1 |
On Sat, 28 Jan 2017 15:34:01 -0500 |
2 |
Rich Freeman <rich0@g.o> wrote: |
3 |
|
4 |
> On Sat, Jan 28, 2017 at 2:32 PM, James Le Cuirot <chewi@g.o> wrote: |
5 |
> > On Sat, 28 Jan 2017 12:13:53 -0600 |
6 |
> > "A. Wilcox" <awilfox@×××××××××××.org> wrote: |
7 |
> > |
8 |
> >> Having a file that user.eclass would use to map new users/groups to |
9 |
> >> IDs would be extremely beneficial to me. I was thinking about diving |
10 |
> >> in to that some time later, after the GLEP 70 work I'm doing, but if |
11 |
> >> someone else wants to take it - please! That would greatly ease the |
12 |
> >> pain of not only NFS, but swapping data disks around between different / |
13 |
> >> . |
14 |
> >> |
15 |
> >> Consider, for example, one of my use cases for this: I have a |
16 |
> >> LibreSSL / that I use solely for testing ebuilds against it, and my |
17 |
> >> regular / with OpenSSL. I share /home and /srv between these two, but |
18 |
> >> the apache, nginx, and charybdis users have different UIDs between |
19 |
> >> them. Therefore I have to chown -R each time I test LibreSSL. |
20 |
> >> |
21 |
> >> I could use a different /home and /srv, or make two copies, but it's |
22 |
> >> much easier for me to test these apps having my entire normal |
23 |
> >> environment available to me. |
24 |
> > |
25 |
> > As mentioned in my other post, why are you not using idmapd? It's |
26 |
> > trivial to set up on top of NFSv4. |
27 |
> |
28 |
> As far as I can tell there is no Gentoo-specific documentation for |
29 |
> doing this, and from what I have read setting up NFSv4 is a PITA |
30 |
> (perhaps that has changed in recent years). There are also use cases |
31 |
> that don't involve NFS, such as containers. From the docs I have |
32 |
> found on idmapd there wasn't actually a lot of detail, it wasn't clear |
33 |
> if it "just works" without any specific configuration, perhaps it |
34 |
> does. |
35 |
|
36 |
The only common complaints I can recall about NFSv4 over v3 are having |
37 |
to export everything under a single root directory and needing to set |
38 |
fsid against each export for some inexplicable reason. Just bind mount |
39 |
everything you want to export and set a different fsid number against |
40 |
each export line. It's odd when you're used to v3 but really not that |
41 |
hard. I've been using it for years and found it to be faster and more |
42 |
reliable. |
43 |
|
44 |
As for idmapd, this is my entire configuration file. I don't even think |
45 |
the last section is necessary. Configure and start it on every node. It |
46 |
really does just work. |
47 |
|
48 |
[General] |
49 |
Domain = aura-online.co.uk |
50 |
|
51 |
[Mapping] |
52 |
Nobody-User = nobody |
53 |
Nobody-Group = nobody |
54 |
|
55 |
[Translation] |
56 |
Method = nsswitch |
57 |
|
58 |
> In any case, would it be that hard to set reasonable defaults? |
59 |
|
60 |
I do think this idea is a good one. I just wasn't buying the enterprise |
61 |
argument and was surprised that no one had even mentioned idmapd. |
62 |
|
63 |
-- |
64 |
James Le Cuirot (chewi) |
65 |
Gentoo Linux Developer |