Patchwork gnu: Add NFS related services.

login
register
mail settings
Submitter John Darrington
Date Sept. 25, 2016, 8:21 a.m.
Message ID <1474791717-1839-1-git-send-email-jmd@gnu.org>
Download mbox | patch
Permalink /patch/15986/
State New
Headers show

Comments

John Darrington - Sept. 25, 2016, 8:21 a.m.
Another draft for review ...





* gnu/services/nfs.scm (pipefs-service-type): New Variable,
(gss-service-type): New Variable, (idmap-service-type) New Variable.
---
 doc/guix.texi        |  98 ++++++++++++++++++++++++++++++++++--
 gnu/services/nfs.scm | 138 +++++++++++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 230 insertions(+), 6 deletions(-)
Ludovic Courtès - Sept. 30, 2016, 12:02 p.m.
John Darrington <jmd@gnu.org> skribis:

> Another draft for review ...

Could you please include an iteration number in the subject line, and a
terse summary of the changes compared to the previous iteration?

That would be greatly helpful—I’m getting lost in a maze of unrelated
patch series and sometimes have a hard time remembering where we are and
what it is that I’m doing here.  ;-)

>
>
>
>
> * gnu/services/nfs.scm (pipefs-service-type): New Variable,
> (gss-service-type): New Variable, (idmap-service-type) New Variable.
> ---
>  doc/guix.texi        |  98 ++++++++++++++++++++++++++++++++++--
>  gnu/services/nfs.scm | 138 +++++++++++++++++++++++++++++++++++++++++++++++++--
>  2 files changed, 230 insertions(+), 6 deletions(-)

Please also mention the idmap things, the doc/guix.texi changes, etc.

> +@subsubheading GSS Daemon Service
> +@cindex GSSD
> +@cindex GSS
> +
> +The GSS daemon provides strong security for RPC based protocols.

“The @dfn{global security system} (GSS) daemon provides …”

>  
>  (define-record-type* <rpcbind-configuration>
>    rpcbind-configuration make-rpcbind-configuration
> @@ -38,11 +58,11 @@
>    (shepherd-service-type
>     'rpcbind
>     (lambda (config)
> -     (define pkg
> +     (define nfs-utils
>         (rpcbind-configuration-rpcbind config))
>  
>       (define rpcbind-command
> -       #~(list (string-append #$pkg "/bin/rpcbind") "-f"
> +       #~(list (string-append #$nfs-utils "/bin/rpcbind") "-f"

Should have been part of a previous patch I guess, but that’s fine.

> +(define-record-type* <pipefs-configuration>
> +  pipefs-configuration make-pipefs-configuration
> +  pipefs-configuration?
> +  (mount-point           pipefs-configuration-mount-point
> +                         (default default-pipefs-dir)))

Seems to me we don’t even need <pipefs-configuration>; a string would be
enough, no?

> +(define-record-type* <gss-configuration>
> +  gss-configuration make-gss-configuration
> +  gss-configuration?
> +  (pipefs-dir            gss-configuration-pipefs-dir
> +                         (default default-pipefs-dir))

