diff --git a/CHANGELOG.md b/CHANGELOG.md index e5bc513..b467c2c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,19 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## [2.1.0] - 2019-10-31 +## [2.2.0] - 2019-03-08 +## Added +* Enhanced debugging via environment variable: `NFS_LOG_LEVEL=DEBUG`. This also produces less cluttered log output +during regular, non-debug operation. +## Fixed +* `idmapd` would not start when `NFS_VERSION=3` +* allow Kerberos without `idmapd`. Most users will probably want to run them together, but +it isn't required. +* `NFS_VERSION` environment variable sanity check allowed invalid values +* status code of `rpc.svcgssd` was not properly checked +* `idmapd` debug output was invisible + +## [2.1.0] - 2019-01-31 ### Added * Ability to automatically load kernel modules. ([#18](https://github.com/ehough/docker-nfs-server/issues/18)). Credit to [@andyneff](https://github.com/andyneff). ### Fixed @@ -48,4 +60,4 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. * Fixed detection of built-in kernel modules ([#4](https://github.com/ehough/docker-nfs-server/pull/4)) ## [1.0.0] - 2018-02-05 -Initial release. \ No newline at end of file +Initial release. diff --git a/README.md b/README.md index b795b2b..306702b 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ This is the only containerized NFS server that offers **all** of the following f - clean teardown of services upon termination (no lingering `nfsd` processes on Docker host) - flexible construction of `/etc/exports` - extensive server configuration via environment variables -- helpful, human-readable logging +- human-readable logging (with a helpful [debug mode](doc/feature/logging.md)) - *optional* bonus features - [Kerberos security](doc/feature/kerberos.md) - [NFSv4 user ID mapping](doc/feature/nfs4-user-id-mapping.md) via [`idmapd`](http://man7.org/linux/man-pages/man8/idmapd.8.html) @@ -24,6 +24,7 @@ This is the only containerized NFS server that offers **all** of the following f * [Starting the server](#starting-the-server) * [Mounting filesystems from a client](#mounting-filesystems-from-a-client) * Optional features + * [Debug logging](doc/feature/logging.md) * [Kerberos security](doc/feature/kerberos.md) * [NFSv4 user ID mapping](doc/feature/nfsv4-user-id-mapping.md) * [AppArmor integration](doc/feature/apparmor.md) @@ -144,6 +145,7 @@ If you pay close attention to each of the items in this section, the server shou ## Optional Features + * [Debug logging](doc/feature/logging.md) * [Kerberos security](doc/feature/kerberos.md) * [NFSv4 user ID mapping](doc/feature/nfs4-user-id-mapping.md) * [AppArmor integration](doc/feature/apparmor.md) diff --git a/doc/feature/kerberos.md b/doc/feature/kerberos.md index cc363ae..7a73412 100644 --- a/doc/feature/kerberos.md +++ b/doc/feature/kerberos.md @@ -6,8 +6,6 @@ You can enable Kerberos security for your NFS server with the following steps. 