From: Carsten Aulbert <carsten.aulbert-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: linux-nfs@vger.kernel.org,
Henning Fehrmann
<henning.fehrmann-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>,
Steffen Grunewald
<steffen.grunewald-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
Subject: Re: Massive NFS problems on large cluster with large number of mounts
Date: Wed, 16 Jul 2008 11:49:51 +0200 [thread overview]
Message-ID: <487DC43F.8040408@aei.mpg.de> (raw)
In-Reply-To: <1215032676.7087.30.camel@localhost>
Hi Trond et al.
I'm following up on this discussion because we hit another problem:
Trond Myklebust wrote:
>
> Alternatively, just change the values of /proc/sys/sunrpc/min_resvport
> and /proc/sys/sunrpc/max_resvport to whatever range of ports you
> actually want to use.
This works like a charm, however, if you set these values before
restarting the nfs-kernel-server then you are in deep trouble, since
when nfsd wants to start it needs to register with the portmapper, right?
But what happens if this requests comes from a high^Wunpriviliged port?
Right:
Jul 16 11:46:43 d23 portmap[8216]: connect from 127.0.0.1 to set(nfs):
request from unprivileged port
Jul 16 11:46:43 d23 nfsd[8214]: nfssvc: writting fds to kernel failed:
errno 13 (Permission denied)
Jul 16 11:46:44 d23 kernel: [ 8437.726223] NFSD: Using
/var/lib/nfs/v4recovery as the NFSv4 state recovery directory
Jul 16 11:46:44 d23 kernel: [ 8437.800607] NFSD: starting 90-second
grace period
Jul 16 11:46:44 d23 kernel: [ 8437.842891] nfsd: last server has exited
Jul 16 11:46:44 d23 kernel: [ 8437.879940] nfsd: unexporting all filesystems
Jul 16 11:46:44 d23 nfsd[8214]: nfssvc: Address already in use
Changing /proc/sys/sunrpc/max_resvport to 1023 again resolves this
issue, however defeats the purpose for the initial problem. I still need
to look into the code for hte portmapper, but is it easily possible that
the portmapper would accept nfsd requests from "insecure" ports also?
Since e are (mostly) in a controlled environment that should not pose a
problem.
Anyone with an idea?
Thanks a lot
Carsten
next prev parent reply other threads:[~2008-07-16 9:49 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-01 8:19 Massive NFS problems on large cluster with large number of mounts Carsten Aulbert
[not found] ` <4869E8AB.4060905-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
2008-07-01 18:22 ` J. Bruce Fields
2008-07-01 18:26 ` J. Bruce Fields
2008-07-02 14:00 ` Carsten Aulbert
[not found] ` <486B89F5.9000109-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
2008-07-02 20:31 ` J. Bruce Fields
2008-07-02 21:04 ` Trond Myklebust
2008-07-02 21:08 ` J. Bruce Fields
2008-07-03 5:31 ` Carsten Aulbert
[not found] ` <486C642B.3020100-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
2008-07-03 12:35 ` Carsten Aulbert
2008-07-16 9:49 ` Carsten Aulbert [this message]
[not found] ` <487DC43F.8040408-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
2008-07-16 19:06 ` J. Bruce Fields
2008-07-17 5:53 ` Carsten Aulbert
[not found] ` <487EDE57.4070100-l1a6w7hxd2yELgA04lAiVw@public.gmane.org>
2008-07-17 14:27 ` J. Bruce Fields
2008-07-17 14:47 ` Chuck Lever
[not found] ` <76bd70e30807170747r31af3280icf0bd3fdbde17bac-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-17 14:48 ` J. Bruce Fields
2008-07-17 15:11 ` Chuck Lever
[not found] ` <76bd70e30807170811s78175c0ep3a52da7c0ef95fc6-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-28 20:55 ` Chuck Lever
[not found] ` <76bd70e30807281355t4890a9b2q6960d79552538f60-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-29 11:32 ` Jeff Layton
[not found] ` <20080729073203.546a4269-RtJpwOs3+0O+kQycOl6kW4xkIHaj4LzF@public.gmane.org>
2008-07-29 17:43 ` Mike Mackovitch
2008-07-30 17:53 ` J. Bruce Fields
2008-07-30 19:33 ` Chuck Lever
[not found] ` <76bd70e30807301233t73f92775tbdeb3f8efbb34a4f-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-07-30 22:01 ` Chuck Lever
[not found] ` <76bd70e30807301501p5c0ba3c6i38fee02a1e606e31-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-08-15 20:34 ` Chuck Lever
[not found] ` <76bd70e30808151334i19822280j67a08b92b17582ba-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2008-08-15 20:47 ` Trond Myklebust
2008-08-15 21:04 ` Trond Myklebust
2008-08-15 21:39 ` Chuck Lever
2008-07-30 22:13 ` J. Bruce Fields
2008-07-31 16:35 ` Chuck Lever
2008-07-17 15:35 ` Trond Myklebust
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=487DC43F.8040408@aei.mpg.de \
--to=carsten.aulbert-l1a6w7hxd2yelga04laivw@public.gmane.org \
--cc=henning.fehrmann-l1a6w7hxd2yELgA04lAiVw@public.gmane.org \
--cc=linux-nfs@vger.kernel.org \
--cc=steffen.grunewald-l1a6w7hxd2yELgA04lAiVw@public.gmane.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.