xref: /freebsd/usr.sbin/nfsd/nfsd.8 (revision 63f537551380d2dab29fa402ad1269feae17e594)
1.\" Copyright (c) 1989, 1991, 1993
2.\"	The Regents of the University of California.  All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\" 3. Neither the name of the University nor the names of its contributors
13.\"    may be used to endorse or promote products derived from this software
14.\"    without specific prior written permission.
15.\"
16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26.\" SUCH DAMAGE.
27.\"
28.\"	@(#)nfsd.8	8.4 (Berkeley) 3/29/95
29.\"
30.Dd March 22, 2023
31.Dt NFSD 8
32.Os
33.Sh NAME
34.Nm nfsd
35.Nd remote
36NFS server
37.Sh SYNOPSIS
38.Nm
39.Op Fl ardute
40.Op Fl n Ar num_servers
41.Op Fl h Ar bindip
42.Op Fl p Ar pnfs_setup
43.Op Fl m Ar mirror_level
44.Op Fl V Ar virtual_hostname
45.Op Fl Fl maxthreads Ar max_threads
46.Op Fl Fl minthreads Ar min_threads
47.Sh DESCRIPTION
48The
49.Nm
50utility runs on a server machine to service NFS requests from client machines.
51At least one
52.Nm
53must be running for a machine to operate as a server.
54.Pp
55Unless otherwise specified, eight servers per CPU for UDP transport are
56started.
57.Pp
58When
59.Nm
60is run in an appropriately configured vnet jail, the server is restricted
61to TCP transport and no pNFS service.
62Therefore, the
63.Fl t
64option must be specified and none of the
65.Fl u ,
66.Fl p
67and
68.Fl m
69options can be specified when run in a vnet jail.
70See
71.Xr jail 8
72for more information.
73.Pp
74The following options are available:
75.Bl -tag -width Ds
76.It Fl r
77Register the NFS service with
78.Xr rpcbind 8
79without creating any servers.
80This option can be used along with the
81.Fl u
82or
83.Fl t
84options to re-register NFS if the rpcbind server is restarted.
85.It Fl d
86Unregister the NFS service with
87.Xr rpcbind 8
88without creating any servers.
89.It Fl V Ar virtual_hostname
90Specifies a hostname to be used as a principal name, instead of
91the default hostname.
92.It Fl n Ar threads
93Specifies how many servers to create.
94This option is equivalent to specifying
95.Fl Fl maxthreads
96and
97.Fl Fl minthreads
98with their respective arguments to
99.Ar threads .
100.It Fl Fl maxthreads Ar threads
101Specifies the maximum servers that will be kept around to service requests.
102.It Fl Fl minthreads Ar threads
103Specifies the minimum servers that will be kept around to service requests.
104.It Fl h Ar bindip
105Specifies which IP address or hostname to bind to on the local host.
106This option is recommended when a host has multiple interfaces.
107Multiple
108.Fl h
109options may be specified.
110.It Fl a
111Specifies that nfsd should bind to the wildcard IP address.
112This is the default if no
113.Fl h
114options are given.
115It may also be specified in addition to any
116.Fl h
117options given.
118Note that NFS/UDP does not operate properly when
119bound to the wildcard IP address whether you use -a or do not use -h.
120.It Fl p Ar pnfs_setup
121Enables pNFS support in the server and specifies the information that the
122daemon needs to start it.
123This option can only be used on one server and specifies that this server
124will be the MetaData Server (MDS) for the pNFS service.
125This can only be done if there is at least one
126.Fx
127system configured
128as a Data Server (DS) for it to use.
129.Pp
130The
131.Ar pnfs_setup
132string is a set of fields separated by ',' characters:
133Each of these fields specifies one DS.
134It consists of a server hostname, followed by a ':'
135and the directory path where the DS's data storage file system is mounted on
136this MDS server.
137This can optionally be followed by a '#' and the mds_path, which is the
138directory path for an exported file system on this MDS.
139If this is specified, it means that this DS is to be used to store data
140files for this mds_path file system only.
141If this optional component does not exist, the DS will be used to store data
142files for all exported MDS file systems.
143The DS storage file systems must be mounted on this system before the
144.Nm
145is started with this option specified.
146.br
147For example:
148.sp
149nfsv4-data0:/data0,nfsv4-data1:/data1
150.sp
151would specify two DS servers called nfsv4-data0 and nfsv4-data1 that comprise
152the data storage component of the pNFS service.
153These two DSs would be used to store data files for all exported file systems
154on this MDS.
155The directories
156.Dq /data0
157and
158.Dq /data1
159are where the data storage servers exported
160storage directories are mounted on this system (which will act as the MDS).
161.br
162Whereas, for the example:
163.sp
164nfsv4-data0:/data0#/export1,nfsv4-data1:/data1#/export2
165.sp
166would specify two DSs as above, however nfsv4-data0 will be used to store
167data files for
168.Dq /export1
169and nfsv4-data1 will be used to store data files for
170.Dq /export2 .
171.sp
172When using IPv6 addresses for DSs
173be wary of using link local addresses.
174The IPv6 address for the DS is sent to the client and there is no scope
175zone in it.
176As such, a link local address may not work for a pNFS client to DS
177TCP connection.
178When parsed,
179.Nm
180will only use a link local address if it is the only address returned by
181.Xr getaddrinfo 3
182for the DS hostname.
183.It Fl m Ar mirror_level
184This option is only meaningful when used with the
185.Fl p
186option.
187It specifies the
188.Dq mirror_level ,
189which defines how many of the DSs will
190have a copy of a file's data storage file.