s/dir/directory/

> +(define-record-type* <idmap-configuration>
> +  idmap-configuration make-idmap-configuration
> +  idmap-configuration?
> +  (pipefs-dir            idmap-configuration-pipefs-dir
> +                         (default default-pipefs-dir))
> +  (domain                idmap-configuration-domain
> +                           (default #f))
> +  (nfs-utils             idmap-configuration-idmap
> +                         (default nfs-utils)))
> +
> +(define idmap-service-type
> +  (shepherd-service-type
> +   'idmap
> +   (lambda (config)
> +
> +     (define nfs-utils
> +       (idmap-configuration-idmap config))
> +
> +     (define pipefs-dir
> +       (idmap-configuration-pipefs-dir config))
> +
> +     (define conf-file "/etc/guix-idmapd.conf")
> +
> +     (define idmap-command
> +       #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"
> +               "-p" #$pipefs-dir
> +               "-c" #$conf-file))
> +
> +     (define domain (idmap-configuration-domain config))
> +
> +     (shepherd-service
> +      (documentation "Start the RPC IDMAP daemon.")
> +      (requirement '(rpcbind-daemon rpc-pipefs))
> +      (provision '(idmap-daemon))
> +
> +      (start #~(lambda ()
> +                 (let ((pid (primitive-fork)))
> +                   (if (zero? pid)
> +                       (begin
> +                         (call-with-output-file #$conf-file
> +                           (lambda (port)
> +                             (format port "\n[General]\n")
> +                             (if #$domain
> +                                 (format port "Domain = ~a\n" #$domain))
> +                             (format port "\n[Mapping]\n")
> +                             (format port "Nobody-User = nobody\n")
> +                             (format port "Nobody-Group = nogroup\n")))
> +                         (exec-command #$idmap-command))
> +                       pid))))

I think the configuration file should be created elsewhere, in the
store:

  (define (idmap-config-file config)
    (plain-file "idmap.conf"
                (string-append "[General]" …)))

and then:

  (define idmap-command
    #~(list … "-c" #$(idmap-config-file config)))

  (shepherd-service
    ;; …
    (start #~(make-forkexec-constructor #$idmap-command)))

In general we should avoid populating /etc.

Could you send an updated patch?

Overall this seems to be almost ready, no?  Since this is a pretty
involved service composition, I think it would be fruitful in the future
to add a full test case in (gnu tests nfs) where we would export an NFS
tree and mount it.

Thank you!

Ludo’.
John Darrington - Sept. 30, 2016, 2:35 p.m.
On Fri, Sep 30, 2016 at 02:02:37PM +0200, Ludovic Court??s wrote:
> John Darrington <jmd@gnu.org> skribis:
> 
> > Another draft for review ...
> 
> Could you please include an iteration number in the subject line, and a
> terse summary of the changes compared to the previous iteration?
> 
> That would be greatly helpful???I???m getting lost in a maze of unrelated
> patch series and sometimes have a hard time remembering where we are and
> what it is that I???m doing here.  ;-)
> 

OK


> Please also mention the idmap things, the doc/guix.texi changes, etc.

OK


> ???The @dfn{global security system} (GSS) daemon provides ??????

OK

> 
> > +(define-record-type* <pipefs-configuration>
> > +  pipefs-configuration make-pipefs-configuration
> > +  pipefs-configuration?
> > +  (mount-point           pipefs-configuration-mount-point
> > +                         (default default-pipefs-dir)))
> 
> Seems to me we don???t even need <pipefs-configuration>; a string would be
> enough, no?

We could.  But then if somebody wanted to mount it in a non-standard
place they wouldn't be able to override that from /etc/config.scm


> Overall this seems to be almost ready, no?  Since this is a pretty
> involved service composition, I think it would be fruitful in the future
> to add a full test case in (gnu tests nfs) where we would export an NFS
> tree and mount it.

I agree.  However that will mean having to first implement the server side
NFS stuff which is a whole other can of worms....

J'

Patch

diff --git a/doc/guix.texi b/doc/guix.texi
index 808fbdc..67bf3fb 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -219,6 +219,7 @@  Services
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Network File System::         NFS related services.
 * Miscellaneous Services::      Other services.
 
 Defining Services
@@ -7587,6 +7588,7 @@  declaration.
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Network File System::         NFS related services.
 * Miscellaneous Services::      Other services.
 @end menu
 
@@ -10166,14 +10168,21 @@  directories are created when the service is activated.
 
 @end deffn
 
-@node Miscellaneous Services
-@subsubsection Miscellaneous Services
+@node Network File System 
+@subsubsection Network File System
+@cindex NFS
 
+The @code{(gnu services nfs)} module provides the following services,
+which are most commonly used in relation to mounting or exporting NFS
+file systems.
 
