From: ludo@gnu.org (Ludovic Courtès)
To: John Darrington <jmd@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: [PATCH] gnu: Add NFS related services.
Date: Fri, 30 Sep 2016 14:02:37 +0200 [thread overview]
Message-ID: <87shshoasi.fsf@gnu.org> (raw)
In-Reply-To: <1474791717-1839-1-git-send-email-jmd@gnu.org> (John Darrington's message of "Sun, 25 Sep 2016 10:21:57 +0200")
John Darrington <jmd@gnu.org> skribis:
> Another draft for review ...
Could you please include an iteration number in the subject line, and a
terse summary of the changes compared to the previous iteration?
That would be greatly helpful—I’m getting lost in a maze of unrelated
patch series and sometimes have a hard time remembering where we are and
what it is that I’m doing here. ;-)
>
>
>
>
> * gnu/services/nfs.scm (pipefs-service-type): New Variable,
> (gss-service-type): New Variable, (idmap-service-type) New Variable.
> ---
> doc/guix.texi | 98 ++++++++++++++++++++++++++++++++++--
> gnu/services/nfs.scm | 138 +++++++++++++++++++++++++++++++++++++++++++++++++--
> 2 files changed, 230 insertions(+), 6 deletions(-)
Please also mention the idmap things, the doc/guix.texi changes, etc.
> +@subsubheading GSS Daemon Service
> +@cindex GSSD
> +@cindex GSS
> +
> +The GSS daemon provides strong security for RPC based protocols.
“The @dfn{global security system} (GSS) daemon provides …”
>
> (define-record-type* <rpcbind-configuration>
> rpcbind-configuration make-rpcbind-configuration
> @@ -38,11 +58,11 @@
> (shepherd-service-type
> 'rpcbind
> (lambda (config)
> - (define pkg
> + (define nfs-utils
> (rpcbind-configuration-rpcbind config))
>
> (define rpcbind-command
> - #~(list (string-append #$pkg "/bin/rpcbind") "-f"
> + #~(list (string-append #$nfs-utils "/bin/rpcbind") "-f"
Should have been part of a previous patch I guess, but that’s fine.
> +(define-record-type* <pipefs-configuration>
> + pipefs-configuration make-pipefs-configuration
> + pipefs-configuration?
> + (mount-point pipefs-configuration-mount-point
> + (default default-pipefs-dir)))
Seems to me we don’t even need <pipefs-configuration>; a string would be
enough, no?
> +(define-record-type* <gss-configuration>
> + gss-configuration make-gss-configuration
> + gss-configuration?
> + (pipefs-dir gss-configuration-pipefs-dir
> + (default default-pipefs-dir))
s/dir/directory/
> +(define-record-type* <idmap-configuration>
> + idmap-configuration make-idmap-configuration
> + idmap-configuration?
> + (pipefs-dir idmap-configuration-pipefs-dir
> + (default default-pipefs-dir))
> + (domain idmap-configuration-domain
> + (default #f))
> + (nfs-utils idmap-configuration-idmap
> + (default nfs-utils)))
> +
> +(define idmap-service-type
> + (shepherd-service-type
> + 'idmap
> + (lambda (config)
> +
> + (define nfs-utils
> + (idmap-configuration-idmap config))
> +
> + (define pipefs-dir
> + (idmap-configuration-pipefs-dir config))
> +
> + (define conf-file "/etc/guix-idmapd.conf")
> +
> + (define idmap-command
> + #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"
> + "-p" #$pipefs-dir
> + "-c" #$conf-file))
> +
> + (define domain (idmap-configuration-domain config))
> +
> + (shepherd-service
> + (documentation "Start the RPC IDMAP daemon.")
> + (requirement '(rpcbind-daemon rpc-pipefs))
> + (provision '(idmap-daemon))
> +
> + (start #~(lambda ()
> + (let ((pid (primitive-fork)))
> + (if (zero? pid)
> + (begin
> + (call-with-output-file #$conf-file
> + (lambda (port)
> + (format port "\n[General]\n")
> + (if #$domain
> + (format port "Domain = ~a\n" #$domain))
> + (format port "\n[Mapping]\n")
> + (format port "Nobody-User = nobody\n")
> + (format port "Nobody-Group = nogroup\n")))
> + (exec-command #$idmap-command))
> + pid))))
I think the configuration file should be created elsewhere, in the
store:
(define (idmap-config-file config)
(plain-file "idmap.conf"
(string-append "[General]" …)))
and then:
(define idmap-command
#~(list … "-c" #$(idmap-config-file config)))
(shepherd-service
;; …
(start #~(make-forkexec-constructor #$idmap-command)))
In general we should avoid populating /etc.
Could you send an updated patch?
Overall this seems to be almost ready, no? Since this is a pretty
involved service composition, I think it would be fruitful in the future
to add a full test case in (gnu tests nfs) where we would export an NFS
tree and mount it.
Thank you!
Ludo’.
next prev parent reply other threads:[~2016-09-30 12:02 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-09-10 19:18 [PATCH 1/2] doc: "Various Services" -> "Miscellaneous Services" John Darrington
2016-09-10 19:18 ` [PATCH 2/2] gnu: Add GSSD and Pipefs services John Darrington
2016-09-13 11:45 ` Ludovic Courtès
2016-09-13 13:53 ` [PATCH 2/2] gnu: Add GSSD and Pipefs services (Usage of @var) John Darrington
2016-09-14 14:42 ` Ludovic Courtès
2016-09-21 18:29 ` John Darrington
2016-09-24 3:03 ` Ludovic Courtès
2016-09-15 5:06 ` "filesystem" vs. "file system" John Darrington
2016-09-15 20:27 ` Ludovic Courtès
2016-09-25 8:21 ` [PATCH] gnu: Add NFS related services John Darrington
2016-09-30 12:02 ` Ludovic Courtès [this message]
2016-09-30 14:35 ` John Darrington
2016-10-06 2:08 ` [PATCH (3)] gnu: Add NFS related services (moved idmap.conf out of /etc, added texinfo markup to documentation, s/dir/directory) John Darrington
2016-10-06 19:49 ` Ludovic Courtès
2016-10-08 10:19 ` John Darrington
2016-10-09 5:47 ` John Darrington
2016-10-11 6:37 ` [PATCH (4)] gnu: Add NFS related services. (minor improvements to documentation; Added test to ensure that pipefs mount/umount succeeded() John Darrington
2016-10-11 20:30 ` Ludovic Courtès
2016-09-13 11:28 ` [PATCH 1/2] doc: "Various Services" -> "Miscellaneous Services" Ludovic Courtès
2016-09-13 12:18 ` John Darrington
2016-09-13 12:31 ` Alex Sassmannshausen
2016-09-13 17:10 ` Leo Famulari
2016-09-13 17:42 ` John Darrington
2016-09-13 17:53 ` Leo Famulari
2016-09-13 21:57 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87shshoasi.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=guix-devel@gnu.org \
--cc=jmd@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).