191The default of one implies no mirroring of data storage files on the DSs.
192The
193.Dq mirror_level
194would normally be set to 2 to enable mirroring, but
195can be as high as NFSDEV_MAXMIRRORS.
196There must be at least
197.Dq mirror_level
198DSs for each exported file system on the MDS, as specified in the
199.Fl p
200option.
201This implies that, for the above example using "#/export1" and "#/export2",
202mirroring cannot be done.
203There would need to be two DS entries for each of "#/export1" and "#/export2"
204in order to support a
205.Dq mirror_level
206of two.
207.Pp
208If mirroring is enabled, the server must use the Flexible File
209layout.
210If mirroring is not enabled, the server will use the File layout
211by default, but this default can be changed to the Flexible File layout if the
212.Xr sysctl 8
213vfs.nfsd.default_flexfile
214is set non-zero.
215.It Fl t
216Serve TCP NFS clients.
217.It Fl u
218Serve UDP NFS clients.
219.It Fl e
220Ignored; included for backward compatibility.
221.El
222.Pp
223For example,
224.Dq Li "nfsd -u -t -n 6"
225serves UDP and TCP transports using six daemons.
226.Pp
227A server should run enough daemons to handle
228the maximum level of concurrency from its clients,
229typically four to six.
230.Pp
231The
232.Nm
233utility listens for service requests at the port indicated in the
234NFS server specification; see
235.%T "Network File System Protocol Specification" ,
236RFC1094,
237.%T "NFS: Network File System Version 3 Protocol Specification" ,
238RFC1813,
239.%T "Network File System (NFS) Version 4 Protocol" ,
240RFC7530,
241.%T "Network File System (NFS) Version 4 Minor Version 1 Protocol" ,
242RFC5661,
243.%T "Network File System (NFS) Version 4 Minor Version 2 Protocol" ,
244RFC7862,
245.%T "File System Extended Attributes in NFSv4" ,
246RFC8276 and
247.%T "Parallel NFS (pNFS) Flexible File Layout" ,
248RFC8435.
249.Pp
250If
251.Nm
252detects that
253NFS is not loaded in the running kernel, it will attempt
254to load a loadable kernel module containing NFS support using
255.Xr kldload 2 .
256If this fails, or no NFS KLD is available,
257.Nm
258will exit with an error.
259.Pp
260If
261.Nm
262is to be run on a host with multiple interfaces or interface aliases, use
263of the
264.Fl h
265option is recommended.
266If you do not use the option NFS may not respond to
267UDP packets from the same IP address they were sent to.
268Use of this option
269is also recommended when securing NFS exports on a firewalling machine such
270that the NFS sockets can only be accessed by the inside interface.
271The
272.Nm ipfw
273utility
274would then be used to block NFS-related packets that come in on the outside
275interface.
276.Pp
277If the server has stopped servicing clients and has generated a console message
278like
279.Dq Li "nfsd server cache flooded..." ,
280the value for vfs.nfsd.tcphighwater needs to be increased.
281This should allow the server to again handle requests without a reboot.
282Also, you may want to consider decreasing the value for
283vfs.nfsd.tcpcachetimeo to several minutes (in seconds) instead of 12 hours
284when this occurs.
285.Pp
286Unfortunately making vfs.nfsd.tcphighwater too large can result in the mbuf
287limit being reached, as indicated by a console message
288like
289.Dq Li "kern.ipc.nmbufs limit reached" .
290If you cannot find values of the above
291.Nm sysctl
292values that work, you can disable the DRC cache for TCP by setting
293vfs.nfsd.cachetcp to 0.
294.Pp
295The
296.Nm
297utility has to be terminated with
298.Dv SIGUSR1
299and cannot be killed with
300.Dv SIGTERM
301or
302.Dv SIGQUIT .
303The
304.Nm
305utility needs to ignore these signals in order to stay alive as long
306as possible during a shutdown, otherwise loopback mounts will
307not be able to unmount.
308If you have to kill
309.Nm
310just do a
311.Dq Li "kill -USR1 <PID of master nfsd>"
312.Sh EXIT STATUS
313.Ex -std
314.Sh SEE ALSO
315.Xr nfsstat 1 ,
316.Xr kldload 2 ,
317.Xr nfssvc 2 ,
318.Xr nfsv4 4 ,
319.Xr pnfs 4 ,
320.Xr pnfsserver 4 ,
321.Xr exports 5 ,
322.Xr stablerestart 5 ,
323.Xr gssd 8 ,
324.Xr ipfw 8 ,
325.Xr jail 8 ,
326.Xr mountd 8 ,
327.Xr nfsiod 8 ,
328.Xr nfsrevoke 8 ,
329.Xr nfsuserd 8 ,
330.Xr rpcbind 8
331.Sh HISTORY
332The
333.Nm
334utility first appeared in
335.Bx 4.4 .
336.Sh BUGS
337If
338.Nm
339is started when
340.Xr gssd 8
341is not running, it will service AUTH_SYS requests only.
342To fix the problem you must kill
343.Nm
344and then restart it, after the
345.Xr gssd 8
346is running.
347.Pp
348For a Flexible File Layout pNFS server,
349if there are Linux clients doing NFSv4.1 or NFSv4.2 mounts, those
350clients might need the
351.Xr sysctl 8
352vfs.nfsd.flexlinuxhack
353to be set to one on the MDS as a workaround.
354.Pp
355Linux 5.n kernels appear to have been patched such that this
356.Xr sysctl 8
357does not need to be set.
358