1. set the server's hostname via the `--hostname` flag 1. provide `/etc/krb5.keytab` which contains a principal of the form `nfs/`, where `` is the hostname you supplied in the previous step. 1. provide [`/etc/krb5.conf`](https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html) -1. provide [`/etc/idmapd.conf`](https://linux.die.net/man/5/idmapd.conf) -1. provide `/etc/passwd` containing your NFS client users Here's an example: @@ -18,8 +16,6 @@ Here's an example: --hostname my-nfs-server.com \ -v /host/path/to/server.keytab:/etc/krb5.keytab:ro \ -v /host/path/to/server.krb5conf:/etc/krb5.conf:ro \ - -v /host/path/to/idmapd.conf:/etc/idmapd.conf:ro \ - -v /etc/passwd:/etc/passwd:ro \ --cap-add SYS_ADMIN \ -p 2049:2049 \ erichough/nfs-server diff --git a/doc/feature/logging.md b/doc/feature/logging.md new file mode 100644 index 0000000..b65f395 --- /dev/null +++ b/doc/feature/logging.md @@ -0,0 +1,157 @@ +# Logging + +By default, the image will output a reasonable level of logging information so you can see verify that the server is operating as expected. + +You can bump up the log level via the `NFS_LOG_LEVEL` environment variable. Currently, the only acceptable value is `DEBUG`. + +In your `docker-run` command: +``` +docker run -e NFS_LOG_LEVEL=DEBUG ... erichough/nfs-server +``` +or in `docker-compose.yml`: +```YAML +version: 3 +services: + nfs: + image: erichough/nfs-server + ... + environment: + - LOG_LEVEL: DEBUG +``` + +### Normal log output + +Normal, non-debug logging will look something like this: + +``` +================================================================== + SETTING UP ... +================================================================== +----> building /etc/exports from environment variables +----> collected 4 valid export(s) from NFS_EXPORT_* environment variables +----> kernel module nfs is loaded +----> kernel module nfsd is loaded +----> kernel module rpcsec_gss_krb5 is loaded +----> setup complete + +================================================================== + STARTING SERVICES ... +================================================================== +----> mounting rpc_pipefs filesystem onto /var/lib/nfs/rpc_pipefs +----> mounting nfsd filesystem onto /proc/fs/nfsd +----> starting rpcbind +----> exporting filesystem(s) +----> starting rpc.mountd on port 32767 +----> starting statd on port 32765 (outgoing from port 32766) +----> starting idmapd +----> starting rpc.nfsd on port 2049 with 16 server thread(s) +----> starting rpc.svcgssd +----> all services started normally + +================================================================== + SERVER STARTUP COMPLETE +================================================================== +----> list of enabled NFS protocol versions: 3 +----> list of container exports: +----> /nfs/htpc-media *(ro,no_subtree_check,insecure,async) +----> /nfs/homes/staff *(rw,no_subtree_check,insecure,sec=krb5p) +----> /nfs/homes/ehough *(rw,no_subtree_check,insecure,no_root_squash,sec=krb5p) +----> /nfs/backup/duplicacy *(rw,no_subtree_check,insecure,sec=krb5p,all_squash,anonuid=0,anongid=0) +----> list of container ports that should be exposed: +----> 111 (TCP and UDP) +----> 2049 (TCP and UDP) +----> 32765 (TCP and UDP) +----> 32767 (TCP and UDP) + +================================================================== + READY AND WAITING FOR NFS CLIENT CONNECTIONS +================================================================== + +``` + +### Debug output + +Debug output will look something like this: + +``` +================================================================== + SETTING UP ... +================================================================== +----> /etc/exports is baked into the image +----> kernel module nfs is loaded +----> kernel module nfsd is loaded +----> kernel module rpcsec_gss_krb5 is loaded +----> setup complete + +================================================================== + STARTING SERVICES ... +================================================================== +----> mounting rpc_pipefs filesystem onto /var/lib/nfs/rpc_pipefs +mount: mount('rpc_pipefs','/var/lib/nfs/rpc_pipefs','rpc_pipefs',0x00008000,'(null)'):0 +----> mounting nfsd filesystem onto /proc/fs/nfsd +mount: mount('nfsd','/proc/fs/nfsd','nfsd',0x00008000,'(null)'):0 +----> starting rpcbind +----> exporting filesystem(s) +exporting *:/nfs/backup/duplicacy +exporting *:/nfs/homes/ehough +exporting *:/nfs/homes/staff +exporting *:/nfs/htpc-media +----> starting rpc.mountd on port 32767 +----> starting statd on port 32765 (outgoing from port 32766) +----> starting idmapd +rpc.idmapd: Setting log level to 11 + +rpc.idmapd: libnfsidmap: using domain: hough.matis +rpc.idmapd: libnfsidmap: Realms list: 'HOUGH.MATIS' +rpc.idmapd: libnfsidmap: processing 'Method' list +rpc.idmapd: static_getpwnam: name 'nfs/blue@HOUGH.MATIS' mapped to 'root' +rpc.idmapd: static_getpwnam: localname 'melissa' for 'melissa@HOUGH.MATIS' not found +rpc.idmapd: static_getpwnam: name 'ehough@HOUGH.MATIS' mapped to 'ehough' +rpc.idmapd: static_getgrnam: group 'nfs/blue@HOUGH.MATIS' mapped to 'root' +rpc.idmapd: static_getgrnam: local group 'melissa' for 'melissa@HOUGH.MATIS' not found +rpc.idmapd: static_getgrnam: group 'ehough@HOUGH.MATIS' mapped to 'ehough' +rpc.idmapd: libnfsidmap: loaded plugin /usr/lib/libnfsidmap/static.so for method static +rpc.idmapd: Expiration time is 600 seconds. +rpc.idmapd: Opened /proc/net/rpc/nfs4.nametoid/channel +rpc.idmapd: Opened /proc/net/rpc/nfs4.idtoname/channel +----> starting rpc.nfsd on port 2049 with 16 server thread(s) +rpc.nfsd: knfsd is currently down +rpc.nfsd: Writing version string to kernel: -2 +3 +4 +4.1 +4.2 +rpc.nfsd: Created AF_INET TCP socket. +rpc.nfsd: Created AF_INET UDP socket. +rpc.nfsd: Created AF_INET6 TCP socket. +rpc.nfsd: Created AF_INET6 UDP socket. +----> starting rpc.svcgssd +entering poll +----> all services started normally + +================================================================== + SERVER STARTUP COMPLETE +================================================================== +----> list of enabled NFS protocol versions: 4.2, 4.1, 4, 3 +----> list of container exports: +----> /nfs/backup/duplicacy *(rw,sync,wdelay,hide,nocrossmnt,insecure,root_squash,all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=0,anongid=0,sec=krb5p,rw,insecure,root_squash,all_squash) +----> /nfs/homes/ehough *(rw,sync,wdelay,hide,nocrossmnt,insecure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=krb5p,rw,insecure,no_root_squash,no_all_squash) +----> /nfs/homes/staff *(rw,sync,wdelay,hide,nocrossmnt,insecure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=krb5p,rw,insecure,root_squash,no_all_squash) +----> /nfs/htpc-media *(ro,async,wdelay,hide,nocrossmnt,insecure,root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,ro,insecure,root_squash,no_all_squash) +----> list of container ports that should be exposed: +----> 111 (TCP and UDP) +----> 2049 (TCP and UDP) +----> 32765 (TCP and UDP) +----> 32767 (TCP and UDP) + +================================================================== + READY AND WAITING FOR NFS CLIENT CONNECTIONS +================================================================== +leaving poll +handling null request +svcgssd_limit_krb5_enctypes: Calling gss_set_allowable_enctypes with 7 enctypes from the kernel +sname = nfs/blue@HOUGH.MATIS +doing downcall +mech: krb5, hndl len: 4, ctx len 52, timeout: 1552111964 (31564 from now), clnt: nfs@blue, uid: 0, gid: 0, num aux grps: 1: + ( 1) 0 +sending null reply +writing message: \x \x6082024606092a864886f71201020201006e82023530820231a003020105a10302010ea20703050020000000a38201306182012c30820128a003020105a10d1b0b484f5547482e4d41544953a2153013a003020103a10c300a1b036e66731b036e6173a381fa3081f7a003020113a103020106a281ea0481e79cf640041a02f97332a25760a707a3f039f61301d07b2dfbb8bf9448cbfd168d0958c7717b535f7799c87390469c94045a6cd3f54c91ddeda9274b1ea492a43e6b17dec3ad17aaa94b9e61cdd4f4c8e7a35d8e84d56c7657e63536358e1316e2e8362922b47b465dd57aa29cb743128432decee09c3a06e6b4d5f6cebcd0978ee37bf0155a01a6ed623dc7b3068163fedaadec1e1509788db701c5308c703aa0e3196188e40c22afc361d2d9762750627c091516f05059a1f965df187dc981f4ac59bf3f424f23e676109a8c93af93b66f704f78703e1ef642fddf5b01d7deb40db26642e9f4f0a481e73081e4a003020111a281dc0481d9299c7ea474abf5d08a5f4f977254552e712f783f89bf40eb2cbd0082614593e377ec8cfe1c1ffb1bc0fad366382258f63857928240933914478fbceadc3b3bfe2e1f9a477c601d6b20c19898813878f45cea78ae601a342f000faf89c2e0e4c37fdb5db7937ac327ac0470c1f97dd421a112a6739467132d598db38ff99f9a88a8ac44e72f5cd088bd4d6159e15be75a7447d556134bda4fa0a96e64e3350d3a198e0635e4e7fb4900962aed3912fe0f316a1fa27121133232816b1177c707c0c37b396add3b347be38db756f05815ca3de5b3874782d80bf9 1552080460 0 0 \x01000000 \x60819906092a864886f71201020202006f8189308186a003020105a10302010fa27a3078a003020111a271046fdfb95cbe1237d785691a0ca14b4f7443142dda2b2a1b2845499bdb69b538719fbfc99b71d72ae61d7bd9966c106b2381fd08690082de26da5b8f521081035b5d7b8bf6c6eda85fd73c1c76ff03bec7693695e0b3d9e72069ec3772f93c4dbc5e8ce698a0854b494714bd5801204af3 +finished handling null request +entering poll +``` \ No newline at end of file diff --git a/doc/feature/nfs4-user-id-mapping.md b/doc/feature/nfs4-user-id-mapping.md index 5a84e87..a0998be 100644 --- a/doc/feature/nfs4-user-id-mapping.md +++ b/doc/feature/nfs4-user-id-mapping.md @@ -1,12 +1,11 @@ # NFSv4 User ID Mapping -If you'd like to run [`idmapd`](http://man7.org/linux/man-pages/man8/idmapd.8.html) to map between NFSv4 IDs (e.g. `foo@bar.com`) and local users, simply provide [`idmapd.conf`](https://linux.die.net/man/5/idmapd.conf) and `/etc/passwd` to the container. This step is required for [Kerberos](kerberos.md). +If you'd like to run [`idmapd`](http://man7.org/linux/man-pages/man8/idmapd.8.html) to map between NFSv4 IDs (e.g. `foo@bar.com`) and local users, simply provide [`idmapd.conf`](https://linux.die.net/man/5/idmapd.conf) to the container. docker run \ -v /host/path/to/exports.txt:/etc/exports:ro \ -v /host/files:/nfs \ -v /host/path/to/idmapd.conf:/etc/idmapd.conf:ro \ - -v /etc/passwd:/etc/passwd:ro \ --cap-add SYS_ADMIN \ -p 2049:2049 \ erichough/nfs-server diff --git a/entrypoint.sh b/entrypoint.sh index 34a4e07..95ec8f5 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -5,7 +5,7 @@ # https://hub.docker.com/r/erichough/nfs-server # https://github.com/ehough/docker-nfs-server # -# Copyright (C) 2017-2018 Eric D. Hough +# Copyright (C) 2017-2019 Eric D. Hough # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -32,8 +32,8 @@ readonly ENV_VAR_NFS_PORT='NFS_PORT' readonly ENV_VAR_NFS_PORT_STATD_IN='NFS_PORT_STATD_IN' readonly ENV_VAR_NFS_PORT_STATD_OUT='NFS_PORT_STATD_OUT' readonly ENV_VAR_NFS_VERSION='NFS_VERSION' +readonly ENV_VAR_NFS_LOG_LEVEL='NFS_LOG_LEVEL' -readonly DEFAULT_NFS_SERVER_THREAD_COUNT="$(grep -Ec ^processor /proc/cpuinfo)" readonly DEFAULT_NFS_PORT=2049 readonly DEFAULT_NFS_PORT_MOUNTD=32767 readonly DEFAULT_NFS_PORT_STATD_IN=32765 @@ -150,9 +150,17 @@ stop_mount() { local -r type=$(basename "$path") if mount | grep -Eq ^"$type on $path\\s+"; then + + local args=() + if is_debug_requested; then + args+=('-v') + fi + args+=("$path") + log "un-mounting $type filesystem from $path" - umount -v "$path" + umount "${args[@]}" on_failure warn "unable to un-mount $type filesystem from $path" + else log "no active mount at $path" fi @@ -167,8 +175,13 @@ stop_nfsd() { stop_exportfs() { + local args=('-ua') + if is_debug_requested; then + args+=('-v') + fi + log 'un-exporting filesystem(s)' - $PATH_BIN_EXPORTFS -uav + $PATH_BIN_EXPORTFS "${args[@]}" on_failure warn 'unable to un-export filesystem(s)' } @@ -176,13 +189,13 @@ stop() { log_header 'terminating ...' - if is_kerberos_enabled; then + if is_kerberos_requested; then kill_process_if_running "$PATH_BIN_RPC_SVCGSSD" fi stop_nfsd - if is_idmapd_enabled; then + if is_idmapd_requested; then kill_process_if_running "$PATH_BIN_IDMAPD" fi @@ -211,11 +224,6 @@ get_requested_nfs_version() { echo "${!ENV_VAR_NFS_VERSION:-$DEFAULT_NFS_VERSION}" } -get_requested_count_nfsd_threads() { - - echo "${!ENV_VAR_NFS_SERVER_THREAD_COUNT:-$DEFAULT_NFS_SERVER_THREAD_COUNT}" -} - get_requested_port_mountd() { echo "${!ENV_VAR_NFS_PORT_MOUNTD:-$DEFAULT_NFS_PORT_MOUNTD}" @@ -236,7 +244,7 @@ get_requested_port_statd_out() { echo "${!ENV_VAR_NFS_PORT_STATD_OUT:-$DEFAULT_NFS_PORT_STATD_OUT}" } -is_kerberos_enabled() { +is_kerberos_requested() { if [[ -n "${!ENV_VAR_NFS_ENABLE_KERBEROS}" ]]; then return 0 @@ -254,9 +262,9 @@ is_nfs3_enabled() { return 1 } -is_idmapd_enabled() { +is_idmapd_requested() { - if [[ "$(get_requested_nfs_version)" != '3' && -f "$PATH_FILE_ETC_IDMAPD_CONF" ]]; then + if [[ -f "$PATH_FILE_ETC_IDMAPD_CONF" ]]; then return 0 fi @@ -285,6 +293,26 @@ has_linux_capability() { return 1 } +is_debug_requested() { + + if echo "${!ENV_VAR_NFS_LOG_LEVEL}" | grep -Eqi '^DEBUG$'; then + return 0 + fi + + return 1 +} + +get_requested_count_nfsd_threads() { + + if [[ -n "${!ENV_VAR_NFS_SERVER_THREAD_COUNT}" ]]; then + echo "${!ENV_VAR_NFS_SERVER_THREAD_COUNT}" + else + local -r cpu_count="$(grep -Ec ^processor /proc/cpuinfo)" + on_failure bail 'unable to detect CPU count. set NFS_SERVER_THREAD_COUNT environment variable' + echo "$cpu_count"; + fi +} + ###################################################################################### ### runtime configuration assertions ###################################################################################### @@ -331,7 +359,7 @@ assert_nfs_version() { local -r requested_version="$(get_requested_nfs_version)" - echo "$requested_version" | grep -Eq '^3|4(\.