17c478bd9Sstevel@tonic-gate#!/sbin/sh 27c478bd9Sstevel@tonic-gate# 37c478bd9Sstevel@tonic-gate# CDDL HEADER START 47c478bd9Sstevel@tonic-gate# 57c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 66927f468Sdp# Common Development and Distribution License (the "License"). 76927f468Sdp# You may not use this file except in compliance with the License. 87c478bd9Sstevel@tonic-gate# 97c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate# and limitations under the License. 137c478bd9Sstevel@tonic-gate# 147c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate# 207c478bd9Sstevel@tonic-gate# CDDL HEADER END 217c478bd9Sstevel@tonic-gate# 22*50b14205SMarcel Telka 237c478bd9Sstevel@tonic-gate# 24*50b14205SMarcel Telka# Copyright 2015 Nexenta Systems, Inc. All rights reserved. 25dd51520eSPavan Mettu - Oracle Corporation - Menlo Park United States# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 267c478bd9Sstevel@tonic-gate# 277c478bd9Sstevel@tonic-gate 287c478bd9Sstevel@tonic-gate# Start/stop processes required for server NFS 297c478bd9Sstevel@tonic-gate 307c478bd9Sstevel@tonic-gate. /lib/svc/share/smf_include.sh 31eb1a3463STruong Nguyen. /lib/svc/share/ipf_include.sh 326927f468Sdpzone=`smf_zonename` 337c478bd9Sstevel@tonic-gate 34eb1a3463STruong Nguyen# 35eb1a3463STruong Nguyen# Handling a corner case here. If we were in offline state due to an 36eb1a3463STruong Nguyen# unsatisfied dependency, the ipf_method process wouldn't have generated 37eb1a3463STruong Nguyen# the ipfilter configuration. When we transition to online because the 38eb1a3463STruong Nguyen# dependency is satisfied, the start method will have to generate the 39eb1a3463STruong Nguyen# ipfilter configuration. To avoid all possible deadlock scenarios, 40eb1a3463STruong Nguyen# we restart ipfilter which will regenerate the ipfilter configuration 41eb1a3463STruong Nguyen# for the entire system. 42eb1a3463STruong Nguyen# 43eb1a3463STruong Nguyen# The ipf_method process signals that it didn't generate ipf rules by 44eb1a3463STruong Nguyen# removing the service's ipf file. Thus we only restart network/ipfilter 45eb1a3463STruong Nguyen# when the file is missing. 46eb1a3463STruong Nguyen# 47eb1a3463STruong Nguyenconfigure_ipfilter() 48eb1a3463STruong Nguyen{ 49eb1a3463STruong Nguyen ipfile=`fmri_to_file $SMF_FMRI $IPF_SUFFIX` 50eb1a3463STruong Nguyen [ -f "$ipfile" ] && return 0 51eb1a3463STruong Nguyen 52eb1a3463STruong Nguyen # 53eb1a3463STruong Nguyen # Nothing to do if: 54eb1a3463STruong Nguyen # - ipfilter isn't online 55eb1a3463STruong Nguyen # - global policy is 'custom' 56eb1a3463STruong Nguyen # - service's policy is 'use_global' 57eb1a3463STruong Nguyen # 58eb1a3463STruong Nguyen service_check_state $IPF_FMRI $SMF_ONLINE || return 0 59eb1a3463STruong Nguyen [ "`get_global_def_policy`" = "custom" ] && return 0 60eb1a3463STruong Nguyen [ "`get_policy $SMF_FMRI`" = "use_global" ] && return 0 61eb1a3463STruong Nguyen 62eb1a3463STruong Nguyen svcadm restart $IPF_FMRI 63eb1a3463STruong Nguyen} 64eb1a3463STruong Nguyen 657c478bd9Sstevel@tonic-gatecase "$1" in 667c478bd9Sstevel@tonic-gate'start') 677c478bd9Sstevel@tonic-gate # The NFS server is not supported in a local zone 686927f468Sdp if smf_is_nonglobalzone; then 693fd3a04aSthurlow /usr/sbin/svcadm disable -t svc:/network/nfs/server 707c478bd9Sstevel@tonic-gate echo "The NFS server is not supported in a local zone" 717c478bd9Sstevel@tonic-gate sleep 5 & 727c478bd9Sstevel@tonic-gate exit $SMF_EXIT_OK 737c478bd9Sstevel@tonic-gate fi 747c478bd9Sstevel@tonic-gate 756185db85Sdougm # Share all file systems enabled for sharing. sharemgr understands 766185db85Sdougm # regular shares and ZFS shares and will handle both. Technically, 776185db85Sdougm # the shares would have been started long before getting here since 786185db85Sdougm # nfsd has a dependency on them. 797c478bd9Sstevel@tonic-gate 806185db85Sdougm # restart stopped shares from the repository 816185db85Sdougm /usr/sbin/sharemgr start -P nfs -a 82fa9e4066Sahrens 83dd51520eSPavan Mettu - Oracle Corporation - Menlo Park United States # Options for nfsd are now set in SMF 84*50b14205SMarcel Telka 857c478bd9Sstevel@tonic-gate /usr/lib/nfs/mountd 86250a0733Sth199096 rc=$? 87250a0733Sth199096 if [ $rc != 0 ]; then 88250a0733Sth199096 /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server 89250a0733Sth199096 echo "$0: mountd failed with $rc" 90250a0733Sth199096 sleep 5 & 91250a0733Sth199096 exit $SMF_EXIT_ERR_FATAL 92250a0733Sth199096 fi 93250a0733Sth199096 947c478bd9Sstevel@tonic-gate /usr/lib/nfs/nfsd 95250a0733Sth199096 rc=$? 96250a0733Sth199096 if [ $rc != 0 ]; then 97250a0733Sth199096 /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server 98250a0733Sth199096 echo "$0: nfsd failed with $rc" 99250a0733Sth199096 sleep 5 & 100250a0733Sth199096 exit $SMF_EXIT_ERR_FATAL 101250a0733Sth199096 fi 102eb1a3463STruong Nguyen 103eb1a3463STruong Nguyen configure_ipfilter 1047c478bd9Sstevel@tonic-gate ;; 1057c478bd9Sstevel@tonic-gate 1063fd3a04aSthurlow'refresh') 1076185db85Sdougm /usr/sbin/sharemgr start -P nfs -a 1083fd3a04aSthurlow ;; 1093fd3a04aSthurlow 1107c478bd9Sstevel@tonic-gate'stop') 1117c478bd9Sstevel@tonic-gate /usr/bin/pkill -x -u 0,1 -z $zone '(nfsd|mountd)' 1127c478bd9Sstevel@tonic-gate 1136185db85Sdougm # Unshare all shared file systems using NFS 114fa9e4066Sahrens 1156185db85Sdougm /usr/sbin/sharemgr stop -P nfs -a 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate # Kill any processes left in service contract 1187c478bd9Sstevel@tonic-gate smf_kill_contract $2 TERM 1 1197c478bd9Sstevel@tonic-gate [ $? -ne 0 ] && exit 1 1207c478bd9Sstevel@tonic-gate ;; 1213fd3a04aSthurlow 122eb1a3463STruong Nguyen'ipfilter') 123eb1a3463STruong Nguyen # 124eb1a3463STruong Nguyen # NFS related services are RPC. nfs/server has nfsd which has 125eb1a3463STruong Nguyen # well-defined port number but mountd is an RPC daemon. 