Bug 50730 - Enable/disable NFS v3 / v4 separately
Enable/disable NFS v3 / v4 separately
Status: NEW
Product: UCS
Classification: Unclassified
Component: NFS
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-01-21 12:36 CET by Valentin Heidelberger
Modified: 2020-01-24 15:54 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 3: Will affect average number of installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Valentin Heidelberger univentionstaff 2020-01-21 12:36:52 CET
It should be possible to export shares for NFS v3 / v4 separately. Currently only both options are one checkbox.
Comment 1 Philipp Hahn univentionstaff 2020-01-24 15:54:22 CET
I had a length discussion with a customer over NFS on Univention Summit 2020. Therefore here are my findings:

Quoting <man:rpc.nfsd(8)>:
> -N  or  --no-nfs-version vers
>   This option can be used to request that rpc.nfsd does not offer certain versions of NFS.  The  current  version  of
>   rpc.nfsd can support NFS versions 2,3,4 and the newer version 4.1.

There is UCRV "nfs/nfsd/nfs4" to disable NFSv4, but no equivalent to disable NFSv3.


There also is <man:rpc.mountd(8)>, which (strictly speaking) is not necessarily is not required for NFSv4:

> -N mountd-version  or  --no-nfs-version mountd-version
>   This option can be used to request that rpc.mountd do not offer certain versions of NFS.  The  current  version  of
>   rpc.mountd  can  support  both  NFS  version  2, 3 and 4. If the either one of these version should not be offered,
>   rpc.mountd must be invoked with the option --no-nfs-version <vers> .

Can be configured through "RPCMOUNTDOPTS=" in "/etc/default/nfs-kernel-server" for which currently no UCRV exists.


As NFSv4 does not require the portmapper and associated services NFSv3 can be "disabled" by not running "rpcbind.service". "nfs-mountd.service" is still required to setup the NFSv4 server (each boot), but should not be necessary afterwards. Actually it is as `rpc.mountd` is used by the Linux kernel to validate the connecting client: If the service is not running, `mount` will fail:
  # mount -v -t nfs -o vers=4,port=2049,proto=tcp,ro,sec=none xen1.knut.univention.de:/ /mnt/
  mount.nfs: timeout set for Fri Jan 24 14:56:23 2020
  mount.nfs: trying text-based options 'port=2049,proto=tcp,sec=none,vers=4,addr=192.168.0.154,clientaddr=10.200.17.34'
  mount.nfs: mount(2): Permission denied
  mount.nfs: access denied by server while mounting xen1.knut.univention.de:/

Also note that there is a dependency from `nfs-kernel-server.service` to `nfs-mountd.service` as "Required"; stopping the later will automatically stop the first and will shutdown the complete NFS service.

Just disabling
  ucr set rpcbind/autostart=no
does not work as then `rpc.nfsd` get stuck wile setting up the Linux Kernel NFS threads; it looks like it tries to contact `rpc.mountd` via `rpcbind`:
> svc: failed to register nfsdv3 RPC service (errno 110).


See <https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/storage_administration_guide/nfs-serverconfig#nfs4-only> and <https://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-rg-de-4/ch-nfs.html> and <https://serverfault.com/questions/530908/nfsv4-not-able-to-set-any-sockets-for-nfsd-without-running-rpcbind/1000259#1000259> for more infomration.