[1-2])?$' + echo "$requested_version" | grep -Eq '^3$|^4(\.[1-2])?$' on_failure bail "please set $ENV_VAR_NFS_VERSION to one of: 4.2, 4.1, 4, 3" if ! is_nfs3_enabled && [[ "$requested_version" = '3' ]]; then @@ -360,6 +388,13 @@ assert_cap_sysadmin() { fi } +assert_log_level() { + + if ! echo "${!ENV_VAR_NFS_LOG_LEVEL}" | grep -Eqi "^$|^DEBUG$"; then + bail "the only acceptable value for $ENV_VAR_NFS_LOG_LEVEL is DEBUG" + fi +} + ###################################################################################### ### initialization @@ -447,6 +482,7 @@ init_assertions() { assert_port "$ENV_VAR_NFS_PORT_STATD_OUT" assert_nfs_version assert_nfsd_threads + assert_log_level # check kernel modules assert_kernel_mod nfs @@ -459,9 +495,8 @@ init_assertions() { assert_cap_sysadmin # perform Kerberos assertions - if is_kerberos_enabled; then + if is_kerberos_requested; then - assert_file_provided "$PATH_FILE_ETC_IDMAPD_CONF" assert_file_provided "$PATH_FILE_ETC_KRB5_KEYTAB" assert_file_provided "$PATH_FILE_ETC_KRB5_CONF" @@ -478,7 +513,11 @@ boot_helper_mount() { local -r path=$1 local -r type=$(basename "$path") - local -r args=('-vt' "$type" "$path") + local args=('-t' "$type" "$path") + + if is_debug_requested; then + args+=('-vvv') + fi log "mounting $type filesystem onto $path" mount "${args[@]}" @@ -501,6 +540,36 @@ boot_helper_get_version_flags() { echo "${flags[@]}" } +boot_helper_start_daemon() { + + local -r msg="$1" + local -r daemon="$2" + shift 2 + local -r daemon_args=("$@") + + log "$msg" + "$daemon" "${daemon_args[@]}" + on_failure stop "$daemon failed" +} + +boot_helper_start_non_daemon() { + + local -r msg="$1" + local -r process="$2" + shift 2 + local -r process_args=("$@") + + log "$msg" + "$process" "${process_args[@]}" & + + local -r bg_pid=$! + + # somewhat arbitrary assumption that if the process isn't dead already, it will die within 1/20 of a second. for our + # purposes this works just fine, but if someone has a better solution please open a PR. + sleep .05 + kill -0 $bg_pid 2> /dev/null + on_failure stop "$process failed" +} ###################################################################################### ### primary boot @@ -515,9 +584,12 @@ boot_main_mounts() { boot_main_exportfs() { - log 'exporting filesystem(s)' - $PATH_BIN_EXPORTFS -arv - on_failure stop 'exportfs failed' + local args=('-ar') + if is_debug_requested; then + args+=('-v') + fi + + boot_helper_start_daemon 'exporting filesystem(s)' $PATH_BIN_EXPORTFS "${args[@]}" } boot_main_mountd() { @@ -525,12 +597,13 @@ boot_main_mountd() { local version_flags read -r -a version_flags <<< "$(boot_helper_get_version_flags)" local -r port=$(get_requested_port_mountd) - local -r args=('--debug' 'all' '--port' "$port" "${version_flags[@]}") + local args=('--port' "$port" "${version_flags[@]}") + if is_debug_requested; then + args+=('--debug' 'all') + fi # yes, rpc.mountd is required even for NFS v4: https://forums.gentoo.org/viewtopic-p-7724856.html#7724856 - log "starting rpc.mountd on port $port" - $PATH_BIN_MOUNTD "${args[@]}" - on_failure stop 'rpc.mountd failed' + boot_helper_start_daemon "starting rpc.mountd on