1SM-NOTIFY(8)                System Manager's Manual               SM-NOTIFY(8)
2
3
4

NAME

6       sm-notify - send reboot notifications to NFS peers
7

SYNOPSIS

9       /usr/sbin/sm-notify  [-dfn] [-m minutes] [-v name] [-p notify-port] [-P
10       path]
11

DESCRIPTION

13       File locks are not part of persistent file system state.  Lock state is
14       thus lost when a host reboots.
15
16       Network file systems must also detect when lock state is lost because a
17       remote host has rebooted.  After an NFS client reboots, an  NFS  server
18       must  release  all file locks held by applications that were running on
19       that client.  After a server reboots, a client must remind  the  server
20       of file locks held by applications running on that client.
21
22       For  NFS  version  2 and version 3, the Network Status Monitor protocol
23       (or NSM for short) is used to notify NFS peers of reboots.   On  Linux,
24       two separate user-space components constitute the NSM service:
25
26       sm-notify
27              A  helper program that notifies NFS peers after the local system
28              reboots
29
30       rpc.statd
31              A daemon that listens for reboot notifications from other hosts,
32              and manages the list of hosts to be notified when the local sys‐
33              tem reboots
34
35       The local NFS lock manager alerts its local rpc.statd  of  each  remote
36       peer  that should be monitored.  When the local system reboots, the sm-
37       notify command notifies the NSM  service  on  monitored  peers  of  the
38       reboot.  When a remote reboots, that peer notifies the local rpc.statd,
39       which in turn passes the reboot notification back to the local NFS lock
40       manager.
41

NSM OPERATION IN DETAIL

43       The  first  file  locking  interaction between an NFS client and server
44       causes the NFS lock managers on both peers to contact their  local  NSM
45       service  to  store  information about the opposite peer.  On Linux, the
46       local lock manager contacts rpc.statd.
47
48       rpc.statd records information about each monitored NFS peer on  persis‐
49       tent  storage.  This information describes how to contact a remote peer
50       in case the local system reboots, how to recognize which monitored peer
51       is  reporting a reboot, and how to notify the local lock manager when a
52       monitored peer indicates it has rebooted.
53
54       An NFS client sends a hostname, known as the client's  caller_name,  in
55       each  file  lock  request.  An NFS server can use this hostname to send
56       asynchronous GRANT calls to a client, or to notify the  client  it  has
57       rebooted.
58
59       The  Linux  NFS  server  can  provide  the  client's caller_name or the
60       client's network address to rpc.statd.  For the  purposes  of  the  NSM
61       protocol,  this  name  or  address  is  known  as  the monitored peer's
62       mon_name.  In addition, the local lock manager tells rpc.statd what  it
63       thinks its own hostname is.  For the purposes of the NSM protocol, this
64       hostname is known as my_name.
65
66       There is no equivalent interaction between an NFS server and  a  client
67       to  inform  the  client  of  the  server's  caller_name.  Therefore NFS
68       clients do not actually know what mon_name an NFS server might  use  in
69       an  SM_NOTIFY request.  The Linux NFS client records the server's host‐
70       name used on the mount command to identify rebooting NFS servers.
71
72   Reboot notification
73       When the local system reboots, the sm-notify command reads the list  of
74       monitored  peers from persistent storage and sends an SM_NOTIFY request
75       to the NSM service on each listed remote peer.  It  uses  the  mon_name
76       string  as  the  destination.  To identify which host has rebooted, the
77       sm-notify command normally sends  my_name  string  recorded  when  that
78       remote  was monitored.  The remote rpc.statd matches incoming SM_NOTIFY
79       requests using this string, or the caller's network address, to one  or
80       more peers on its own monitor list.
81
82       If  rpc.statd  does not find a peer on its monitor list that matches an
83       incoming SM_NOTIFY request, the notification is not  forwarded  to  the
84       local  lock manager.  In addition, each peer has its own NSM state num‐
85       ber, a 32-bit integer that is bumped after each reboot by the sm-notify
86       command.   rpc.statd  uses  this  number  to distinguish between actual
87       reboots and replayed notifications.
88
89       Part of NFS lock recovery is rediscovering which peers need to be moni‐
90       tored  again.  The sm-notify command clears the monitor list on persis‐
91       tent storage after each reboot.
92

