Print this page
8890 ipfilter and nfs/server are locked in death race

Split Close
Expand all
Collapse all
          --- old/usr/src/cmd/fs.d/nfs/svc/nfs-server
          +++ new/usr/src/cmd/fs.d/nfs/svc/nfs-server
↓ open down ↓ 24 lines elided ↑ open up ↑
  25   25  # Copyright 2015 Nexenta Systems, Inc.  All rights reserved.
  26   26  # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
  27   27  #
  28   28  
  29   29  # Start/stop processes required for server NFS
  30   30  
  31   31  . /lib/svc/share/smf_include.sh
  32   32  . /lib/svc/share/ipf_include.sh
  33   33  zone=`smf_zonename`
  34   34  
  35      -#
  36      -# Handling a corner case here. If we were in offline state due to an
  37      -# unsatisfied dependency, the ipf_method process wouldn't have generated
  38      -# the ipfilter configuration. When we transition to online because the
  39      -# dependency is satisfied, the start method will have to generate the
  40      -# ipfilter configuration. To avoid all possible deadlock scenarios,
  41      -# we restart ipfilter which will regenerate the ipfilter configuration
  42      -# for the entire system.
  43      -#
  44      -# The ipf_method process signals that it didn't generate ipf rules by
  45      -# removing the service's ipf file. Thus we only restart network/ipfilter
  46      -# when the file is missing.
  47      -#
  48      -configure_ipfilter()
  49      -{
  50      -        ipfile=`fmri_to_file $SMF_FMRI $IPF_SUFFIX`
  51      -        ip6file=`fmri_to_file $SMF_FMRI $IPF6_SUFFIX`
  52      -        [ -f "$ipfile" -a -f "$ip6file" ] && return 0
  53      -
  54      -        #
  55      -        # Nothing to do if:
  56      -        # - ipfilter isn't online 
  57      -        # - global policy is 'custom'
  58      -        # - service's policy is 'use_global'
  59      -        #
  60      -        service_check_state $IPF_FMRI $SMF_ONLINE || return 0
  61      -        [ "`get_global_def_policy`" = "custom" ] && return 0
  62      -        [ "`get_policy $SMF_FMRI`" = "use_global" ] && return 0
  63      -
  64      -        svcadm restart $IPF_FMRI
  65      -}
  66      -
  67   35  case "$1" in
  68   36  'start')
  69   37          # The NFS server is not supported in a local zone
  70   38          if smf_is_nonglobalzone; then
  71   39                  /usr/sbin/svcadm disable -t svc:/network/nfs/server
  72   40                  echo "The NFS server is not supported in a local zone"
  73   41                  sleep 5 &
  74   42                  exit $SMF_EXIT_OK
  75   43          fi
  76   44  
↓ open down ↓ 17 lines elided ↑ open up ↑
  94   62          fi
  95   63  
  96   64          /usr/lib/nfs/nfsd
  97   65          rc=$?
  98   66          if [ $rc != 0 ]; then
  99   67                  /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server
 100   68                  echo "$0: nfsd failed with $rc"
 101   69                  sleep 5 &
 102   70                  exit $SMF_EXIT_ERR_FATAL
 103   71          fi
 104      -
 105      -        configure_ipfilter
 106   72          ;;
 107   73  
 108   74  'refresh')
 109   75          /usr/sbin/sharemgr start -P nfs -a
 110   76          ;;
 111   77  
 112   78  'stop')
 113   79          /usr/bin/pkill -x -u 0,1 -z $zone '(nfsd|mountd)'
 114   80  
 115   81          # Unshare all shared file systems using NFS
↓ open down ↓ 207 lines elided ↑ open up ↑
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX