Cross Reference: /illumos-gate/usr/src/cmd/fs.d/nfs/svc/nfs-server

	nfs-server revision 4191ce11b7a4c9ac19d88acf17d30fd50a4464b0
1276N/A#!/sbin/sh
1276N/A#
1276N/A# CDDL HEADER START
1276N/A#
1276N/A# The contents of this file are subject to the terms of the
1276N/A# Common Development and Distribution License (the "License").
1276N/A# You may not use this file except in compliance with the License.
1276N/A#
1276N/A# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
1276N/A# or http://www.opensolaris.org/os/licensing.
1276N/A# See the License for the specific language governing permissions
1276N/A# and limitations under the License.
1276N/A#
1276N/A# When distributing Covered Code, include this CDDL HEADER in each
1276N/A# file and include the License file at usr/src/OPENSOLARIS.LICENSE.
1276N/A# If applicable, add the following below this CDDL HEADER, with the
1276N/A# fields enclosed by brackets "[]" replaced with your own identifying
1276N/A# information: Portions Copyright [yyyy] [name of copyright owner]
1276N/A#
1276N/A# CDDL HEADER END
1276N/A#
1276N/A#
1276N/A# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
1276N/A# Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
1276N/A#
1276N/A
1276N/A# Start/stop processes required for server NFS
1276N/A
1276N/A. /lib/svc/share/smf_include.sh
1276N/A. /lib/svc/share/ipf_include.sh
1276N/Azone=`smf_zonename`
1276N/A
1276N/A#
1276N/A# Handling a corner case here. If we were in offline state due to an
1276N/A# unsatisfied dependency, the ipf_method process wouldn't have generated
1276N/A# the ipfilter configuration. When we transition to online because the
1276N/A# dependency is satisfied, the start method will have to generate the
1276N/A# ipfilter configuration. To avoid all possible deadlock scenarios,
1276N/A# we restart ipfilter which will regenerate the ipfilter configuration
1276N/A# for the entire system.
1276N/A#
1276N/A# The ipf_method process signals that it didn't generate ipf rules by
1276N/A# removing the service's ipf file. Thus we only restart network/ipfilter
1276N/A# when the file is missing.
1276N/A#
1276N/Aconfigure_ipfilter()
1276N/A{
1276N/A    ipfile=`fmri_to_file $SMF_FMRI $IPF_SUFFIX`
1276N/A    [ -f "$ipfile" ] && return 0
1276N/A
1276N/A        #
1276N/A    # Nothing to do if:
1276N/A        # - ipfilter isn't online
1276N/A    # - global policy is 'custom'
1276N/A    # - service's policy is 'use_global'
1276N/A        #
1276N/A        service_check_state $IPF_FMRI $SMF_ONLINE || return 0
1276N/A        [ "`get_global_def_policy`" = "custom" ] && return 0
1276N/A    [ "`get_policy $SMF_FMRI`" = "use_global" ] && return 0
1276N/A
1276N/A    svcadm restart $IPF_FMRI
1276N/A}
1276N/A
1276N/Acase "$1" in
1276N/A'start')
1276N/A    # The NFS server is not supported in a local zone
1276N/A    if smf_is_nonglobalzone; then
1276N/A        /usr/sbin/svcadm disable -t svc:/network/nfs/server
1276N/A        echo "The NFS server is not supported in a local zone"
1276N/A        sleep 5 &
1276N/A        exit $SMF_EXIT_OK
1276N/A    fi
1276N/A
1276N/A    # Share all file systems enabled for sharing. sharemgr understands
1276N/A    # regular shares and ZFS shares and will handle both. Technically,
1276N/A    # the shares would have been started long before getting here since
1276N/A    # nfsd has a dependency on them.
1276N/A
1276N/A    startnfsd=0
1276N/A
1276N/A    # restart stopped shares from the repository
1276N/A    /usr/sbin/sharemgr start -P nfs -a
1276N/A
1276N/A    # Start up mountd and nfsd if anything is exported.
