Page MenuHomePhabricator

change nfs-exports job to only run on changes to /etc/exports.d
Closed, DeclinedPublic

Description

In doing some digging related to T124991 it seems that exportfs is in an invasive operation. While NFSv4 does not protocol wise require rpc.mountd it still uses it for auth in the sec=sys mode, and in our case with -g for manage groups which allows the server side lookup to overcome the 16 group limitations. This server side lookup has a hardcoded cache of auth in proc:

root@labstore1002:~# cat /proc/net/rpc/auth.unix.gid/content
#uid cnt: gids...
0 2: 500 0

This is meant to be kept for 30minutes, and every time we run our export job (every 5m) it wipes out this cache. We could make this better I think using

path-based activation: A unit can be started based on activity on or the availability of certain filesystem paths. This utilizes inotify.

in order to only run this when actual changes are taking place preserving the cache as much as possible.

Event Timeline

chasemp created this task.Feb 5 2016, 11:13 PM
chasemp raised the priority of this task from to Normal.
chasemp updated the task description. (Show Details)
chasemp added a project: Operations.
chasemp added subscribers: Aklapper, chasemp.
chasemp closed this task as Declined.Nov 16 2016, 3:50 PM

I looked at this and am of the opinion currently that while it would be a slightly cleaner nicety we are doing better on the new setup. We can reevaluate if it becomes clear we have an issue.