Skip to content

Instantly share code, notes, and snippets.

@tsmetana

tsmetana/Feature:-NFS-server.md

Last active September 7, 2015 16:18
Show Gist options
  • Save tsmetana/1aec90f36a816803f0a0 to your computer and use it in GitHub Desktop.
Save tsmetana/1aec90f36a816803f0a0 to your computer and use it in GitHub Desktop.
Download ZIP
Cockpit NFS support proposal
Raw
Feature:-NFS-server.md

Allow basic NFS exports configuration and monitoring.

Notes

Stories

Robert maintains his home computer network.

Every member of the household owns some digital device that lets them access content on the home LAN and there is a shared laptop and tablet that all the family members use. Robert and his wife also use a desktop machine to edit photos and maintain the shared content. They also own two multimedia players connected to TV and audio receivers. All the shared files are stored on a small Fedora server in the basement. The LAN DHCP server is configured to assing the same IP address to each of the known devices.

Robert wants to be able to allow all the multimedia playback capable devices to access the content via NFS but prevent them from changing the files. He wants to be able to edit the content from the desktop and laptop machines only.

Joseph works in a small civil engineering office and takes care of the local file server.

There's six engineers in the office. Each of them has different specializations and often work on different projects. They run CAD software on Red Hat Linux 6 workstations. They all need to have access to technical documentation stored on the office file server. They all store their work on the file server too since it is set up to perform daily back-ups to special archivation media. Joseph is one of the engineers. He is able to take care of the basic computer maintenance but he can't spend too much time on it. When a new project is contracted he creates a workspace on the file server for it and exports it over NFS for the engineers who work on it. Once the project is finalized the export is turned to read-only to be still accessible but immutable. The projects older than certain date are being unexported and removed from the file server to live only on the backup media.

Workflows

Robert:

  • Opens the NFS configuration page
  • Adds the shares of the multimedia directories: read-only for the gizmos, read-write for the desktop and laptop machines
  • Adds the read-write shares for work directories for the desktop and laptop machines
  • When something does not work he can take a look at the status page to see the required export is active

Joseph:

  • Opens the NFS configuration page
  • Creates a read-only expot of the technical documents for everyone
  • Creates a NFS export for writing for the root of the projects directory for his desktop so he could manage the files (creating new projects, removing the old ones)
  • Creates a project export for writing for the particular engineer's machines
  • Changes the finished project's export to read-only for everyone in the internal network
  • Removes the exports of old projects

Implementation Notes and Technical Limitations

  • The UI should enable setting of the client, path and some basic options only (ro/rw, root_squash)
  • UID mappings out of scope
  • Authentization and NFS security setup is out of scope, the D-Bus API is guarded by a policy
  • Use Augeas for the exports file format parsing (and share its limitations)
  • The NFS export is uniquely identified by the allowed client and exported path

D-Bus API

A NFS server manager object providing the following methods

  • Create a new export
  • Re-export (exportfs -r)
  • Export everything that is not yet exported (exportfs -a)
  • Re-scan method to force reloading the configuration and state

An object representing the NFS export providing

  • Set of NFS properties (client, path, ro, rw, root_squash, etc...)
  • A method for unexporting the export (exportfs -u <client>:<path>)
  • A method for removing the export configuration (deleting corresponding line from the /etc/exports)
  • A method for saving the export configuration

Issues and questions

  • How to properly distinguish between state and configuration without turning the API into DMTF-like monster?
  • Should we fiddle with /etc/idmapd.conf?
  • What to do with /etc/exports.d/?

Wireframes

TODO

Implementation steps

D-Bus API

  1. Basic API with the manager object active NFS exports
  2. Implment the API for the /etc/exports editing
  3. Implement relevant files monitoring and automatic re-scanning/reloading

Prior art

Links to screenshots or documentation of other places this problem has been solved.

  • FreeNAS?

Feedback

Please give feedback on the above! This is the place where those not working on the feature can provide insight, questions, limitations, notes etc.

@andreasn
Copy link

andreasn commented Sep 7, 2015

Stories looks really good!
I'll try to dig up some prior art.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment