17c478bd9Sstevel@tonic-gate#!/sbin/sh 27c478bd9Sstevel@tonic-gate# 37c478bd9Sstevel@tonic-gate# CDDL HEADER START 47c478bd9Sstevel@tonic-gate# 57c478bd9Sstevel@tonic-gate# The contents of this file are subject to the terms of the 66927f468Sdp# Common Development and Distribution License (the "License"). 76927f468Sdp# You may not use this file except in compliance with the License. 87c478bd9Sstevel@tonic-gate# 97c478bd9Sstevel@tonic-gate# You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 107c478bd9Sstevel@tonic-gate# or http://www.opensolaris.org/os/licensing. 117c478bd9Sstevel@tonic-gate# See the License for the specific language governing permissions 127c478bd9Sstevel@tonic-gate# and limitations under the License. 137c478bd9Sstevel@tonic-gate# 147c478bd9Sstevel@tonic-gate# When distributing Covered Code, include this CDDL HEADER in each 157c478bd9Sstevel@tonic-gate# file and include the License file at usr/src/OPENSOLARIS.LICENSE. 167c478bd9Sstevel@tonic-gate# If applicable, add the following below this CDDL HEADER, with the 177c478bd9Sstevel@tonic-gate# fields enclosed by brackets "[]" replaced with your own identifying 187c478bd9Sstevel@tonic-gate# information: Portions Copyright [yyyy] [name of copyright owner] 197c478bd9Sstevel@tonic-gate# 207c478bd9Sstevel@tonic-gate# CDDL HEADER END 217c478bd9Sstevel@tonic-gate# 227c478bd9Sstevel@tonic-gate# 23dd51520eSPavan Mettu - Oracle Corporation - Menlo Park United States# Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved. 24*4191ce11SVitaliy Gusev# Copyright 2012 Nexenta Systems, Inc. All rights reserved. 257c478bd9Sstevel@tonic-gate# 267c478bd9Sstevel@tonic-gate 277c478bd9Sstevel@tonic-gate# Start/stop processes required for server NFS 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate. /lib/svc/share/smf_include.sh 30eb1a3463STruong Nguyen. /lib/svc/share/ipf_include.sh 316927f468Sdpzone=`smf_zonename` 327c478bd9Sstevel@tonic-gate 33eb1a3463STruong Nguyen# 34eb1a3463STruong Nguyen# Handling a corner case here. If we were in offline state due to an 35eb1a3463STruong Nguyen# unsatisfied dependency, the ipf_method process wouldn't have generated 36eb1a3463STruong Nguyen# the ipfilter configuration. When we transition to online because the 37eb1a3463STruong Nguyen# dependency is satisfied, the start method will have to generate the 38eb1a3463STruong Nguyen# ipfilter configuration. To avoid all possible deadlock scenarios, 39eb1a3463STruong Nguyen# we restart ipfilter which will regenerate the ipfilter configuration 40eb1a3463STruong Nguyen# for the entire system. 41eb1a3463STruong Nguyen# 42eb1a3463STruong Nguyen# The ipf_method process signals that it didn't generate ipf rules by 43eb1a3463STruong Nguyen# removing the service's ipf file. Thus we only restart network/ipfilter 44eb1a3463STruong Nguyen# when the file is missing. 45eb1a3463STruong Nguyen# 46eb1a3463STruong Nguyenconfigure_ipfilter() 47eb1a3463STruong Nguyen{ 48eb1a3463STruong Nguyen ipfile=`fmri_to_file $SMF_FMRI $IPF_SUFFIX` 49eb1a3463STruong Nguyen [ -f "$ipfile" ] && return 0 50eb1a3463STruong Nguyen 51eb1a3463STruong Nguyen # 52eb1a3463STruong Nguyen # Nothing to do if: 53eb1a3463STruong Nguyen # - ipfilter isn't online 54eb1a3463STruong Nguyen # - global policy is 'custom' 55eb1a3463STruong Nguyen # - service's policy is 'use_global' 56eb1a3463STruong Nguyen # 