From patchwork Fri Jan 10 16:19:27 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chuck Lever X-Patchwork-Id: 309327 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 197042C0098 for ; Sat, 11 Jan 2014 03:19:54 +1100 (EST) Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s0AGJppO032166 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 10 Jan 2014 16:19:52 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s0AGJod7024431 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Jan 2014 16:19:51 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1W1eoI-000452-KS; Fri, 10 Jan 2014 08:19:50 -0800 Received: from ucsinet22.oracle.com ([156.151.31.94]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1W1eny-00043G-OV for fedfs-utils-devel@oss.oracle.com; Fri, 10 Jan 2014 08:19:30 -0800 Received: from aserp1020.oracle.com (aserp1020.oracle.com [141.146.126.67]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s0AGJTFu018340 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for ; Fri, 10 Jan 2014 16:19:30 GMT Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com [209.85.223.181]) by aserp1020.oracle.com (Sentrion-MTA-4.3.1/Sentrion-MTA-4.3.1) with ESMTP id s0AGJSHQ015913 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK) for ; Fri, 10 Jan 2014 16:19:29 GMT Received: by mail-ie0-f181.google.com with SMTP id e14so5424876iej.12 for ; Fri, 10 Jan 2014 08:19:28 -0800 (PST) X-Received: by 10.50.154.161 with SMTP id vp1mr4266465igb.17.1389370768687; Fri, 10 Jan 2014 08:19:28 -0800 (PST) Received: from seurat.1015granger.net (c-68-40-85-241.hsd1.mi.comcast.net. [68.40.85.241]) by mx.google.com with ESMTPSA id kt2sm4304701igb.1.2014.01.10.08.19.28 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Jan 2014 08:19:28 -0800 (PST) To: fedfs-utils-devel@oss.oracle.com From: Chuck Lever Date: Fri, 10 Jan 2014 11:19:27 -0500 Message-ID: <20140110161927.32524.37616.stgit@seurat.1015granger.net> In-Reply-To: <20140110161428.32524.47303.stgit@seurat.1015granger.net> References: <20140110161428.32524.47303.stgit@seurat.1015granger.net> User-Agent: StGit/0.16 MIME-Version: 1.0 X-Flow-Control-Info: class=Pass-to-MM reputation=ipRisk-All ip=209.85.223.181 ct-class=R5 ct-vol1=0 ct-vol2=8 ct-vol3=8 ct-risk=48 ct-spam1=75 ct-spam2=8 ct-bulk=6 rcpts=1 size=4164 X-Sendmail-CM-Score: 0.00% X-Sendmail-CM-Analysis: v=2.1 cv=OaGhUHjY c=1 sm=1 tr=0 a=gpi+er6/4TN47Q6KBifQ7Q==:117 a=f4GS5uou6mMssVkgzQWOAg==:17 a=dzsqy3y4QnMA:10 a=dg1AZboiUhoA:10 a=dPGociXpb70A:10 a=IkcTkHD0fZMA:10 a=yPCof4ZbAAAA:8 a=Lb1rMZzfAAAA:8 a=1XWaLZrsAAAA:8 a=C_IRinGWAAAA:8 a=6Z 0PVnNLo88A:10 a=OK-8mIdLAAAA:8 a=G7B501gh9RVHwcZ9WoMA:9 a=QEXdDO2ut3YA:10 a=nvz6EU7xhngA:10 a=7DSvI1NPTFQA:10 a=MQEq1R4Qs-cA:10 X-Sendmail-CT-Classification: not spam X-Sendmail-CT-RefID: str=0001.0A090204.52D01D91.00D7, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 Subject: [fedfs-utils] [PATCH 04/11] man: Move "Creating domain roots" section X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet21.oracle.com [141.146.126.237] The fedfs(7) man page contains a section discussing how to create FedFS domain root directories. This level of detail belongs in the new fedfs-domainroot(8) man page. Signed-off-by: Chuck Lever --- doc/man/fedfs-domainroot.8 | 31 ++++++++++++++++++++++++------- doc/man/fedfs.7 | 38 -------------------------------------- 2 files changed, 24 insertions(+), 45 deletions(-) diff --git a/doc/man/fedfs-domainroot.8 b/doc/man/fedfs-domainroot.8 index 359a416..c50a6e5 100644 --- a/doc/man/fedfs-domainroot.8 +++ b/doc/man/fedfs-domainroot.8 @@ -129,13 +129,6 @@ These can be modified by editing after the domain root export is created. .P -The final step of setting up a FedFS domain is adding a set of DNS SRV -records that direct FedFS-enabled clients to the fileserver -where the domain's root directory resides. -Adding DNS SRV records is outside the scope of the -.BR fedfs-domainroot (8) -command. -.P The .BR fedfs-domainroot (8) command must run as root in order to create and remove NFS exports @@ -251,6 +244,28 @@ Removed domain root for FedFS domain "example.net" .br # .RE +.SH DOMAIN ROOT DISCOVERY +To enable discovery of new domain roots +by FedFS-enabled file-access clients, +a DNS SRV record must be added to an appropriate authoritative DNS server. +.P +If you created your domain root on the fileserver named +.IR foo.example.net , +a record for the above domain root should be added to the DNS +server authoritative for the +.I example.net +domain. +Such a record might look like +.RS +.sp + _nfs-domainroot._tcp IN SRV 0 0 2049 foo.example.net. +.sp +.RE +Adding DNS SRV records is outside the scope of the +.BR fedfs-domainroot (8) +command. +Consult with your network administrator for details +on how to add appropriate DNS SRV records for your FedFS domain root. .SH SECURITY FedFS domain root exports created by .BR fedfs-domainroot (8) @@ -296,6 +311,8 @@ directory containing domain root exports .BR rpc.fedfsd (8), .BR exportfs (8), .BR exports (5) +.sp +RFC 6641 for the specification of FedFS DNS SRV records .SH COLOPHON This page is part of the fedfs-utils package. A description of the project and information about reporting bugs diff --git a/doc/man/fedfs.7 b/doc/man/fedfs.7 index 27769a0..556f41a 100644 --- a/doc/man/fedfs.7 +++ b/doc/man/fedfs.7 @@ -194,44 +194,6 @@ or hide parts of the FedFS namespace for security purposes. However, it breaks cross-platform application interoperability by presenting applications with multiple pathnames to the same file object. Therefore it should be avoided. -.SS Creating domain roots -NFSv4 FedFS domain roots are mounted via a standard export pathname. -The first component of the domain root's export pathname is always -.IR /.domainroot . -The second component is a FedFS domain name. -For instance, the export pathname of the domain root of the -.I example.net -FedFS domain would be -.IR /.domainroot/example.net . -.P -After creating this directory on a FedFS-enabled -fileserver and making it world readable, -an entry in /etc/exports for this export might look like: -.RS -.sp -/.domainroot/example.net *(ro) -.sp -.RE -At this point, FedFS junctions can be created in the domain's root directory -using FedFS administrative tools. -You can also add other objects that might be useful -at the top of a FedFS domain namespace, such as standard NFS referrals, -or files, like a terms-of-use document. -.P -To enable discovery of this domain root -by FedFS-enabled file-access clients, -a DNS SRV record is added to an appropriate authoritative DNS server. -If you created your domain root on the fileserver named -.IR foo.example.net , -a record for the above domain root should be added to the DNS -server authoritative for the -.I example.net -domain. -Such a record might look like -.RS -.sp - _nfs-domainroot._tcp IN SRV 0 0 2049 foo.example.net. -.RE .SH SECURITY Each host in a FedFS domain plays one or more of the following roles, each of which have different security requirements.