port $port" $PATH_BIN_MOUNTD "${args[@]}" } boot_main_rpcbind() { @@ -538,18 +611,24 @@ boot_main_rpcbind() { # rpcbind isn't required for NFSv4, but if it's not running then nfsd takes over 5 minutes to start up. # it's a bug in either nfs-utils or the kernel, and the code of both is over my head. # so as a workaround we start rpcbind now and (in v4-only scenarios) kill it after nfsd starts up - log 'starting rpcbind' - $PATH_BIN_RPCBIND -ds - on_failure stop 'rpcbind failed' + local -r args=('-ds') + boot_helper_start_daemon 'starting rpcbind' $PATH_BIN_RPCBIND "${args[@]}" } boot_main_idmapd() { - if is_idmapd_enabled; then - log 'starting idmapd' - $PATH_BIN_IDMAPD -v -S - on_failure stop 'idmapd failed' + if ! is_idmapd_requested; then + return + fi + + local args=('-S') + local func=boot_helper_start_daemon + if is_debug_requested; then + args+=('-vvv' '-f') + func=boot_helper_start_non_daemon fi + + $func 'starting idmapd' $PATH_BIN_IDMAPD "${args[@]}" } boot_main_statd() { @@ -562,9 +641,7 @@ boot_main_statd() { local -r port_out=$(get_requested_port_statd_out) local -r args=('--no-notify' '--port' "$port_in" '--outgoing-port' "$port_out") - log "starting statd on port $port_in (outgoing connections from port $port_out)" - $PATH_BIN_STATD "${args[@]}" - on_failure stop 'statd failed' + boot_helper_start_daemon "starting statd on port $port_in (outgoing from port $port_out)" $PATH_BIN_STATD "${args[@]}" } boot_main_nfsd() { @@ -573,11 +650,13 @@ boot_main_nfsd() { read -r -a version_flags <<< "$(boot_helper_get_version_flags)" local -r threads=$(get_requested_count_nfsd_threads) local -r port=$(get_requested_port_nfsd) - local -r args=('--debug' 8 '--tcp' '--udp' '--port' "$port" "${version_flags[@]}" "$threads") + local args=('--tcp' '--udp' '--port' "$port" "${version_flags[@]}" "$threads") - log "starting rpc.nfsd on port $port with $threads server thread(s)" - $PATH_BIN_NFSD "${args[@]}" - on_failure stop 'rpc.nfsd failed' + if is_debug_requested; then + args+=('--debug') + fi + + boot_helper_start_daemon "starting rpc.nfsd on port $port with $threads server thread(s)" $PATH_BIN_NFSD "${args[@]}" if ! is_nfs3_enabled; then kill_process_if_running "$PATH_BIN_RPCBIND" @@ -586,13 +665,16 @@ boot_main_nfsd() { boot_main_svcgssd() { - if ! is_kerberos_enabled; then + if ! is_kerberos_requested; then return fi - log 'starting rpc.svcgssd' - $PATH_BIN_RPC_SVCGSSD -f & - on_failure stop 'rpc.svcgssd failed' + local args=('-f') + if is_debug_requested; then + args+=('-vvv') + fi + + boot_helper_start_non_daemon 'starting rpc.svcgssd' $PATH_BIN_RPC_SVCGSSD "${args[@]}" } @@ -631,6 +713,13 @@ summarize_exports() { log 'list of container exports:' + # if debug is enabled, read /var/lib/nfs/etab as it contains the "real" export data. but it also contains more + # information that most people will usually need to see + local file_to_read="$PATH_FILE_ETC_EXPORTS" + if is_debug_requested; then + file_to_read='/var/lib/nfs/etab' + fi + while read -r export; do # skip comments and empty lines @@ -641,7 +730,7 @@ summarize_exports() { # log it w/out leading and trailing whitespace log " $(echo -e "$export" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" - done < "$PATH_FILE_ETC_EXPORTS" + done < "$file_to_read" } summarize_ports() {