Open clhedrick opened 3 years ago
previous comment was wrong.
sharenfs is pretty broken, its probably worth storing your own custom config and parsing it into an /etc/exports file.
ex: multiple host settings doesn't work as expected, https://github.com/openzfs/zfs/pull/9066
It works just fine as long as you know how it works. We get into these discussions every time, and they go down a rathole. The feature exists. It's useful. The man page should document what it actually does. We shouldn't need ideological discussions to fix it.
I have at least one situation where this is the easiest way to do things, and others where we may need to move a pool to a different host and want the shares to move too. I can't imagine a situation where we'd need anything other than sec= to be different for different hosts.
I can imagine many would want to be able to set "no_root_squash" for some clients and "root_squash" for others, like the example in #9066:
zfs set sharenfs="rw=@host1,root_squash,rw=@host2,no_root_squash" pool1/d1
If this is possible on Linux, maybe someone can point me in the right direction? (tried with 0.7.13 and 2.0.1, has always worked on Solaris, different syntax though, not sure about FreeBSD?)
no. they scan the whole sharenfs string, saving most options globally and the sec= option for each host. root_squash is stored globally. I can see situations where you might want to be host-specific, though I don't think we have one or are likely to. It's a pretty simple change to make additional options to be treated like sec=.
Could such change for root_squash, or in general for other options, please be added when it is just a simple change? While root_squash in general is fine, we need no_root_squash on a NIS server where root creates users incl. home directories on the NFS shares, as an example. Any chance that will happen in a next version?
We've now also run into the issue of modern unsupported options for NFS such as "pnfs" for v4.2 parallel nfs.
zfs set sharenfs='ro=@hostpattern*,async,pnfs' data
cannot set property for 'data': 'sharenfs' cannot be set to invalid options
We ended up not using sharenfs, but /etc/exports.d. I like sharenfs conceptually, but we found that service was interrupted for a substantial amount of time when making a change, while "exportfs -r" is nearly immediate. I still think it should be documented correctly.
From: Gabriel A. Devenyi @.> Sent: Tuesday, February 1, 2022 1:25 PM To: openzfs/zfs @.> Cc: Charles Hedrick @.>; Author @.> Subject: Re: [openzfs/zfs] sharenfs documentation (#11159)
We've now also run into the issue of modern unsupported options for NFS such as "pnfs" for v4.2 parallel nfs.
zfs set @.****,async,pnfs' data cannot set property for 'data': 'sharenfs' cannot be set to invalid options
— Reply to this email directly, view it on GitHubhttps://github.com/openzfs/zfs/issues/11159#issuecomment-1027153543, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAORUCFV5U63EBJ5A42JAYDUZAQQRANCNFSM4TLWOJWQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you authored the thread.Message ID: @.***>
The security_label
option also seems to be unsupported.
I see: 'sharenfs' cannot be set to invalid options
on zfs 2.1.7
@ykuksenko #3860 mentioned this.
They follow the options from Solaris. Here is a more recent page than the one he linked.
They follow the options from Solaris. Here is a more recent page than the one he linked.
The referenced document points to Solaris 11.2 and to the share command which is independent from ZFS and its sharing properties. This is entirely misleading. If there is any similarity between Solaris ZFS and OpenZFS than you need to refer to Solaris 10. The actual syntax and the names of ZFS properties has significantly changed in Solaris 11. And then OpenZFS diverts also significantly from Solaris 10. In particular, the root option is not supported. And you just need one '@' for netgroups in Solaris, not two. The current OpenZFS documentation points in zfsprops(7) to exportfs(8) which in turn refers to exports(5) where you could use constructs like “@trusted(rw,no_root_squash)” which would be equivalent to Solaris 10 “root=@trusted”. But neither is supported by OpenZFS.
System information
Type | Version/Name --- |master Distribution Name | ubuntu Distribution Version | 20.3 Linux Kernel | 5.4.0-42-generic Architecture |Intel 64 ZFS Version | 0.8.3-1ubuntu12.1 SPL Version | modinfo spl | grep -iw version
Describe the problem you're observing
Despite many reports, documentation on sharenfs still doesn't describe what it does.
Describe how to reproduce the problem
man zfs
Include any warning/errors/backtraces from the system logs
Here's what I suggest: The sharenfs property can be "on", "off" or a list of options. "on" is equivalent to "rw,crossmnt". Options other than ro, rw, and sec are accumulated into a single list, which is used for all exports. That means there is no way to use different options with different hosts or groups of hosts, other than "ro", "rw", and "sec." Most options are used as is with the Linux exportfs command. "ro" or "ro=hostlist" generates a readonly export. Without a hostlist (i.e. "ro" alone) the export goes to all hosts. Similarly, "rw" or "rw=hostlist" generates a readwrite export. The export include all options that appear in the property, except "sec", "rw" and "ro", plus the most recent version of sec appearing before the "ro" or "rw". If no "sec" option has appeared, "sec=sys" is used. hostlist may be a single hostspec or a list separated by colons. Each hostspec can be as in /etc/exports, i.e. hostname(s), IP addresses or ranges, netgroups. A leading @ in the hostspec is skipped, for compatibility with Solaris IP ranges. Thus a netgroup must be specified as @@netgroup. Because of the use of : as a separator, there is no reliable way to specify an IPV6 range.