Re: rpc.mountd crashes when extensively using netgroups

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Stefan Walter <stefan.walter@inf.ethz.ch>
Cc: nfs@lists.sourceforge.net, linux-kernel@vger.kernel.org
Subject: Re: rpc.mountd crashes when extensively using netgroups
Date: Tue, 31 Jul 2007 10:48:24 -0400	[thread overview]
Message-ID: <20070731144824.GA15231@fieldses.org> (raw)
In-Reply-To: <46ADDFB2.9070709@inf.ethz.ch>

On Mon, Jul 30, 2007 at 02:55:14PM +0200, Stefan Walter wrote:
> There are however two issues for which we could not find an easy
> solution:
> 
>  1. For every client rpc.mountd and the kernel seem to exchange
>     and use lists with _all_ netgroups used in exports that are
>     relevant for granting permission to some share for a particular
>     client. We could imagine two optimizations here:
> 
>        * Resolve netgroups and only put the (member) netgroups that
>          contained the host name that would be used to authorize
>          a mount in the list.
> 
>        * Use the list of mounted paths per client and only put the
>          netgroup(s) used to export paths that are actually mounted
>          on a client. 
> 
>     This also caused us severe performance problems because
>     rpc.mountd queries all these netgroups. We were initially using
>     a LDAP and mouting a directory took up to ten seconds
>     during which rpc.mountd was busily querying the LDAP server.
>     We got this down to two seconds using file based netgroups.
>  
>  2. Using a fixed size for NFSCLNT_IDMAX does not scale. Mounting
>     shares on a client for which the 'if' clause of the quick fix
>     becomes true will not be possible. We thought about enlarging
>     NFSCLNT_IDMAX and using a custom kernel but dropped the idea. 
> 
> Our ultimate goal is to get Red Hat fix the code in nfs-utils 1.0.6
> that is used in RHEL4. A first step would be to get a suitable fix in
> the current nfs-utils. 

That's an interesting problem.  Thanks for the report!

I don't believe that long comma-delimited string actually has any
meaning to the kernel--as far as the kernel is concerned, it's just an
opaque object that will be passed back to mountd later (along with a
path name) to get export options.

So I suppose that string could be replaced by a hash, or maybe even just
by the ip address of the particular host--the disadvantage to the latter
being that it would require the kernel to keep a separate export for
each client address.

--b.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
NFS maillist  -  NFS@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs

WARNING: multiple messages have this Message-ID (diff)

From: "J. Bruce Fields" <bfields@fieldses.org>
To: Stefan Walter <stefan.walter@inf.ethz.ch>
Cc: linux-kernel@vger.kernel.org, nfs@lists.sourceforge.net
Subject: Re: rpc.mountd crashes when extensively using netgroups
Date: Tue, 31 Jul 2007 10:48:24 -0400	[thread overview]
Message-ID: <20070731144824.GA15231@fieldses.org> (raw)
In-Reply-To: <46ADDFB2.9070709@inf.ethz.ch>

On Mon, Jul 30, 2007 at 02:55:14PM +0200, Stefan Walter wrote:
> There are however two issues for which we could not find an easy
> solution:
> 
>  1. For every client rpc.mountd and the kernel seem to exchange
>     and use lists with _all_ netgroups used in exports that are
>     relevant for granting permission to some share for a particular
>     client. We could imagine two optimizations here:
> 
>        * Resolve netgroups and only put the (member) netgroups that
>          contained the host name that would be used to authorize
>          a mount in the list.
> 
>        * Use the list of mounted paths per client and only put the
>          netgroup(s) used to export paths that are actually mounted
>          on a client. 
> 
>     This also caused us severe performance problems because
>     rpc.mountd queries all these netgroups. We were initially using
>     a LDAP and mouting a directory took up to ten seconds
>     during which rpc.mountd was busily querying the LDAP server.
>     We got this down to two seconds using file based netgroups.
>  
>  2. Using a fixed size for NFSCLNT_IDMAX does not scale. Mounting
>     shares on a client for which the 'if' clause of the quick fix
>     becomes true will not be possible. We thought about enlarging
>     NFSCLNT_IDMAX and using a custom kernel but dropped the idea. 
> 
> Our ultimate goal is to get Red Hat fix the code in nfs-utils 1.0.6
> that is used in RHEL4. A first step would be to get a suitable fix in
> the current nfs-utils. 

That's an interesting problem.  Thanks for the report!

I don't believe that long comma-delimited string actually has any
meaning to the kernel--as far as the kernel is concerned, it's just an
opaque object that will be passed back to mountd later (along with a
path name) to get export options.

So I suppose that string could be replaced by a hash, or maybe even just
by the ip address of the particular host--the disadvantage to the latter
being that it would require the kernel to keep a separate export for
each client address.

--b.

next prev parent reply	other threads:[~2007-07-31 14:48 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-07-30 12:55 rpc.mountd crashes when extensively using netgroups Stefan Walter
2007-07-31 13:59 ` Steve Dickson
2007-08-02  9:04   ` Stefan Walter
2007-08-03  2:40     ` Satyam Sharma
2007-08-03 14:51       ` Steve Dickson
2007-07-31 14:48 ` J. Bruce Fields [this message]
2007-07-31 14:48   ` J. Bruce Fields
2007-07-31 14:59   ` Jeff Layton
2007-08-02  7:55     ` Stefan Walter
2007-08-02 15:32   ` Jeff Layton
2007-08-02 15:32     ` [NFS] " Jeff Layton
2007-08-02 16:05     ` J. Bruce Fields
2007-08-02 16:05       ` [NFS] " J. Bruce Fields
2007-08-02 16:28       ` Jeff Layton
2007-08-02 16:28         ` [NFS] " Jeff Layton
2007-08-03  3:01     ` Neil Brown
2007-08-03  3:01       ` [NFS] " Neil Brown
2007-08-03  7:57       ` Stefan Walter
2007-08-03  7:57         ` [NFS] " Stefan Walter
2007-08-03 15:45       ` Jeff Layton
2007-08-03 16:07       ` J. Bruce Fields
2007-08-03 16:07         ` [NFS] " J. Bruce Fields

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20070731144824.GA15231@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nfs@lists.sourceforge.net \
    --cc=stefan.walter@inf.ethz.ch \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.