126eb1a3463STruong Nguyen # 127eb1a3463STruong Nguyen # Essentially, we generate rules for the following "services" 128eb1a3463STruong Nguyen # - nfs/server which has nfsd and mountd 129eb1a3463STruong Nguyen # - nfs/rquota 130eb1a3463STruong Nguyen # 131eb1a3463STruong Nguyen # The following services are enabled for both nfs client and 132eb1a3463STruong Nguyen # server so we'll treat them as client services and simply 133eb1a3463STruong Nguyen # allow incoming traffic. 134eb1a3463STruong Nguyen # - nfs/status 135eb1a3463STruong Nguyen # - nfs/nlockmgr 136eb1a3463STruong Nguyen # - nfs/cbd 137eb1a3463STruong Nguyen # 138eb1a3463STruong Nguyen NFS_FMRI="svc:/network/nfs/server:default" 139eb1a3463STruong Nguyen RQUOTA_FMRI="svc:/network/nfs/rquota:default" 140eb1a3463STruong Nguyen FMRI=$2 141eb1a3463STruong Nguyen 142eb1a3463STruong Nguyen file=`fmri_to_file $FMRI $IPF_SUFFIX` 143eb1a3463STruong Nguyen echo "# $FMRI" >$file 144eb1a3463STruong Nguyen policy=`get_policy $NFS_FMRI` 145eb1a3463STruong Nguyen ip="any" 146eb1a3463STruong Nguyen 147eb1a3463STruong Nguyen # 148eb1a3463STruong Nguyen # nfs/server configuration is processed in the start method. 149eb1a3463STruong Nguyen # 150eb1a3463STruong Nguyen if [ "$FMRI" = "$NFS_FMRI" ]; then 151eb1a3463STruong Nguyen service_check_state $FMRI $SMF_ONLINE 152eb1a3463STruong Nguyen if [ $? -ne 0 ]; then 153eb1a3463STruong Nguyen rm $file 154eb1a3463STruong Nguyen exit $SMF_EXIT_OK 155eb1a3463STruong Nguyen fi 156eb1a3463STruong Nguyen 157eb1a3463STruong Nguyen nfs_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI 2>/dev/null` 158eb1a3463STruong Nguyen tport=`$SERVINFO -p -t -s $nfs_name 2>/dev/null` 159eb1a3463STruong Nguyen if [ -n "$tport" ]; then 160eb1a3463STruong Nguyen generate_rules $FMRI $policy "tcp" $ip $tport $file 161eb1a3463STruong Nguyen fi 162eb1a3463STruong Nguyen 163eb1a3463STruong Nguyen uport=`$SERVINFO -p -u -s $nfs_name 2>/dev/null` 164eb1a3463STruong Nguyen if [ -n "$uport" ]; then 165eb1a3463STruong Nguyen generate_rules $FMRI $policy "udp" $ip $uport $file 166eb1a3463STruong Nguyen fi 167eb1a3463STruong Nguyen 168eb1a3463STruong Nguyen tports=`$SERVINFO -R -p -t -s "mountd" 2>/dev/null` 169eb1a3463STruong Nguyen if [ -n "$tports" ]; then 170eb1a3463STruong Nguyen for tport in $tports; do 171eb1a3463STruong Nguyen generate_rules $FMRI $policy "tcp" $ip \ 172eb1a3463STruong Nguyen $tport $file 173eb1a3463STruong Nguyen done 174eb1a3463STruong Nguyen fi 175eb1a3463STruong Nguyen 176eb1a3463STruong Nguyen uports=`$SERVINFO -R -p -u -s "mountd" 2>/dev/null` 177eb1a3463STruong Nguyen if [ -n "$uports" ]; then 178eb1a3463STruong Nguyen for uport in $uports; do 179eb1a3463STruong Nguyen generate_rules $FMRI $policy "udp" $ip \ 180eb1a3463STruong Nguyen $uport $file 181eb1a3463STruong Nguyen done 182eb1a3463STruong Nguyen fi 183eb1a3463STruong Nguyen 184eb1a3463STruong Nguyen elif [ "$FMRI" = "$RQUOTA_FMRI" ]; then 185eb1a3463STruong Nguyen