on its socket" + (marionette-eval + ;; XXX: Work around a race condition in nscd: nscd creates its + ;; PID file before it is listening on its socket. + '(let ((sock (socket PF_UNIX SOCK_STREAM 0))) + (let try () + (catch 'system-error + (lambda () + (connect sock AF_UNIX "/var/run/nscd/socket") + (close-port sock) + (format #t "nscd is ready~%") + #t) + (lambda args + (format #t "waiting for nscd...~%") + (usleep 500000) + (try))))) + marionette)) + + (test-assert "network is up" + (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'networking)) + marionette)) + + ;; Wait for the NFS services to be up and running. + (test-assert "nfs services are running" + (and (marionette-eval + '(begin + (use-modules (gnu services herd)) + (start-service 'nfs)) + marionette) + (wait-for-file "/var/run/rpc.statd.pid"))) + + (test-assert "nfs share is advertised" + (marionette-eval + '(zero? (system* (string-append #$nfs-utils "/sbin/showmount") + "-e" "nfs-server")) + marionette)) + + (test-assert "nfs share mounted" + (marionette-eval + '(begin + (and (zero? (system* (string-append #$nfs-utils "/sbin/mount.nfs4") + "nfs-server:/" "/remote" "-v")) + (file-exists? "/remote/hello"))) + marionette)) + (test-end) + (exit (= (test-runner-fail-count (test-runner-current)) 0))))) + + (gexp->derivation "nfs-server-test" test)) + +(define %test-nfs-server + (system-test + (name "nfs-server") + (description "Test that an NFS server can be started and exported +directories can be mounted.") + (value (run-nfs-server-test))))