In doing some digging related to T124991 it seems that `exportfs` is in an invasive operation. While NFSv4 does not protocol wise require rpc.mountd it still uses it for auth in the `sec=sys` mode, and in our case with `-g` for manage groups which allows the server side lookup to overcome the 16 group limitations. This server side lookup has a hardcoded cache of auth in proc:
root@labstore1002:~# cat /proc/net/rpc/auth.unix.gid/content
#uid cnt: gids...
0 2: 500 0
This is meant to be kept for 30minutes, and every time we run our export job (every 5m) it wipes out this cache. We could make this better I think using
`path-based activation: A unit can be started based on activity on or the availability of certain filesystem paths. This utilizes inotify.`
in order to only run this when actual changes are taking place preserving the cache as much as possible.