{"id":4012,"date":"2022-12-20T17:28:41","date_gmt":"2022-12-20T20:28:41","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/nfs-systemd-man7\/"},"modified":"2022-12-20T17:28:41","modified_gmt":"2022-12-20T20:28:41","slug":"nfs-systemd-man7","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/nfs-systemd-man7\/","title":{"rendered":"NFS.SYSTEMD (man7)"},"content":{"rendered":"

NFS.SYSTEMD<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
FILES<\/a>
SEE ALSO<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

nfs.systemd \u2212 managing NFS services through systemd.<\/p>\n

SYNOPSIS <\/a> <\/h2>\n

nfs-utils.service
nfs-server.service
nfs-client.target
etc<\/i><\/p>\n

DESCRIPTION <\/a> <\/h2>\n

The nfs-utils<\/i> package provides a suite of systemd<\/i> unit files which allow the various services to be started and managed. These unit files ensure that the services are started in the correct order, and the prerequisites are active before dependant services start. As there are quite few unit files, it is not immediately obvious how best to achieve certain results. The following subsections attempt to cover the issues that are most likely to come up.<\/p>\n

Configuration<\/b>
The standard systemd unit files do not provide any easy way to pass any command line arguments to daemons so as to configure their behavior. In many case such configuration can be performed by making changes to \/etc\/nfs.conf<\/i> or other configuration files. When that is not convenient, a distribution might provide systemd “drop-in” files which replace the ExecStart=<\/b> setting to start the program with different arguments. For example a drop-in file systemd\/system\/nfs-mountd.service.d\/local.conf<\/b> containing<\/p>\n

[Service]
EnvironmentFile=\/etc\/sysconfig\/nfs
ExecStart=
ExecStart= \/usr\/sbin\/rpc.mountd $RPCMOUNTDOPTS<\/p>\n

would cause the nfs-mountd.service<\/b> unit to run the rpc.mountd<\/i> program using, for arguments, the value given for RPCMOUNTDOPTS<\/b> in \/etc\/sysconfig\/nfs<\/i>. This allows for seamless integration with existing configuration tools.<\/p>\n

Enabling unit files<\/b>
There are three unit files which are designed to be manually enabled. All others are automatically run as required. The three are:
nfs-client.target<\/b><\/p>\n

This should be enabled on any host which ever serves as an NFS client. There is little cost in transparently enabling it whenever NFS client software is installed.<\/p>\n

nfs-server.service<\/b><\/p>\n

This must be enabled to provide NFS service to clients. It starts and configures the required daemons in the required order.<\/p>\n

nfs-blkmap.service<\/b><\/p>\n

The blkmapd<\/b> daemon is only required on NFS clients which are using pNFS (parallel NFS), and particularly using the blocklayout<\/b> layout protocol. If you might use this particular extension to NFS, the nfs-blkmap.service<\/b> unit should be enabled.<\/p>\n

Several other units which might be considered to be optional, such as rpc-gssd.service<\/i> are careful to only start if the required configuration file exists. rpc-gssd.service<\/i> will not start if the krb5.keytab<\/i> file does not exist (typically in \/etc<\/i>).<\/p>\n

Restarting NFS services<\/b>
Most NFS daemons can be restarted at any time. They will reload any state that they need, and continue servicing requests. This is rarely necessary though.<\/p>\n

When configuration changesare make, it can be hard to know exactly which services need to be restarted to ensure that the configuration takes effect. The simplest approach, which is often the best, is to restart everything. To help with this, the nfs-utils.service<\/b> unit is provided. It declares appropriate dependencies with other unit files so that<\/p>\n

systemctl restart nfs-utils<\/b><\/p>\n

will restart all NFS daemons that are running. This will cause all configuration changes to take effect except<\/i> for changes to mount options lists in \/etc\/fstab<\/i> or \/etc\/nfsmount.conf<\/i>. Mount options can only be changed by unmounting and remounting filesystem. This can be a disruptive operation so it should only be done when the value justifies the cost. The command<\/p>\n

umount -a -t nfs; mount -a -t nfs<\/b><\/p>\n

should unmount and remount all NFS filesystems.<\/p>\n

Masking unwanted services<\/b>
Rarely there may be a desire to prohibit some services from running even though there are normally part of a working NFS system. This may be needed to reduce system load to an absolute minimum, or to reduce attack surface by not running daemons that are not absolutely required.<\/p>\n

Three particular services which this can apply to are rpcbind<\/i>, idmapd<\/i>, and rpc-gssd<\/i>. rpcbind<\/i> is not part of the nfs-utils<\/i> package, but it used by several NFS services. However it is not<\/b> needed when only NFSv4 is in use. If a site will never use NFSv3 (or NFSv2) and does not want rpcbind<\/i> to be running, the correct approach is to run<\/p>\n

systemctl mask rpcbind<\/b><\/p>\n

This will disable rpcbind<\/i>, and the various NFS services which depend on it (and are only needed for NFSv3) will refuse to start, without interfering with the operation of NFSv4 services. In particular, rpc.statd<\/i> will not run when rpcbind<\/i> is masked.<\/p>\n

idmapd<\/i> is only needed for NFSv4, and even then is not needed when the client and server agree to use user-ids rather than user-names to identify the owners of files. If idmapd<\/i> is not needed and not wanted, it can be masked with<\/p>\n

systemctl mask idmapd<\/b><\/p>\n

rpc-gssd<\/i> is assumed to be needed if the krb5.keytab<\/i> file is present. If a site needs this file present but does not want rpc-gssd<\/i> running, it can be masked with<\/p>\n

systemctl mask rpc-gssd<\/b><\/p>\n

FILES <\/a> <\/h2>\n

\/etc\/nfs.conf
\/etc\/nfsmount.conf
\/etc\/idmapd.conf<\/p>\n

SEE ALSO <\/a> <\/h2>\n

systemd.unit<\/b>(5), nfs.conf<\/b>(5), nfsmount.conf<\/b>(5).<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

nfs.systemd \u2212 managing NFS services through systemd. <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[971],"tags":[973,972,1100],"class_list":["post-4012","post","type-post","status-publish","format-standard","hentry","category-7-miscelanea","tag-973","tag-man7","tag-nfs"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4012"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4012\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4012"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}