1276N/A
1276N/A    if /usr/bin/grep -s nfs /etc/dfs/sharetab >/dev/null; then
1276N/A        startnfsd=1
1276N/A    fi
1276N/A
1276N/A    # If auto-enable behavior is disabled, always start nfsd
1276N/A
1276N/A    if [ `svcprop -p application/auto_enable nfs/server` = "false" ]; then
1276N/A        startnfsd=1
1276N/A    fi
1276N/A
1276N/A    # Options for nfsd are now set in SMF
1276N/A    if [ $startnfsd -ne 0 ]; then
1276N/A        /usr/lib/nfs/mountd
1276N/A        rc=$?
1276N/A        if [ $rc != 0 ]; then
1276N/A            /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server
1276N/A            echo "$0: mountd failed with $rc"
1276N/A            sleep 5 &
1276N/A            exit $SMF_EXIT_ERR_FATAL
1276N/A        fi
1276N/A
1276N/A        /usr/lib/nfs/nfsd
1276N/A        rc=$?
1276N/A        if [ $rc != 0 ]; then
1276N/A            /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server
1276N/A            echo "$0: nfsd failed with $rc"
1276N/A            sleep 5 &
1276N/A            exit $SMF_EXIT_ERR_FATAL
1276N/A        fi
1276N/A
1276N/A        configure_ipfilter
1276N/A    else
1276N/A        /usr/sbin/svcadm disable -t svc:/network/nfs/server
1276N/A        echo "No NFS filesystems are shared"
1276N/A        sleep 5 &
1276N/A    fi
1276N/A
1276N/A    ;;
1276N/A
1276N/A'refresh')
1276N/A    /usr/sbin/sharemgr start -P nfs -a
1276N/A    ;;
1276N/A
1276N/A'stop')
1276N/A    /usr/bin/pkill -x -u 0,1 -z $zone '(nfsd|mountd)'
1276N/A
1276N/A    # Unshare all shared file systems using NFS
1276N/A
1276N/A    /usr/sbin/sharemgr stop -P nfs -a
1276N/A
1276N/A    # Kill any processes left in service contract
1276N/A    smf_kill_contract $2 TERM 1
1276N/A    [ $? -ne 0 ] && exit 1
1276N/A    ;;
1276N/A
1276N/A'ipfilter')
1276N/A    #
1276N/A    # NFS related services are RPC. nfs/server has nfsd which has
1276N/A    # well-defined port number but mountd is an RPC daemon.
1276N/A    #
1276N/A    # Essentially, we generate rules for the following "services"
1276N/A    #  - nfs/server which has nfsd and mountd
1276N/A    #  - nfs/rquota
1276N/A    #
1276N/A    # The following services are enabled for both nfs client and
1276N/A    # server so we'll treat them as client services and simply
1276N/A    # allow incoming traffic.
1276N/A    #  - nfs/status
1276N/A    #  - nfs/nlockmgr
1276N/A    #  - nfs/cbd
1276N/A    #
1276N/A    NFS_FMRI="svc:/network/nfs/server:default"
1276N/A    RQUOTA_FMRI="svc:/network/nfs/rquota:default"
1276N/A    FMRI=$2
1276N/A
1276N/A    file=`fmri_to_file $FMRI $IPF_SUFFIX`
1276N/A    echo "# $FMRI" >$file
1276N/A    policy=`get_policy $NFS_FMRI`
1276N/A    ip="any"
1276N/A
1276N/A    #
1276N/A    # nfs/server configuration is processed in the start method.
