guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: Add NFS related services.

From: Ludovic Courtès
Subject: Re: [PATCH] gnu: Add NFS related services.
Date: Fri, 30 Sep 2016 14:02:37 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) 
John Darrington <address@hidden> skribis:

> Another draft for review ...

Could you please include an iteration number in the subject line, and a
terse summary of the changes compared to the previous iteration?

That would be greatly helpful—I’m getting lost in a maze of unrelated
patch series and sometimes have a hard time remembering where we are and
what it is that I’m doing here.  ;-)

>
>
>
>
> * gnu/services/nfs.scm (pipefs-service-type): New Variable,
> (gss-service-type): New Variable, (idmap-service-type) New Variable.
> ---
>  doc/guix.texi        |  98 ++++++++++++++++++++++++++++++++++--
>  gnu/services/nfs.scm | 138 
> +++++++++++++++++++++++++++++++++++++++++++++++++--
>  2 files changed, 230 insertions(+), 6 deletions(-)

Please also mention the idmap things, the doc/guix.texi changes, etc.

> address@hidden GSS Daemon Service
> address@hidden GSSD
> address@hidden GSS
> +
> +The GSS daemon provides strong security for RPC based protocols.

“The @dfn{global security system} (GSS) daemon provides …”

>  
>  (define-record-type* <rpcbind-configuration>
>    rpcbind-configuration make-rpcbind-configuration
> @@ -38,11 +58,11 @@
>    (shepherd-service-type
>     'rpcbind
>     (lambda (config)
> -     (define pkg
> +     (define nfs-utils
>         (rpcbind-configuration-rpcbind config))
>  
>       (define rpcbind-command
> -       #~(list (string-append #$pkg "/bin/rpcbind") "-f"
> +       #~(list (string-append #$nfs-utils "/bin/rpcbind") "-f"

Should have been part of a previous patch I guess, but that’s fine.

> +(define-record-type* <pipefs-configuration>
> +  pipefs-configuration make-pipefs-configuration
> +  pipefs-configuration?
> +  (mount-point           pipefs-configuration-mount-point
> +                         (default default-pipefs-dir)))

Seems to me we don’t even need <pipefs-configuration>; a string would be
enough, no?

> +(define-record-type* <gss-configuration>
> +  gss-configuration make-gss-configuration
> +  gss-configuration?
> +  (pipefs-dir            gss-configuration-pipefs-dir
> +                         (default default-pipefs-dir))

s/dir/directory/

> +(define-record-type* <idmap-configuration>
> +  idmap-configuration make-idmap-configuration
> +  idmap-configuration?
> +  (pipefs-dir            idmap-configuration-pipefs-dir
> +                         (default default-pipefs-dir))
> +  (domain                idmap-configuration-domain
> +                           (default #f))
> +  (nfs-utils             idmap-configuration-idmap
> +                         (default nfs-utils)))
> +
> +(define idmap-service-type
> +  (shepherd-service-type
> +   'idmap
> +   (lambda (config)
> +
> +     (define nfs-utils
> +       (idmap-configuration-idmap config))
> +
> +     (define pipefs-dir
> +       (idmap-configuration-pipefs-dir config))
> +
> +     (define conf-file "/etc/guix-idmapd.conf")
> +
> +     (define idmap-command
> +       #~(list (string-append #$nfs-utils "/sbin/rpc.idmapd") "-f"
> +               "-p" #$pipefs-dir
> +               "-c" #$conf-file))
> +
> +     (define domain (idmap-configuration-domain config))
> +
> +     (shepherd-service
> +      (documentation "Start the RPC IDMAP daemon.")
> +      (requirement '(rpcbind-daemon rpc-pipefs))
> +      (provision '(idmap-daemon))
> +
> +      (start #~(lambda ()
> +                 (let ((pid (primitive-fork)))
> +                   (if (zero? pid)
> +                       (begin
> +                         (call-with-output-file #$conf-file
> +                           (lambda (port)
> +                             (format port "\n[General]\n")
> +                             (if #$domain
> +                                 (format port "Domain = ~a\n" #$domain))
> +                             (format port "\n[Mapping]\n")
> +                             (format port "Nobody-User = nobody\n")
> +                             (format port "Nobody-Group = nogroup\n")))
> +                         (exec-command #$idmap-command))
> +                       pid))))

I think the configuration file should be created elsewhere, in the
store:

  (define (idmap-config-file config)
    (plain-file "idmap.conf"
                (string-append "[General]" …)))

and then:

  (define idmap-command
    #~(list … "-c" #$(idmap-config-file config)))

  (shepherd-service
    ;; …
    (start #~(make-forkexec-constructor #$idmap-command)))

In general we should avoid populating /etc.

Could you send an updated patch?

Overall this seems to be almost ready, no?  Since this is a pretty
involved service composition, I think it would be fruitful in the future
to add a full test case in (gnu tests nfs) where we would export an NFS
tree and mount it.

Thank you!

Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]