From: "J. Bruce Fields" <bfields@fieldses.org>
To: Stefan Walter <stefan.walter@inf.ethz.ch>
Cc: linux-kernel@vger.kernel.org, nfs@lists.sourceforge.net
Subject: Re: rpc.mountd crashes when extensively using netgroups
Date: Tue, 31 Jul 2007 10:48:24 -0400 [thread overview]
Message-ID: <20070731144824.GA15231@fieldses.org> (raw)
In-Reply-To: <46ADDFB2.9070709@inf.ethz.ch>
On Mon, Jul 30, 2007 at 02:55:14PM +0200, Stefan Walter wrote:
> There are however two issues for which we could not find an easy
> solution:
>
> 1. For every client rpc.mountd and the kernel seem to exchange
> and use lists with _all_ netgroups used in exports that are
> relevant for granting permission to some share for a particular
> client. We could imagine two optimizations here:
>
> * Resolve netgroups and only put the (member) netgroups that
> contained the host name that would be used to authorize
> a mount in the list.
>
> * Use the list of mounted paths per client and only put the
> netgroup(s) used to export paths that are actually mounted
> on a client.
>
> This also caused us severe performance problems because
> rpc.mountd queries all these netgroups. We were initially using
> a LDAP and mouting a directory took up to ten seconds
> during which rpc.mountd was busily querying the LDAP server.
> We got this down to two seconds using file based netgroups.
>
> 2. Using a fixed size for NFSCLNT_IDMAX does not scale. Mounting
> shares on a client for which the 'if' clause of the quick fix
> becomes true will not be possible. We thought about enlarging
> NFSCLNT_IDMAX and using a custom kernel but dropped the idea.
>
> Our ultimate goal is to get Red Hat fix the code in nfs-utils 1.0.6
> that is used in RHEL4. A first step would be to get a suitable fix in
> the current nfs-utils.
That's an interesting problem. Thanks for the report!
I don't believe that long comma-delimited string actually has any
meaning to the kernel--as far as the kernel is concerned, it's just an
opaque object that will be passed back to mountd later (along with a
path name) to get export options.
So I suppose that string could be replaced by a hash, or maybe even just
by the ip address of the particular host--the disadvantage to the latter
being that it would require the kernel to keep a separate export for
each client address.
--b.
next prev parent reply other threads:[~2007-07-31 14:48 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-07-30 12:55 rpc.mountd crashes when extensively using netgroups Stefan Walter
2007-07-31 13:59 ` Steve Dickson
2007-08-02 9:04 ` Stefan Walter
2007-08-03 2:40 ` Satyam Sharma
2007-08-03 14:51 ` Steve Dickson
2007-07-31 14:48 ` J. Bruce Fields [this message]
2007-08-02 15:32 ` [NFS] " Jeff Layton
2007-08-02 16:05 ` J. Bruce Fields
2007-08-02 16:28 ` Jeff Layton
2007-08-03 3:01 ` Neil Brown
2007-08-03 7:57 ` Stefan Walter
2007-08-03 16:07 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070731144824.GA15231@fieldses.org \
--to=bfields@fieldses.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nfs@lists.sourceforge.net \
--cc=stefan.walter@inf.ethz.ch \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox