From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Darrington Subject: [PATCH (3)] gnu: Add NFS related services (moved idmap.conf out of /etc, added texinfo markup to documentation, s/dir/directory) Date: Thu, 6 Oct 2016 04:08:38 +0200 Message-ID: <1475719718-3369-1-git-send-email-jmd@gnu.org> References: <87shshoasi.fsf@gnu.org> Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35922) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bry76-0006sI-Mz for guix-devel@gnu.org; Wed, 05 Oct 2016 22:08:50 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bry72-0004Pp-Cj for guix-devel@gnu.org; Wed, 05 Oct 2016 22:08:47 -0400 In-Reply-To: <87shshoasi.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org Cc: John Darrington * gnu/services/nfs.scm (pipefs-service-type): New Variable, (gss-service-type): New Variable, (idmap-service-type) New Variable. * doc/guix.texi (Network File system): New Node. --- doc/guix.texi | 100 ++++++++++++++++++++++++++++++++++++++-- gnu/services/nfs.scm | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 223 insertions(+), 4 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 9bd8b43..704868a 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -221,6 +221,7 @@ Services * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. * Web Services:: Web servers. +* Network File System:: NFS related services. * Miscellaneous Services:: Other services. Defining Services @@ -7590,6 +7591,7 @@ declaration. * Database Services:: SQL databases. * Mail Services:: IMAP, POP3, SMTP, and all that. * Web Services:: Web servers. +* Network File System:: NFS related services. * Miscellaneous Services:: Other services. @end menu @@ -10309,14 +10311,21 @@ directories are created when the service is activated. @end deffn -@node Miscellaneous Services -@subsubsection Miscellaneous Services +@node Network File System +@subsubsection Network File System +@cindex NFS +The @code{(gnu services nfs)} module provides the following services, +which are most commonly used in relation to mounting or exporting NFS +file systems. @subsubheading RPC Bind Service @cindex rpcbind -The @code{(gnu services nfs)} module provides the following: +The RPC Bind service provides a facility to map program numbers into +universal addresses. +Many NFS related services use this facility. Hence it is automatically +started when a dependent service starts. @defvr {Scheme Variable} rpcbind-service-type A service type for the RPC portmapper daemon. @@ -10337,6 +10346,91 @@ instance. @end table @end deftp + +@subsubheading Pipefs Pseudo File System +@cindex pipefs +@cindex rpc_pipefs + +The pipefs file system is used to transfer NFS related data +between the kernel and user space programs. + +@defvr {Scheme Variable} pipefs-service-type +A service type for the pipefs pseudo file system. +@end defvr + +@deftp {Data Type} pipefs-configuration +Data type representing the configuration of the pipefs pseudo file system service. +This type has the following parameters: +@table @asis +@item @code{mount-point} (default: @code{"/var/lib/nfs/rpc_pipefs"}) +The directory to which the file system is to be attached. +@end table +@end deftp + + +@subsubheading GSS Daemon Service +@cindex GSSD +@cindex GSS +@cindex global security system + +The @dfn{global security system} (GSS) daemon provides strong security for RPC +based protocols. +Before exchanging RPC requests an RPC client must establish a security +context. Typically this is done using the Kerberos command @command{kinit} +or automatically at login time using PAM services. + +@defvr {Scheme Variable} gss-service-type +A service type for the Global Security System (GSS) daemon. +@end defvr + +@deftp {Data Type} gss-configuration +Data type representing the configuration of the GSS daemon service. +This type has the following parameters: +@table @asis +@item @code{nfs-utils} (default: @code{nfs-utils}) +The package in which the @command{rpc.gssd} command is to be found. + +@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"}) +The directory where the pipefs file system is mounted. + +@end table +@end deftp + + +@subsubheading IDMAP Daemon Service +@cindex idmapd +@cindex name mapper + +The idmap daemon service provides mapping between user IDs and user names. +Typically it is required in order to access file systems mounted via NFSv4. + +@defvr {Scheme Variable} idmap-service-type +A service type for the Identity Mapper (IDMAP) daemon. +@end defvr + +@deftp {Data Type} idmap-configuration +Data type representing the configuration of the IDMAP daemon service. +This type has the following parameters: +@table @asis +@item @code{nfs-utils} (default: @code{nfs-utils}) +The package in which the @command{rpc.idmapd} command is to be found. + +@item @code{pipefs-directory} (default: @code{"/var/lib/nfs/rpc_pipefs"}) +The directory where the pipefs file system is mounted. + +@item @code{domain} (default: @code{#f}) +The local NFSv4 domain name. +This must be a string or @code{#f}. +If it is @code{#f} then the daemon will use the host's fully qualified domain name. + +@end table +@end deftp + + +@node Miscellaneous Services +@subsubsection Miscellaneous Services + + @cindex lirc @subsubheading Lirc Service diff --git a/gnu/services/nfs.scm b/gnu/services/nfs.scm index b1e1f53..94982d7 100644 --- a/gnu/services/nfs.scm +++ b/gnu/services/nfs.scm @@ -20,11 +20,31 @@ #:use-module (gnu) #:use-module (gnu services shepherd) #:use-module (gnu packages onc-rpc) + #:use-module (gnu packages linux) #:use-module (guix) #:use-module (guix records) + #:use-module (ice-9 match) + #:use-module (gnu build file-systems) #:export (rpcbind-service-type rpcbind-configuration - rpcbind-configuration?)) + rpcbind-configuration? + + pipefs-service-type + pipefs-configuration + pipefs-configuration? + + idmap-service-type + idmap-configuration + idmap-configuration? + + gss-service-type + gss-configuration + gss-configuration?)) + + +(define default-pipefs-directory "/var/lib/nfs/rpc_pipefs") + + (define-record-type* rpcbind-configuration make-rpcbind-configuration @@ -52,3 +72,108 @@ (start #~(make-forkexec-constructor #$rpcbind-command)) (stop #~(make-kill-destructor)))))) + + + +(define-record-type* + pipefs-configuration make-pipefs-configuration + pipefs-configuration? + (mount-point pipefs-configuration-mount-point + (default default-pipefs-directory))) + +(define pipefs-service-type + (shepherd-service-type + 'pipefs + (lambda (config) + + (define pipefs-directory (pipefs-configuration-mount-point config)) + + (shepherd-service + (documentation "Mount the pipefs pseudo filesystem.") + (provision '(rpc-pipefs)) + + (start #~(lambda () + (mkdir-p #$pipefs-directory) + (mount "rpc_pipefs" #$pipefs-directory "rpc_pipefs"))) + (stop #~(lambda (pid . args) + (umount #$pipefs-directory MNT_DETACH))))))) + + + +(define-record-type* + gss-configuration make-gss-configuration + gss-configuration? + (pipefs-directory gss-configuration-pipefs-directory + (default default-pipefs-directory)) + (nfs-utils gss-configuration-gss + (default nfs-utils))) + +(define gss-service-type + (shepherd-service-type + 'gss + (lambda (config) + (define nfs-utils + (gss-configuration-gss config)) + + (define pipefs-directory + (gss-configuration-pipefs-directory config)) + + (define gss-command + #~(list (string-append #$nfs-utils "/sbin/rpc.gssd") "-f" + "-p" #$pipefs-directory)) + + (shepherd-service + (documentation "Start the RPC GSS daemon.") + (requirement '(rpcbind-daemon rpc-pipefs)) + (provision '(gss-daemon)) + + (start #~(make-forkexec-constructor #$gss-command)) + (stop #~(make-kill-destructor)))))) + + + +(define-record-type* + idmap-configuration make-idmap-configuration + idmap-configuration? + (pipefs-directory idmap-configuration-pipefs-directory + (default default-pipefs-directory)) + (domain idmap-configuration-domain + (default #f)) + (nfs-utils idmap-configuration-idmap + (default nfs-utils))) + +(define idmap-service-type + (shepherd-service-type + 'idmap + (lambda (config) + + (define nfs-utils + (idmap-configuration-idmap config)) + + (define pipefs-directory + (idmap-configuration-pipefs-directory config)) + + (define domain (idmap-configuration-domain config)) + + (define (idmap-config-file config) + (plain-file "idmapd.conf" + (string-append + "\n[General]\n" + (if domain + (format #f "Domain = ~a\n" domain)) + "\n[Mapping]\n" + "Nobody-User = nobody\n" + "Nobody-Group = nogroup\n"))) + + (define idmap-command + #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f" + "-p" #$pipefs-directory + "-c" #$(idmap-config-file config))) + + (shepherd-service + (documentation "Start the RPC IDMAP daemon.") + (requirement '(rpcbind-daemon rpc-pipefs)) + (provision '(idmap-daemon)) + (start #~(make-forkexec-constructor #$idmap-command)) + (stop #~(make-kill-destructor)))))) + -- 2.1.4