57eb1a3463STruong Nguyen service_check_state $IPF_FMRI $SMF_ONLINE || return 0 58eb1a3463STruong Nguyen [ "`get_global_def_policy`" = "custom" ] && return 0 59eb1a3463STruong Nguyen [ "`get_policy $SMF_FMRI`" = "use_global" ] && return 0 60eb1a3463STruong Nguyen 61eb1a3463STruong Nguyen svcadm restart $IPF_FMRI 62eb1a3463STruong Nguyen} 63eb1a3463STruong Nguyen 647c478bd9Sstevel@tonic-gatecase "$1" in 657c478bd9Sstevel@tonic-gate'start') 667c478bd9Sstevel@tonic-gate # The NFS server is not supported in a local zone 676927f468Sdp if smf_is_nonglobalzone; then 683fd3a04aSthurlow /usr/sbin/svcadm disable -t svc:/network/nfs/server 697c478bd9Sstevel@tonic-gate echo "The NFS server is not supported in a local zone" 707c478bd9Sstevel@tonic-gate sleep 5 & 717c478bd9Sstevel@tonic-gate exit $SMF_EXIT_OK 727c478bd9Sstevel@tonic-gate fi 737c478bd9Sstevel@tonic-gate 746185db85Sdougm # Share all file systems enabled for sharing. sharemgr understands 756185db85Sdougm # regular shares and ZFS shares and will handle both. Technically, 766185db85Sdougm # the shares would have been started long before getting here since 776185db85Sdougm # nfsd has a dependency on them. 787c478bd9Sstevel@tonic-gate 797c478bd9Sstevel@tonic-gate startnfsd=0 807c478bd9Sstevel@tonic-gate 816185db85Sdougm # restart stopped shares from the repository 826185db85Sdougm /usr/sbin/sharemgr start -P nfs -a 83fa9e4066Sahrens 84fa9e4066Sahrens # Start up mountd and nfsd if anything is exported. 85fa9e4066Sahrens 867c478bd9Sstevel@tonic-gate if /usr/bin/grep -s nfs /etc/dfs/sharetab >/dev/null; then 877c478bd9Sstevel@tonic-gate startnfsd=1 887c478bd9Sstevel@tonic-gate fi 897c478bd9Sstevel@tonic-gate 9039c23413Seschrock # If auto-enable behavior is disabled, always start nfsd 9139c23413Seschrock 9239c23413Seschrock if [ `svcprop -p application/auto_enable nfs/server` = "false" ]; then 9339c23413Seschrock startnfsd=1 9439c23413Seschrock fi 9539c23413Seschrock 96dd51520eSPavan Mettu - Oracle Corporation - Menlo Park United States # Options for nfsd are now set in SMF 977c478bd9Sstevel@tonic-gate if [ $startnfsd -ne 0 ]; then 987c478bd9Sstevel@tonic-gate /usr/lib/nfs/mountd 99250a0733Sth199096 rc=$? 100250a0733Sth199096 if [ $rc != 0 ]; then 101250a0733Sth199096 /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server 102250a0733Sth199096 echo "$0: mountd failed with $rc" 103250a0733Sth199096 sleep 5 & 104250a0733Sth199096 exit $SMF_EXIT_ERR_FATAL 105250a0733Sth199096 fi 106250a0733Sth199096 1077c478bd9Sstevel@tonic-gate /usr/lib/nfs/nfsd 108250a0733Sth199096 rc=$? 109250a0733Sth199096 if [ $rc != 0 ]; then 110250a0733Sth199096 /usr/sbin/svcadm mark -t maintenance svc:/network/nfs/server 111250a0733Sth199096 echo "$0: nfsd failed with $rc" 112250a0733Sth199096 sleep 5 & 113250a0733Sth199096 exit $SMF_EXIT_ERR_FATAL 114250a0733Sth199096 fi 115eb1a3463STruong Nguyen 116eb1a3463STruong Nguyen configure_ipfilter 1177c478bd9Sstevel@tonic-gate else 1183fd3a04aSthurlow /usr/sbin/svcadm disable -t svc:/network/nfs/server 1197c478bd9Sstevel@tonic-gate echo "No NFS filesystems are shared" 1207c478bd9Sstevel@tonic-gate sleep 5 & 1217c478bd9Sstevel@tonic-gate fi 1227c478bd9Sstevel@tonic-gate 1237c478bd9Sstevel@tonic-gate ;; 1247c478bd9Sstevel@tonic-gate 1253fd3a04aSthurlow'refresh') 1266185db85Sdougm /usr/sbin/sharemgr start -P nfs -a 1273fd3a04aSthurlow ;; 