OPTIONS

94       -d     Keeps sm-notify attached to its controlling terminal and running
95              in the foreground so that notification progress may be monitored
96              directly.
97
98       -f     Send notifications even if sm-notify has already run  since  the
99              last system reboot.
100
101       -m retry-time
102              Specifies  the  length of time, in minutes, to continue retrying
103              notifications to unresponsive hosts.   If  this  option  is  not
104              specified,  sm-notify attempts to send notifications for 15 min‐
105              utes.  Specifying a value of  0  causes  sm-notify  to  continue
106              sending notifications to unresponsive peers until it is manually
107              killed.
108
109              Notifications are retried if sending fails, the remote does  not
110              respond, the remote's NSM service is not registered, or if there
111              is a DNS failure which prevents the remote's mon_name from being
112              resolved to an address.
113
114              Hosts  are  not removed from the notification list until a valid
115              reply has been received.  However, the SM_NOTIFY procedure has a
116              void  result.   There  is  no  way  for sm-notify to tell if the
117              remote recognized the sender and has  started  appropriate  lock
118              recovery.
119
120       -n     Prevents  sm-notify  from  updating the local system's NSM state
121              number.
122
123       -p port
124              Specifies the source port number sm-notify should use when send‐
125              ing  reboot  notifications.   If this option is not specified, a
126              randomly chosen ephemeral port is used.
127
128              This option can be used to traverse a  firewall  between  client
129              and server.
130
131       -P, --state-directory-path pathname
132              Specifies  the  pathname of the parent directory where NSM state
133              information resides.  If this option is not specified, sm-notify
134              uses /var/lib/nfs/statd by default.
135
136              After  starting, sm-notify attempts to set its effective UID and
137              GID to the owner and group of the subdirectory sm of this direc‐
138              tory.  After changing the effective ids, sm-notify only needs to
139              access files in sm and sm.bak within the state-directory-path.
140
141       -v ipaddr | hostname
142              Specifies the network address from which to send reboot  notifi‐
143              cations, and the mon_name argument to use when sending SM_NOTIFY
144              requests.  If this option is not  specified,  sm-notify  uses  a
145              wildcard  address  as  the  transport bind address, and uses the
146              my_name recorded when the remote was monitored as  the  mon_name
147              argument when sending SM_NOTIFY requests.
148
149              The  ipaddr  form  can be expressed as either an IPv4 or an IPv6
150              presentation address.  If the ipaddr form is used, the sm-notify
151              command  converts  this  address  to  a  hostname for use as the
152              mon_name argument when sending SM_NOTIFY requests.
153
154              This option can be useful in  multi-homed  configurations  where
155              the   remote  requires  notification  from  a  specific  network
156              address.
157

CONFIGURATION FILE

159       Many of the options that can be set on the command  line  can  also  be
160       controlled  through  values set in the [sm-notify] or, in one case, the
161       [statd] section of the /etc/nfs.conf configuration file.
162
163       Values recognized in the [sm-notify] section include: retry-time,  out‐
164       going-port,  and outgoing-addr.  These have the same effect as the com‐
165       mand line options m, p, and v respectively.
166
167       An additional value recognized in  the  [sm-notify]  section  is  lift-
168       grace.   By  default, sm-notify will lift lockd's grace period early if
169       it has no hosts to notify.  Some high availability configurations  will
170       run  one  sm-notify  per floating IP address.  In these configurations,
171       lifting the grace period early  may  prevent  clients  from  reclaiming
172       locks.   Setting lift-grace to n will prevent sm-notify from ending the
173       grace period early.   lift-grace  has  no  corresponding  command  line
174       option.
175
176       The value recognized in the [statd] section is state-directory-path.
177
178

SECURITY

180       The  sm-notify  command  must  be started as root to acquire privileges
181       needed to access the state information database.  It drops root  privi‐
182       leges as soon as it starts up to reduce the risk of a privilege escala‐
183       tion attack.
184
185       During normal operation, the effective user ID it chooses is the  owner
186       of  the state directory.  This allows it to continue to access files in
187       that directory after it has dropped its root  privileges.   To  control
188       which  user  ID rpc.statd chooses, simply use chown(1) to set the owner
189       of the state directory.
190

ADDITIONAL NOTES

192       Lock recovery after a reboot is critical to maintaining data  integrity
193       and preventing unnecessary application hangs.
194
195       To help rpc.statd match SM_NOTIFY requests to NLM requests, a number of
196       best practices should be observed, including:
197
198              The UTS nodename of your systems should match the DNS names that
199              NFS peers use to contact them
200
201              The  UTS nodenames of your systems should always be fully quali‐
202              fied domain names
203
204              The forward and reverse DNS mapping of the UTS nodenames  should
205              be consistent
206
207              The  hostname  the  client uses to mount the server should match
208              the server's mon_name in SM_NOTIFY requests it sends
209
210       Unmounting an NFS file system does not necessarily stop either the  NFS
211       client  or  server from monitoring each other.  Both may continue moni‐
212       toring each other for a time in case subsequent NFS traffic between the
213       two results in fresh mounts and additional file locking.
214
215       On  Linux,  if the lockd kernel module is unloaded during normal opera‐
216       tion, all remote NFS peers are unmonitored.  This can happen on an  NFS
217       client, for example, if an automounter removes all NFS mount points due
218       to inactivity.
219
220   IPv6 and TI-RPC support
221       TI-RPC is a pre-requisite for supporting NFS on IPv6.  If  TI-RPC  sup‐
222       port is built into the sm-notify command ,it will choose an appropriate
223       IPv4 or IPv6 transport based on the network address returned by DNS for
224       each  remote  peer.   It should be fully compatible with remote systems
225       that do not support TI-RPC or IPv6.
226
227       Currently, the sm-notify command supports sending notification only via
228       datagram transport protocols.
229

FILES

231       /var/lib/nfs/statd/sm    directory containing monitor list
232
233       /var/lib/nfs/statd/sm.bak
234                                directory containing notify list
235
236       /var/lib/nfs/statd/state NSM state number for this host
237
238       /proc/sys/fs/nfs/nsm_local_state
239                                kernel's copy of the NSM state number
240

SEE ALSO

242       rpc.statd(8), nfs(5), uname(2), hostname(7)
243
244       RFC 1094 - "NFS: Network File System Protocol Specification"
245       RFC 1813 - "NFS Version 3 Protocol Specification"
246       OpenGroup Protocols for Interworking: XNFS, Version 3W - Chapter 11
247

AUTHORS

249       Olaf Kirch <okir@suse.de>
250       Chuck Lever <chuck.lever@oracle.com>
251
252
253
254                                1 November 2009                   SM-NOTIFY(8)
Impressum