 @subsubheading RPC Bind Service
 @cindex rpcbind
 
-The @code{(gnu services nfs)} module provides the following:
+The RPC Bind service provides a facility to map program numbers into
+universal addresses.
+Many NFS related services use this facility.  Hence it is automatically
+started when a dependent service starts.
 
 @defvr {Scheme Variable} rpcbind-service-type
 A service type  for the RPC portmapper daemon.
@@ -10194,6 +10203,89 @@  instance.
 @end table
 @end deftp
 
+
+@subsubheading Pipefs Pseudo File System
+@cindex pipefs
+@cindex rpc_pipefs
+
+The pipefs file system is used to transfer NFS related data
+between the kernel and user space programs.
+
+@defvr {Scheme Variable} pipefs-service-type
+A service type for the pipefs pseudo file system.
+@end defvr
+
+@deftp {Data Type} pipefs-configuration
+Data type representing the configuration of the pipefs pseudo file system service.
+This type has the following parameters:
+@table @asis
+@item @code{mount-point} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory to which the file system is to be attached.
+@end table
+@end deftp
+
+
+@subsubheading GSS Daemon Service
+@cindex GSSD
+@cindex GSS
+
+The GSS daemon provides strong security for RPC based protocols.
+Before exchanging RPC requests an RPC client must establish a security
+context.  Typically this is done using the Kerberos command @command{kinit}
+or automatically at login time using PAM services.
+ 
+@defvr {Scheme Variable} gss-service-type
+A service type for the Global Security System (GSS) daemon.
+@end defvr
+
+@deftp {Data Type} gss-configuration
+Data type representing the configuration of the GSS daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.gssd} command is to be found.
+
+@item @code{pipefs-dir} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@end table
+@end deftp
+
+
+@subsubheading IDMAP Daemon Service
+@cindex idmapd
+@cindex name mapper
+
+The idmap daemon service provides mapping between user IDs and user names.
+Typically it is required in order to access file systems mounted via NFSv4.
+
+@defvr {Scheme Variable} idmap-service-type
+A service type for the Identity Mapper (IDMAP) daemon.
+@end defvr
+
+@deftp {Data Type} idmap-configuration
+Data type representing the configuration of the IDMAP daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.idmapd} command is to be found.
+
+@item @code{pipefs-dir} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@item @code{domain} (default: @code{#f})
+The local NFSv4 domain name.
+This must be a string or @code{#f}.
+If it is @code{#f} then the daemon will use the host's fully qualified domain name.
+
+@end table
+@end deftp
+
+
+@node Miscellaneous Services
+@subsubsection Miscellaneous Services
+
+
 @cindex lirc
 @subsubheading Lirc Service
 
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index 82713d8..e0905f5 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,11 +20,31 @@ 
   #:use-module (gnu)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages onc-rpc)
+  #:use-module (gnu packages linux)
   #:use-module (guix)
   #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:use-module (gnu build file-systems)
   #:export (rpcbind-service-type
             rpcbind-configuration
-            rpcbind-configuration?))
+            rpcbind-configuration?
+
+            pipefs-service-type
+            pipefs-configuration
+            pipefs-configuration?
+
+            idmap-service-type
+            idmap-configuration
+            idmap-configuration?
+
+            gss-service-type
+            gss-configuration
+            gss-configuration?))
+
+
+(define default-pipefs-dir "/var/lib/nfs/rpc_pipefs")
+
+
 
 (define-record-type* <rpcbind-configuration>
   rpcbind-configuration make-rpcbind-configuration
@@ -38,11 +58,11 @@ 
   (shepherd-service-type
    'rpcbind
    (lambda (config)
-     (define pkg
+     (define nfs-utils
        (rpcbind-configuration-rpcbind config))
 
      (define rpcbind-command
-       #~(list (string-append #$pkg "/bin/rpcbind") "-f"
+       #~(list (string-append #$nfs-utils "/bin/rpcbind") "-f"
                #$@(if (rpcbind-configuration-warm-start? config) '("-w") '())))
 