1283fd3a04aSthurlow 1297c478bd9Sstevel@tonic-gate'stop') 1307c478bd9Sstevel@tonic-gate /usr/bin/pkill -x -u 0,1 -z $zone '(nfsd|mountd)' 1317c478bd9Sstevel@tonic-gate 1326185db85Sdougm # Unshare all shared file systems using NFS 133fa9e4066Sahrens 1346185db85Sdougm /usr/sbin/sharemgr stop -P nfs -a 1357c478bd9Sstevel@tonic-gate 1367c478bd9Sstevel@tonic-gate # Kill any processes left in service contract 1377c478bd9Sstevel@tonic-gate smf_kill_contract $2 TERM 1 1387c478bd9Sstevel@tonic-gate [ $? -ne 0 ] && exit 1 1397c478bd9Sstevel@tonic-gate ;; 1403fd3a04aSthurlow 141eb1a3463STruong Nguyen'ipfilter') 142eb1a3463STruong Nguyen # 143eb1a3463STruong Nguyen # NFS related services are RPC. nfs/server has nfsd which has 144eb1a3463STruong Nguyen # well-defined port number but mountd is an RPC daemon. 145eb1a3463STruong Nguyen # 146eb1a3463STruong Nguyen # Essentially, we generate rules for the following "services" 147eb1a3463STruong Nguyen # - nfs/server which has nfsd and mountd 148eb1a3463STruong Nguyen # - nfs/rquota 149eb1a3463STruong Nguyen # 150eb1a3463STruong Nguyen # The following services are enabled for both nfs client and 151eb1a3463STruong Nguyen # server so we'll treat them as client services and simply 152eb1a3463STruong Nguyen # allow incoming traffic. 153eb1a3463STruong Nguyen # - nfs/status 154eb1a3463STruong Nguyen # - nfs/nlockmgr 155eb1a3463STruong Nguyen # - nfs/cbd 156eb1a3463STruong Nguyen # 157eb1a3463STruong Nguyen NFS_FMRI="svc:/network/nfs/server:default" 158eb1a3463STruong Nguyen RQUOTA_FMRI="svc:/network/nfs/rquota:default" 159eb1a3463STruong Nguyen FMRI=$2 160eb1a3463STruong Nguyen 161eb1a3463STruong Nguyen file=`fmri_to_file $FMRI $IPF_SUFFIX` 162eb1a3463STruong Nguyen echo "# $FMRI" >$file 163eb1a3463STruong Nguyen policy=`get_policy $NFS_FMRI` 164eb1a3463STruong Nguyen ip="any" 165eb1a3463STruong Nguyen 166eb1a3463STruong Nguyen # 167eb1a3463STruong Nguyen # nfs/server configuration is processed in the start method. 168eb1a3463STruong Nguyen # 169eb1a3463STruong Nguyen if [ "$FMRI" = "$NFS_FMRI" ]; then 170eb1a3463STruong Nguyen service_check_state $FMRI $SMF_ONLINE 171eb1a3463STruong Nguyen if [ $? -ne 0 ]; then 172eb1a3463STruong Nguyen rm $file 173eb1a3463STruong Nguyen exit $SMF_EXIT_OK 174eb1a3463STruong Nguyen fi 175eb1a3463STruong Nguyen 176eb1a3463STruong Nguyen nfs_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI 2>/dev/null` 177eb1a3463STruong Nguyen tport=`$SERVINFO -p -t -s $nfs_name 2>/dev/null` 178eb1a3463STruong Nguyen if [ -n "$tport" ]; then 179eb1a3463STruong Nguyen generate_rules $FMRI $policy "tcp" $ip $tport $file 180eb1a3463STruong Nguyen fi 181eb1a3463STruong Nguyen 182eb1a3463STruong Nguyen uport=`$SERVINFO -p -u -s $nfs_name 2>/dev/null` 183eb1a3463STruong Nguyen if [ -n "$uport" ]; then 184eb1a3463STruong Nguyen generate_rules $FMRI $policy "udp" $ip $uport $file 185eb1a3463STruong Nguyen fi 186eb1a3463STruong Nguyen 187eb1a3463STruong Nguyen tports=`$SERVINFO -R -p -t -s "mountd" 2>/dev/null` 188eb1a3463STruong Nguyen if [ -n "$tports" ]; then 189eb1a3463STruong Nguyen for tport in $tports; do 190eb1a3463STruong Nguyen generate_rules $FMRI $policy "tcp" $ip \ 191eb1a3463STruong Nguyen $tport $file 192eb1a3463STruong Nguyen done 193eb1a3463STruong Nguyen fi 194eb1a3463STruong Nguyen 195eb1a3463STruong Nguyen uports=`$SERVINFO -R -p -u -s "mountd" 2>/dev/null` 196eb1a3463STruong Nguyen if [ -n "$uports" ]; then 197eb1a3463STruong Nguyen for uport in $uports; do 198eb1a3463STruong Nguyen generate_rules $FMRI $policy "udp" $ip \ 199eb1a3463STruong Nguyen $uport $file 200eb1a3463STruong Nguyen done 201eb1a3463STruong Nguyen fi 202eb1a3463STruong Nguyen 203eb1a3463STruong Nguyen elif [ "$FMRI" = "$RQUOTA_FMRI" ]; then 204eb1a3463STruong Nguyen iana_name=`svcprop -p inetd/name $FMRI` 205eb1a3463STruong Nguyen 206eb1a3463STruong Nguyen tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` 207eb1a3463STruong Nguyen if [ -n "$tports" ]; then 208eb1a3463STruong Nguyen for tport in $tports; do 209eb1a3463STruong Nguyen generate_rules $NFS_FMRI $policy "tcp" \ 210eb1a3463STruong Nguyen $ip $tport $file 211eb1a3463STruong Nguyen done 212eb1a3463STruong Nguyen fi 213eb1a3463STruong Nguyen 214eb1a3463STruong Nguyen uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` 215eb1a3463STruong Nguyen if [ -n "$uports" ]; then 216eb1a3463STruong Nguyen for uport in $uports; do 217eb1a3463STruong Nguyen generate_rules $NFS_FMRI $policy "udp" \ 218eb1a3463STruong Nguyen $ip $uport $file 219eb1a3463STruong Nguyen done 220eb1a3463STruong Nguyen fi 221eb1a3463STruong Nguyen else 222eb1a3463STruong Nguyen # 223eb1a3463STruong Nguyen # Handle the client services here 224eb1a3463STruong Nguyen # 225eb1a3463STruong Nguyen restarter=`svcprop -p general/restarter $FMRI 2>/dev/null` 226eb1a3463STruong Nguyen if [ "$restarter" = "$INETDFMRI" ]; then 227eb1a3463STruong Nguyen iana_name=`svcprop -p inetd/name $FMRI` 228eb1a3463STruong Nguyen isrpc=`svcprop -p inetd/isrpc $FMRI` 229eb1a3463STruong Nguyen else 230eb1a3463STruong Nguyen iana_name=`svcprop -p $FW_CONTEXT_PG/name $FMRI` 231eb1a3463STruong Nguyen isrpc=`svcprop -p $FW_CONTEXT_PG/isrpc $FMRI` 232eb1a3463STruong Nguyen fi 233eb1a3463STruong Nguyen 234eb1a3463STruong Nguyen if [ "$isrpc" = "true" ]; then 235eb1a3463STruong Nguyen tports=`$SERVINFO -R -p -t -s $iana_name 2>/dev/null` 236eb1a3463STruong Nguyen uports=`$SERVINFO -R -p -u -s $iana_name 2>/dev/null` 237eb1a3463STruong Nguyen else 238eb1a3463STruong Nguyen tports=`$SERVINFO -p -t -s $iana_name 2>/dev/null` 239eb1a3463STruong Nguyen uports=`$SERVINFO -p -u -s $iana_name 2>/dev/null` 240eb1a3463STruong Nguyen fi 241eb1a3463STruong Nguyen 242eb1a3463STruong Nguyen if [ -n "$tports" ]; then 243eb1a3463STruong Nguyen for tport in $tports; do 244eb1a3463STruong Nguyen echo "pass in log quick proto tcp from any" \ 245eb1a3463STruong Nguyen "to any port = ${tport} flags S " \ 246eb1a3463STruong Nguyen "keep state" >>${file} 247eb1a3463STruong Nguyen done 248eb1a3463STruong Nguyen fi 249eb1a3463STruong Nguyen 250eb1a3463STruong Nguyen if [ -n "$uports" ]; then 251eb1a3463STruong Nguyen for uport in $uports; do 252eb1a3463STruong Nguyen echo "pass in log quick proto udp from any" \ 253eb1a3463STruong Nguyen "to any port = ${uport}" >>${file} 254eb1a3463STruong Nguyen done 255eb1a3463STruong Nguyen fi 256eb1a3463STruong Nguyen fi 257eb1a3463STruong Nguyen 258eb1a3463STruong Nguyen ;; 259eb1a3463STruong Nguyen 2607c478bd9Sstevel@tonic-gate*) 2613fd3a04aSthurlow echo "Usage: $0 { start | stop | refresh }" 2627c478bd9Sstevel@tonic-gate exit 1 2637c478bd9Sstevel@tonic-gate ;; 2647c478bd9Sstevel@tonic-gateesac 2657c478bd9Sstevel@tonic-gateexit $SMF_EXIT_OK 266