oracular (7) nfs.systemd.7.gz

Provided by: nfs-common_2.6.4-4ubuntu1_amd64 bug

NAME

       nfs.systemd - managing NFS services through systemd.

SYNOPSIS

       nfs-utils.service
       nfs-server.service
       nfs-client.target
       etc

DESCRIPTION

       The  nfs-utils  package  provides  a  suite  of systemd unit files which allow the various
       services to be started and managed.  These unit files ensure that the services are started
       in  the  correct  order, and the prerequisites are active before dependant services start.
       As there are quite  few unit files, it is not immediately  obvious  how  best  to  achieve
       certain  results.   The  following  subsections  attempt to cover the issues that are most
       likely to come up.

   Configuration
       The standard systemd unit files do not provide any easy  way  to  pass  any  command  line
       arguments  to  daemons so as to configure their behavior.  In many case such configuration
       can be performed by making changes to /etc/nfs.conf or other  configuration  files.   When
       that is not convenient, a distribution might provide systemd "drop-in" files which replace
       the ExecStart= setting to start the program with different arguments.  For example a drop-
       in file systemd/system/nfs-mountd.service.d/local.conf containing
              [Service]
              EnvironmentFile=/etc/sysconfig/nfs
              ExecStart=
              ExecStart= /usr/sbin/rpc.mountd $RPCMOUNTDOPTS
       would  cause  the  nfs-mountd.service  unit  to  run  the  rpc.mountd  program  using, for
       arguments, the value given for  RPCMOUNTDOPTS  in  /etc/sysconfig/nfs.   This  allows  for
       seamless integration with existing configuration tools.

   Enabling unit files
       There  are  three  unit  files  which are designed to be manually enabled.  All others are
       automatically run as required.  The three are:

       nfs-client.target
              This should be enabled on any host which ever serves as an NFS  client.   There  is
              little cost in transparently enabling it whenever NFS client software is installed.

       nfs-server.service
              This  must  be enabled to provide NFS service to clients.  It starts and configures
              the required daemons in the required order.

       nfs-blkmap.service
              The blkmapd daemon is only required on NFS clients which are using  pNFS  (parallel
              NFS),  and  particularly  using  the blocklayout layout protocol.  If you might use
              this particular extension to NFS, the nfs-blkmap.service unit should be enabled.

       Several other units which might be considered to be optional, such as rpc-gssd.service are
       careful  to  only  start if the required configuration file exists.  rpc-gssd.service will
       not start if the krb5.keytab file does not exist (typically in /etc).

   Restarting NFS services
       Most NFS daemons can be restarted at any time.  They will reload any state that they need,
       and continue servicing requests.  This is rarely necessary though.

       When  configuration changesare make, it can be hard to know exactly which services need to
       be restarted to ensure that the configuration takes effect.  The simplest approach,  which
       is  often  the  best,  is to restart everything.  To help with this, the nfs-utils.service
       unit is provided.  It declares appropriate dependencies with other unit files so that
              systemctl restart nfs-utils
       will restart all NFS daemons that are running.  This will cause all configuration  changes
       to   take   effect   except   for   changes  to  mount  options  lists  in  /etc/fstab  or
       /etc/nfsmount.conf.  Mount options can  only  be  changed  by  unmounting  and  remounting
       filesystem.   This  can be a disruptive operation so it should only be done when the value
       justifies the cost.  The command
              umount -a -t nfs; mount -a -t nfs
       should unmount and remount all NFS filesystems.

   Masking unwanted services
       Rarely there may be a desire to prohibit some services from running even though there  are
       normally  part  of  a  working NFS system.  This may be needed to reduce system load to an
       absolute minimum, or to reduce  attack  surface  by  not  running  daemons  that  are  not
       absolutely required.

       Three  particular  services  which  this  can  apply to are rpcbind, idmapd, and rpc-gssd.
       rpcbind is not part of the nfs-utils  package,  but  it  used  by  several  NFS  services.
       However  it  is  not needed when only NFSv4 is in use.  If a site will never use NFSv3 (or
       NFSv2) and does not want rpcbind to be running, the correct approach is to run
              systemctl mask rpcbind
       This will disable rpcbind, and the various NFS services which depend on it (and  are  only
       needed  for  NFSv3)  will refuse to start, without interfering with the operation of NFSv4
       services.  In particular, rpc.statd will not run when rpcbind is masked.

       idmapd is only needed for NFSv4, and even then is not needed when the  client  and  server
       agree  to  use user-ids rather than user-names to identify the owners of files.  If idmapd
       is not needed and not wanted, it can be masked with
              systemctl mask idmapd
       rpc-gssd is assumed to be needed if the krb5.keytab file is present.  If a site needs this
       file present but does not want rpc-gssd running, it can be masked with
              systemctl mask rpc-gssd

FILES

       /etc/nfs.conf
       /etc/nfsmount.conf
       /etc/idmapd.conf

SEE ALSO

       systemd.unit(5), nfs.conf(5), nfsmount.conf(5).

                                                                                   NFS.SYSTEMD(7)