diff options
Diffstat (limited to 'scripts/hostclass/nfs_server/10-nfs')
-rw-r--r-- | scripts/hostclass/nfs_server/10-nfs | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/scripts/hostclass/nfs_server/10-nfs b/scripts/hostclass/nfs_server/10-nfs new file mode 100644 index 0000000..a775859 --- /dev/null +++ b/scripts/hostclass/nfs_server/10-nfs @@ -0,0 +1,50 @@ +#!/bin/sh + +# Jails serving NFS need 'allow.nfsd' option. + +: ${nfsuserd_cache_size:='256'} +: ${nfsuserd_num_servers:='4'} +: ${nfsuserd_cache_timeout:='1'} +: ${nfsd_srvmaxio:='1048576'} + +nfs_root=/share +nfs_dataset="${state_dataset}/nfs" + +# Create ZFS dataset for NFS share. +create_dataset -o "mountpoint=${nfs_root}" "${nfs_dataset}" + +# Allow NFSv4 ACLs to propagate. +zfs set aclinherit=passthrough aclmode=passthrough "$nfs_dataset" + +# Create nfs service principal and keytab. +add_principal -nokey -x "containerdn=${services_basedn}" "nfs/${fqdn}" +ktadd -k "${keytab_dir}/host.keytab" "nfs/${fqdn}" + +if [ "$BOXCONF_VIRTUALIZATION_TYPE" != jail ]; then + set_sysctl \ + vfs.nfsd.issue_delegations=1 \ + vfs.nfsd.enable_locallocks=0 +fi + +sysrc -v \ + nfs_server_managegids=YES \ + nfsuserd_enable=YES \ + nfsuserd_flags="-usermax ${nfsuserd_cache_size} -usertimeout ${nfsuserd_cache_timeout} ${nfsuserd_num_servers}" \ + gssd_enable=YES \ + nfs_server_enable=YES \ + nfs_server_flags='-t' \ + nfs_server_maxio="$nfsd_srvmaxio" \ + nfsv4_server_only=YES \ + mountd_enable=YES \ + mountd_flags='-R -S' + +# Our krb5.conf assumes MIT Kerberos, but the gssd in base uses the base +# Heimdal kerberos, which doesnt support %{euid} expansion. So we must +# override the keytab path with an environment variable. +sysrc -v gssd_env="KRB5_KTNAME=${keytab_dir}/host.keytab" + +install_template -m 0644 /etc/exports + +for service in gssd nfsuserd mountd nfsd; do + service "$service" status || service "$service" start +done |