diff mbox

[(3)] gnu: Add NFS related services (moved idmap.conf out of /etc, added texinfo markup to documentation, s/dir/directory)

Message ID 1475719718-3369-1-git-send-email-jmd@gnu.org
State New
Headers show

Commit Message

John Darrington Oct. 6, 2016, 2:08 a.m. UTC
* gnu/services/nfs.scm (pipefs-service-type): New Variable,
(gss-service-type): New Variable, (idmap-service-type) New Variable.

* doc/guix.texi (Network File system): New Node.
---
 doc/guix.texi        | 100 ++++++++++++++++++++++++++++++++++++++--
 gnu/services/nfs.scm | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 223 insertions(+), 4 deletions(-)

Comments

Ludovic Courtès Oct. 6, 2016, 7:49 p.m. UTC | #1
Hi!

John Darrington <jmd@gnu.org> skribis:

> * gnu/services/nfs.scm (pipefs-service-type): New Variable,
> (gss-service-type): New Variable, (idmap-service-type) New Variable.
>
> * doc/guix.texi (Network File system): New Node.

Minor issues, and a suggestion for the pipefs service:

> +The @code{(gnu services nfs)} module provides the following services,
> +which are most commonly used in relation to mounting or exporting NFS
> +file systems.

Rather something like:
“mounting or exporting directory trees as @dfn{network file systems} (NFS).”

>  @subsubheading RPC Bind Service
>  @cindex rpcbind
>  
> -The @code{(gnu services nfs)} module provides the following:
> +The RPC Bind service provides a facility to map program numbers into

s/program numbers/ONC@tie{}RPC program numbers/

> +universal addresses.

“IP addresses”?

+ “ (RPC stands for @dfn{remote procedure call})”

> +     (shepherd-service
> +        (documentation "Mount the pipefs pseudo filesystem.")
          ^
Extra space.

> +        (provision '(rpc-pipefs))
> +
> +        (start #~(lambda ()
> +                   (mkdir-p #$pipefs-directory)
> +                   (mount "rpc_pipefs" #$pipefs-directory "rpc_pipefs")))
> +        (stop #~(lambda (pid . args)
> +                  (umount #$pipefs-directory MNT_DETACH)))))))

There’s the problem that ‘start’ must return a truth value (to tell the
Shepherd that the service was correctly “started”), so it’s better to
add an explicit #t at the end; conversely, ‘stop’ must return #f to
denote a successful stop.

However, as mentioned at
<https://lists.gnu.org/archive/html/guix-devel/2016-09/msg01096.html>, I
think it would be best to achieve this by extending
‘file-system-service-type’.

Could you try that?  If it works, I don’t have any further comments.

> +     (define idmap-command
> +       #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"

                  #$(file-append nfs-utils "/sbin/rpc.idmapd")

> +     (shepherd-service
> +      (documentation "Start the RPC IDMAP daemon.")
        ^
Missing space this time.  :-)

Thank you!

Ludo’.
John Darrington Oct. 8, 2016, 10:19 a.m. UTC | #2
On Thu, Oct 06, 2016 at 09:49:36PM +0200, Ludovic Court??s wrote:
     
     However, as mentioned at
     <https://lists.gnu.org/archive/html/guix-devel/2016-09/msg01096.html>, I
     think it would be best to achieve this by extending
     ???file-system-service-type???.
     
     Could you try that?  If it works, I don???t have any further comments.
     

I did try it when you first mentioned it.  However I couldn't work out how
to make the other services then depend upon the so configured file-system.
I will have another look and see if I can see how it should work.

J'
John Darrington Oct. 9, 2016, 5:47 a.m. UTC | #3
On Thu, Oct 06, 2016 at 09:49:36PM +0200, Ludovic Court??s wrote:
     Hi!
     
     > +The RPC Bind service provides a facility to map program numbers into
     
     s/program numbers/ONC@tie{}RPC program numbers/
     
     > +universal addresses.
     
     ???IP addresses????

No.  These are not IP addresses.  Here the term "address" it used in a very 
general sense.  (in most uses the "addresses" are in fact program names - 
but they could be anything).
     
     + ??? (RPC stands for @dfn{remote procedure call})???
     
     > +     (shepherd-service
     > +      (documentation "Start the RPC IDMAP daemon.")
             ^
     Missing space this time.  :-)
     
Somebody needs to send a patch to emacs if this is important.

J'
diff mbox

Patch

diff --git a/doc/guix.texi b/doc/guix.texi
index 9bd8b43..704868a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -221,6 +221,7 @@  Services
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Network File System::         NFS related services.
 * Miscellaneous Services::      Other services.
 
 Defining Services
@@ -7590,6 +7591,7 @@  declaration.
 * Database Services::           SQL databases.
 * Mail Services::               IMAP, POP3, SMTP, and all that.
 * Web Services::                Web servers.
+* Network File System::         NFS related services.
 * Miscellaneous Services::      Other services.
 @end menu
 
@@ -10309,14 +10311,21 @@  directories are created when the service is activated.
 
 @end deffn
 
-@node Miscellaneous Services
-@subsubsection Miscellaneous Services
+@node Network File System
+@subsubsection Network File System
+@cindex NFS
 
+The @code{(gnu services nfs)} module provides the following services,
+which are most commonly used in relation to mounting or exporting NFS
+file systems.
 
 @subsubheading RPC Bind Service
 @cindex rpcbind
 
-The @code{(gnu services nfs)} module provides the following:
+The RPC Bind service provides a facility to map program numbers into
+universal addresses.
+Many NFS related services use this facility.  Hence it is automatically
+started when a dependent service starts.
 
 @defvr {Scheme Variable} rpcbind-service-type
 A service type  for the RPC portmapper daemon.
@@ -10337,6 +10346,91 @@  instance.
 @end table
 @end deftp
 
+
+@subsubheading Pipefs Pseudo File System
+@cindex pipefs
+@cindex rpc_pipefs
+
+The pipefs file system is used to transfer NFS related data
+between the kernel and user space programs.
+
+@defvr {Scheme Variable} pipefs-service-type
+A service type for the pipefs pseudo file system.
+@end defvr
+
+@deftp {Data Type} pipefs-configuration
+Data type representing the configuration of the pipefs pseudo file system service.
+This type has the following parameters:
+@table @asis
+@item @code{mount-point} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory to which the file system is to be attached.
+@end table
+@end deftp
+
+
+@subsubheading GSS Daemon Service
+@cindex GSSD
+@cindex GSS
+@cindex global security system
+
+The @dfn{global security system} (GSS) daemon provides strong security for RPC
+based protocols.
+Before exchanging RPC requests an RPC client must establish a security
+context.  Typically this is done using the Kerberos command @command{kinit}
+or automatically at login time using PAM services.
+
+@defvr {Scheme Variable} gss-service-type
+A service type for the Global Security System (GSS) daemon.
+@end defvr
+
+@deftp {Data Type} gss-configuration
+Data type representing the configuration of the GSS daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.gssd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@end table
+@end deftp
+
+
+@subsubheading IDMAP Daemon Service
+@cindex idmapd
+@cindex name mapper
+
+The idmap daemon service provides mapping between user IDs and user names.
+Typically it is required in order to access file systems mounted via NFSv4.
+
+@defvr {Scheme Variable} idmap-service-type
+A service type for the Identity Mapper (IDMAP) daemon.
+@end defvr
+
+@deftp {Data Type} idmap-configuration
+Data type representing the configuration of the IDMAP daemon service.
+This type has the following parameters:
+@table @asis
+@item @code{nfs-utils} (default: @code{nfs-utils})
+The package in which the @command{rpc.idmapd} command is to be found.
+
+@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"})
+The directory where the pipefs file system is mounted.
+
+@item @code{domain} (default: @code{#f})
+The local NFSv4 domain name.
+This must be a string or @code{#f}.
+If it is @code{#f} then the daemon will use the host's fully qualified domain name.
+
+@end table
+@end deftp
+
+
+@node Miscellaneous Services
+@subsubsection Miscellaneous Services
+
+
 @cindex lirc
 @subsubheading Lirc Service
 
diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm
index b1e1f53..94982d7 100644
--- a/gnu/services/nfs.scm
+++ b/gnu/services/nfs.scm
@@ -20,11 +20,31 @@ 
   #:use-module (gnu)
   #:use-module (gnu services shepherd)
   #:use-module (gnu packages onc-rpc)
+  #:use-module (gnu packages linux)
   #:use-module (guix)
   #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:use-module (gnu build file-systems)
   #:export (rpcbind-service-type
             rpcbind-configuration
-            rpcbind-configuration?))
+            rpcbind-configuration?
+
+            pipefs-service-type
+            pipefs-configuration
+            pipefs-configuration?
+
+            idmap-service-type
+            idmap-configuration
+            idmap-configuration?
+
+            gss-service-type
+            gss-configuration
+            gss-configuration?))
+
+
+(define default-pipefs-directory "/var/lib/nfs/rpc_pipefs")
+
+
 
 (define-record-type* <rpcbind-configuration>
   rpcbind-configuration make-rpcbind-configuration
@@ -52,3 +72,108 @@ 
 
       (start #~(make-forkexec-constructor #$rpcbind-command))
       (stop #~(make-kill-destructor))))))
+
+
+
+(define-record-type* <pipefs-configuration>
+  pipefs-configuration make-pipefs-configuration
+  pipefs-configuration?
+  (mount-point           pipefs-configuration-mount-point
+                         (default default-pipefs-directory)))
+
+(define pipefs-service-type
+  (shepherd-service-type
+   'pipefs
+   (lambda (config)
+
+     (define pipefs-directory (pipefs-configuration-mount-point config))
+
+     (shepherd-service
+        (documentation "Mount the pipefs pseudo filesystem.")
+        (provision '(rpc-pipefs))
+
+        (start #~(lambda ()
+                   (mkdir-p #$pipefs-directory)
+                   (mount "rpc_pipefs" #$pipefs-directory "rpc_pipefs")))
+        (stop #~(lambda (pid . args)
+                  (umount #$pipefs-directory MNT_DETACH)))))))
+
+
+
+(define-record-type* <gss-configuration>
+  gss-configuration make-gss-configuration
+  gss-configuration?
+  (pipefs-directory            gss-configuration-pipefs-directory
+                         (default default-pipefs-directory))
+  (nfs-utils             gss-configuration-gss
+                         (default nfs-utils)))
+
+(define gss-service-type
+  (shepherd-service-type
+   'gss
+   (lambda (config)
+     (define nfs-utils
+       (gss-configuration-gss config))
+
+     (define pipefs-directory
+       (gss-configuration-pipefs-directory config))
+
+     (define gss-command
+       #~(list (string-append #$nfs-utils "/sbin/rpc.gssd") "-f"
+               "-p" #$pipefs-directory))
+
+     (shepherd-service
+      (documentation "Start the RPC GSS daemon.")
+      (requirement '(rpcbind-daemon rpc-pipefs))
+      (provision '(gss-daemon))
+
+      (start #~(make-forkexec-constructor #$gss-command))
+      (stop #~(make-kill-destructor))))))
+
+
+
+(define-record-type* <idmap-configuration>
+  idmap-configuration make-idmap-configuration
+  idmap-configuration?
+  (pipefs-directory            idmap-configuration-pipefs-directory
+                         (default default-pipefs-directory))
+  (domain                idmap-configuration-domain
+                           (default #f))
+  (nfs-utils             idmap-configuration-idmap
+                         (default nfs-utils)))
+
+(define idmap-service-type
+  (shepherd-service-type
+   'idmap
+   (lambda (config)
+
+     (define nfs-utils
+       (idmap-configuration-idmap config))
+
+     (define pipefs-directory
+       (idmap-configuration-pipefs-directory config))
+
+     (define domain (idmap-configuration-domain config))
+
+     (define (idmap-config-file config)
+       (plain-file "idmapd.conf"
+                   (string-append
+                    "\n[General]\n"
+                    (if domain
+                        (format #f "Domain = ~a\n" domain))
+                    "\n[Mapping]\n"
+                    "Nobody-User = nobody\n"
+                    "Nobody-Group = nogroup\n")))
+
+     (define idmap-command
+       #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"
+               "-p" #$pipefs-directory
+               "-c" #$(idmap-config-file config)))
+
+     (shepherd-service
+      (documentation "Start the RPC IDMAP daemon.")
+      (requirement '(rpcbind-daemon rpc-pipefs))
+      (provision '(idmap-daemon))
+      (start #~(make-forkexec-constructor #$idmap-command))
+      (stop #~(make-kill-destructor))))))
+