iana_name=`svcprop -p inetd/name $FMRI` 186eb1a3463STruong Nguyen 187eb1a3463STruong Nguyen tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` 188eb1a3463STruong Nguyen if [ -n "$tports" ]; then 189eb1a3463STruong Nguyen for tport in $tports; do 190eb1a3463STruong Nguyen generate_rules $NFS_FMRI $policy "tcp" \ 191eb1a3463STruong Nguyen $ip $tport $file 192eb1a3463STruong Nguyen done 193eb1a3463STruong Nguyen fi 194eb1a3463STruong Nguyen 195eb1a3463STruong Nguyen uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` 196eb1a3463STruong Nguyen if [ -n "$uports" ]; then 197eb1a3463STruong Nguyen for uport in $uports; do 198eb1a3463STruong Nguyen generate_rules $NFS_FMRI $policy "udp" \ 199eb1a3463STruong Nguyen $ip $uport $file 200eb1a3463STruong Nguyen done 201eb1a3463STruong Nguyen fi 202eb1a3463STruong Nguyen else 203eb1a3463STruong Nguyen # 204eb1a3463STruong Nguyen # Handle the client services here 205eb1a3463STruong Nguyen # 206eb1a3463STruong Nguyen restarter=`svcprop -p general/restarter $FMRI 2>/dev/null` 207eb1a3463STruong Nguyen if [ "$restarter" = "$INETDFMRI" ]; then 208eb1a3463STruong Nguyen iana_name=`svcprop -p inetd/name $FMRI` 209eb1a3463STruong Nguyen isrpc=`svcprop -p inetd/isrpc $FMRI` 210eb1a3463STruong Nguyen else 211eb1a3463STruong Nguyen iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI` 212eb1a3463STruong Nguyen isrpc=`svcprop -p $FW_CONTEXT_PG/isrpc $FMRI` 213eb1a3463STruong Nguyen fi 214eb1a3463STruong Nguyen 215eb1a3463STruong Nguyen if [ "$isrpc" = "true" ]; then 216eb1a3463STruong Nguyen tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` 217eb1a3463STruong Nguyen uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` 218eb1a3463STruong Nguyen else 219eb1a3463STruong Nguyen tports=`$SERVINFO -p -t -s $iana_name 2>/dev/null` 220eb1a3463STruong Nguyen uports=`$SERVINFO -p -u -s $iana_name 2>/dev/null` 221eb1a3463STruong Nguyen fi 222eb1a3463STruong Nguyen 223eb1a3463STruong Nguyen if [ -n "$tports" ]; then 224eb1a3463STruong Nguyen for tport in $tports; do 225eb1a3463STruong Nguyen echo "pass in log quick proto tcp from any" \ 226eb1a3463STruong Nguyen "to any port = ${tport} flags S " \ 227eb1a3463STruong Nguyen "keep state" >>${file} 228eb1a3463STruong Nguyen done 229eb1a3463STruong Nguyen fi 230eb1a3463STruong Nguyen 231eb1a3463STruong Nguyen if [ -n "$uports" ]; then 232eb1a3463STruong Nguyen for uport in $uports; do 233eb1a3463STruong Nguyen echo "pass in log quick proto udp from any" \ 234eb1a3463STruong Nguyen "to any port = ${uport}" >>${file} 235eb1a3463STruong Nguyen done 236eb1a3463STruong Nguyen fi 237eb1a3463STruong Nguyen fi 238eb1a3463STruong Nguyen 239eb1a3463STruong Nguyen ;; 240eb1a3463STruong Nguyen 2417c478bd9Sstevel@tonic-gate*) 2423fd3a04aSthurlow echo "Usage: $0 { start | stop | refresh }" 2437c478bd9Sstevel@tonic-gate exit 1 2447c478bd9Sstevel@tonic-gate ;; 2457c478bd9Sstevel@tonic-gateesac 2467c478bd9Sstevel@tonic-gateexit $SMF_EXIT_OK 247