1276N/A    #
1276N/A    if [ "$FMRI" = "$NFS_FMRI" ]; then
1276N/A        service_check_state $FMRI $SMF_ONLINE
1276N/A        if [ $? -ne 0 ]; then
1276N/A            rm  $file
1276N/A            exit $SMF_EXIT_OK
1276N/A        fi
1276N/A
1276N/A        nfs_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI 2>/dev/null`
1276N/A        tport=`$SERVINFO -p -t -s $nfs_name 2>/dev/null`
1276N/A        if [ -n "$tport" ]; then
1276N/A            generate_rules $FMRI $policy "tcp" $ip $tport $file
1276N/A        fi
1276N/A
1276N/A        uport=`$SERVINFO -p -u -s $nfs_name 2>/dev/null`
1276N/A        if [ -n "$uport" ]; then
1276N/A            generate_rules $FMRI $policy "udp" $ip $uport $file
1276N/A        fi
1276N/A
1276N/A        tports=`$SERVINFO -R -p -t -s "mountd" 2>/dev/null`
1276N/A        if [ -n "$tports" ]; then
1276N/A            for tport in $tports; do
1276N/A                generate_rules $FMRI $policy "tcp" $ip \
1276N/A                    $tport $file
1276N/A            done
1276N/A        fi
1276N/A
1276N/A        uports=`$SERVINFO -R -p -u -s "mountd" 2>/dev/null`
1276N/A        if [ -n "$uports" ]; then
1276N/A            for uport in $uports; do
1276N/A                generate_rules $FMRI $policy "udp" $ip \
1276N/A                    $uport $file
1276N/A            done
1276N/A        fi
1276N/A
1276N/A    elif [ "$FMRI" = "$RQUOTA_FMRI" ]; then
1276N/A        iana_name=`svcprop -p inetd/name $FMRI`
1276N/A
1276N/A        tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
1276N/A        if [ -n "$tports" ]; then
1276N/A            for tport in $tports; do
1276N/A                generate_rules $NFS_FMRI $policy "tcp" \
1276N/A                    $ip $tport $file
1276N/A            done
1276N/A        fi
1276N/A
1276N/A        uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
1276N/A        if [ -n "$uports" ]; then
1276N/A            for uport in $uports; do
1276N/A                generate_rules $NFS_FMRI $policy "udp" \
1276N/A                    $ip $uport $file
1276N/A            done
1276N/A        fi
1276N/A    else
1276N/A        #
1276N/A        # Handle the client services here
1276N/A        #
1276N/A        restarter=`svcprop -p general/restarter $FMRI 2>/dev/null`
1276N/A        if [ "$restarter" = "$INETDFMRI" ]; then
1276N/A            iana_name=`svcprop -p inetd/name $FMRI`
1276N/A            isrpc=`svcprop -p inetd/isrpc $FMRI`
1276N/A        else
1276N/A            iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI`
1276N/A            isrpc=`svcprop -p $FW_CONTEXT_PG/isrpc $FMRI`
1276N/A        fi
1276N/A
1276N/A        if [ "$isrpc" = "true" ]; then
1276N/A            tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null`
1276N/A            uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null`
1276N/A        else
1276N/A            tports=`$SERVINFO -p -t -s $iana_name 2>/dev/null`
1276N/A            uports=`$SERVINFO -p -u -s $iana_name 2>/dev/null`
1276N/A        fi
1276N/A
1276N/A        if [ -n "$tports" ]; then
1276N/A            for tport in $tports; do
1276N/A                echo "pass in log quick proto tcp from any" \
1276N/A                    "to any port = ${tport} flags S " \
1276N/A                    "keep state" >>${file}
1276N/A            done
1276N/A        fi
1276N/A
1276N/A        if [ -n "$uports" ]; then
1276N/A            for uport in $uports; do
1276N/A                echo "pass in log quick proto udp from any" \
1276N/A                    "to any port = ${uport}" >>${file}
1276N/A            done
1276N/A        fi
1276N/A    fi
1276N/A
1276N/A    ;;
1276N/A
1276N/A*)
1276N/A    echo "Usage: $0 { start | stop | refresh }"
1276N/A    exit 1
1276N/A    ;;
1276N/Aesac
1276N/Aexit $SMF_EXIT_OK
1276N/A