Page MenuHomePhabricator
Create Task
Maniphest T126085

change nfs-exports job to only run on changes to /etc/exports.d
Closed, DeclinedPublic
Actions

Description

In doing some digging related to T124991 it seems that exportfs is in an invasive operation. While NFSv4 does not protocol wise require rpc.mountd it still uses it for auth in the sec=sys mode, and in our case with -g for manage groups which allows the server side lookup to overcome the 16 group limitations. This server side lookup has a hardcoded cache of auth in proc:

root@labstore1002:~# cat /proc/net/rpc/auth.unix.gid/content
#uid cnt: gids...
0 2: 500 0

This is meant to be kept for 30minutes, and every time we run our export job (every 5m) it wipes out this cache. We could make this better I think using

path-based activation: A unit can be started based on activity on or the availability of certain filesystem paths. This utilizes inotify.

in order to only run this when actual changes are taking place preserving the cache as much as possible.

Related Objects
Search...

Event Timeline

chasemp created this task.Feb 5 2016, 11:13 PM
chasemp raised the priority of this task from to Medium.
chasemp updated the task description. (Show Details)
chasemp added a project: SRE.
chasemp added subscribers: Aklapper, chasemp.
chasemp closed this task as Declined.Nov 16 2016, 3:50 PM

I looked at this and am of the opinion currently that while it would be a slightly cleaner nicety we are doing better on the new setup. We can reevaluate if it becomes clear we have an issue.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL