| 1 |
On Sat, 28 Jan 2017 15:34:01 -0500 |
| 2 |
Rich Freeman <rich0@g.o> wrote: |
| 3 |
|
| 4 |
> On Sat, Jan 28, 2017 at 2:32 PM, James Le Cuirot <chewi@g.o> wrote: |
| 5 |
> > On Sat, 28 Jan 2017 12:13:53 -0600 |
| 6 |
> > "A. Wilcox" <awilfox@×××××××××××.org> wrote: |
| 7 |
> > |
| 8 |
> >> Having a file that user.eclass would use to map new users/groups to |
| 9 |
> >> IDs would be extremely beneficial to me. I was thinking about diving |
| 10 |
> >> in to that some time later, after the GLEP 70 work I'm doing, but if |
| 11 |
> >> someone else wants to take it - please! That would greatly ease the |
| 12 |
> >> pain of not only NFS, but swapping data disks around between different / |
| 13 |
> >> . |
| 14 |
> >> |
| 15 |
> >> Consider, for example, one of my use cases for this: I have a |
| 16 |
> >> LibreSSL / that I use solely for testing ebuilds against it, and my |
| 17 |
> >> regular / with OpenSSL. I share /home and /srv between these two, but |
| 18 |
> >> the apache, nginx, and charybdis users have different UIDs between |
| 19 |
> >> them. Therefore I have to chown -R each time I test LibreSSL. |
| 20 |
> >> |
| 21 |
> >> I could use a different /home and /srv, or make two copies, but it's |
| 22 |
> >> much easier for me to test these apps having my entire normal |
| 23 |
> >> environment available to me. |
| 24 |
> > |
| 25 |
> > As mentioned in my other post, why are you not using idmapd? It's |
| 26 |
> > trivial to set up on top of NFSv4. |
| 27 |
> |
| 28 |
> As far as I can tell there is no Gentoo-specific documentation for |
| 29 |
> doing this, and from what I have read setting up NFSv4 is a PITA |
| 30 |
> (perhaps that has changed in recent years). There are also use cases |
| 31 |
> that don't involve NFS, such as containers. From the docs I have |
| 32 |
> found on idmapd there wasn't actually a lot of detail, it wasn't clear |
| 33 |
> if it "just works" without any specific configuration, perhaps it |
| 34 |
> does. |
| 35 |
|
| 36 |
The only common complaints I can recall about NFSv4 over v3 are having |
| 37 |
to export everything under a single root directory and needing to set |
| 38 |
fsid against each export for some inexplicable reason. Just bind mount |
| 39 |
everything you want to export and set a different fsid number against |
| 40 |
each export line. It's odd when you're used to v3 but really not that |
| 41 |
hard. I've been using it for years and found it to be faster and more |
| 42 |
reliable. |
| 43 |
|
| 44 |
As for idmapd, this is my entire configuration file. I don't even think |
| 45 |
the last section is necessary. Configure and start it on every node. It |
| 46 |
really does just work. |
| 47 |
|
| 48 |
[General] |
| 49 |
Domain = aura-online.co.uk |
| 50 |
|
| 51 |
[Mapping] |
| 52 |
Nobody-User = nobody |
| 53 |
Nobody-Group = nobody |
| 54 |
|
| 55 |
[Translation] |
| 56 |
Method = nsswitch |
| 57 |
|
| 58 |
> In any case, would it be that hard to set reasonable defaults? |
| 59 |
|
| 60 |
I do think this idea is a good one. I just wasn't buying the enterprise |
| 61 |
argument and was surprised that no one had even mentioned idmapd. |
| 62 |
|
| 63 |
-- |
| 64 |
James Le Cuirot (chewi) |
| 65 |
Gentoo Linux Developer |
Archives