      (shepherd-service
@@ -52,3 +72,115 @@ 
 
       (start #~(make-forkexec-constructor #$rpcbind-command))
       (stop #~(make-kill-destructor))))))
+
+
+
+(define-record-type* <pipefs-configuration>
+  pipefs-configuration make-pipefs-configuration
+  pipefs-configuration?
+  (mount-point           pipefs-configuration-mount-point
+                         (default default-pipefs-dir)))
+
+(define pipefs-service-type
+  (shepherd-service-type
+   'pipefs
+   (lambda (config)
+
+     (define pipefs-dir (pipefs-configuration-mount-point config))
+
+     (shepherd-service
+        (documentation "Mount the pipefs pseudo filesystem.")
+        (provision '(rpc-pipefs))
+
+        (start #~(lambda ()
+                   (mkdir-p #$pipefs-dir)
+                   (mount "rpc_pipefs" #$pipefs-dir "rpc_pipefs")))
+        (stop #~(lambda (pid . args)
+                  (umount #$pipefs-dir MNT_DETACH)))))))
+
+
+
+(define-record-type* <gss-configuration>
+  gss-configuration make-gss-configuration
+  gss-configuration?
+  (pipefs-dir            gss-configuration-pipefs-dir
+                         (default default-pipefs-dir))
+  (nfs-utils             gss-configuration-gss
+                         (default nfs-utils)))
+
+(define gss-service-type
+  (shepherd-service-type
+   'gss
+   (lambda (config)
+     (define nfs-utils
+       (gss-configuration-gss config))
+
+     (define pipefs-dir
+       (gss-configuration-pipefs-dir config))
+
+     (define gss-command
+       #~(list (string-append #$nfs-utils "/sbin/rpc.gssd") "-f"
+               "-p" #$pipefs-dir))
+
+     (shepherd-service
+      (documentation "Start the RPC GSS daemon.")
+      (requirement '(rpcbind-daemon rpc-pipefs))
+      (provision '(gss-daemon))
+
+      (start #~(make-forkexec-constructor #$gss-command))
+      (stop #~(make-kill-destructor))))))
+
+
+
+(define-record-type* <idmap-configuration>
+  idmap-configuration make-idmap-configuration
+  idmap-configuration?
+  (pipefs-dir            idmap-configuration-pipefs-dir
+                         (default default-pipefs-dir))
+  (domain                idmap-configuration-domain
+                           (default #f))
+  (nfs-utils             idmap-configuration-idmap
+                         (default nfs-utils)))
+
+(define idmap-service-type
+  (shepherd-service-type
+   'idmap
+   (lambda (config)
+
+     (define nfs-utils
+       (idmap-configuration-idmap config))
+
+     (define pipefs-dir
+       (idmap-configuration-pipefs-dir config))
+
+     (define conf-file "/etc/guix-idmapd.conf")
+
+     (define idmap-command
+       #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"
+               "-p" #$pipefs-dir
+               "-c" #$conf-file))
+
+     (define domain (idmap-configuration-domain config))
+
+     (shepherd-service
+      (documentation "Start the RPC IDMAP daemon.")
+      (requirement '(rpcbind-daemon rpc-pipefs))
+      (provision '(idmap-daemon))
+
+      (start #~(lambda ()
+                 (let ((pid (primitive-fork)))
+                   (if (zero? pid)
+                       (begin
+                         (call-with-output-file #$conf-file
+                           (lambda (port)
+                             (format port "\n[General]\n")
+                             (if #$domain
+                                 (format port "Domain = ~a\n" #$domain))
+                             (format port "\n[Mapping]\n")
+                             (format port "Nobody-User = nobody\n")
+                             (format port "Nobody-Group = nogroup\n")))
+                         (exec-command #$idmap-command))
+                       pid))))
+
+      (stop #~(make-kill-destructor))))))
+