Print

NFSv4 on Apple OS X

NFSv3


Version 3 of this protocol (the current default) is widely used and works well.
Usage has however outstripped it's original design and there are some inherent limitations including file locking, UID/GID mappings and performance (although it isn't too bad).

NFSv4

This is slowing becoming the new NFS standard. It has many key improvements that resolve everyday issues. Implementation sources are available and largely seem to work but there are still a few implementation/interpretation issues lurking in the corners. Still my opinion is that if it works for you it will probably work well and is worth using.

NFSv4 Apple alpha version

This version comes built into your recent OS X, but is (as of Leopard) only alpha quality. This means there are bits of the standard Apple have not yet implemented, and if it breaks don't expect much formal support.
If you prefer the perceived safety of Apples current NFSv4 self-proclaimed "alpha" version, you should (ideally) get better performance than NFSv3, ACLs, and much easier protocol integration with firewalls etc.
What you don't get is ID mapping - for my money one of the biggest bugbears in a heterogenous computing environment (typically any environment with Macs for example).

NFSv4 and Snow Leopard...
Here's one comment http://lists.apple.com/archives/Darwin-kernel/2009/Aug/msg00044.html (external link)
Quote:
Q)Does Snow Leopard ship with a production quality NFSv4 client?
A) Unfortunately, no. Snow Leopard (Darwin 10) has more/better NFSv4.0
support but it is not considered "production quality" yet.

New in Snow Leopard are support for open and lock state management,
state recovery, some initial delegation handling support and callbacks.
Oh, and Kerberos should now work with NFSv4 too.

Yet to come are support for: Identity Mapping, ACLs, Named Attributes,
Mirror Mounts, and Replication/Migration.

This is a pity given Snow Leopard's purpose, and that Identity Mapping should be relatively simple and well understood (famous last words).

NFSv4 Open Source "newnfs" — the "Ricko" version

To fill the Apple functionality gap Rick Macklem (external link) has patched open source code to add the missing features on Apple including:
For more information go to http://code.google.com/p/macnfsv4/ (external link). These work on both Tiger (10.4) and Leopard (10.5) but more about that aspect below.

newnfs limitations
  • I understand it only works as an NFS client not a server (it hijacks the nfssvc() call).
  • It doesn't replace the existing "nfs" filesystem type but instead adds a new one "newnfs". This means that in several places where the filesystem type must be specified one has to use "newnfs". Unfortunately many of the internal OS X GUIified tools (eg Connect-To-Server) specially interpret nfs and thus don't work with "newnfs". So far the only real impact on me has been to require the use of command lines, which I tend to prefer anyway.
  • There may be difficulties if you want Kerberised auto-mounted home directories (all six of us on the planet :-) )

NFSv4Ricko (newnfs)


NFSv4Ricko on Tiger

This version provides three components for functions missing on Tiger:
  • Kernel module (core NFSv4 implementation used instead of Apples)
  • ID mapping (nfsuserd daemon)
  • GSS interface for Kerberos (gsscl daemon)

NFSv4Ricko on Leopard

This version provides two components for functions missing on Leopard:
  • Kernel module (core NFSv4 implementation used instead of Apples)
  • ID mapping (nfsuserd daemon)
The GSS interface daemon (gssd) is already present and Rick's code uses that instead.


Life wasn't mean to be easy...


Although newnfs does work pretty well there are still some troublesome areas (eg Applications which seem to cause more than their share of trouble over the network)

iTunes Problems


Although it's easy to blame iTunes (which does appear finicky about filing systems) I am tending to point the finger at newnfs.

Context
  • Directory Ownerships:
    • /private/mnt/backup was owned by kim so that mount can run as user for non newnfs (ie Apple NFSv4) tests. Also tried mounts as root with similar results except for expected Kerberos complications.
    • Folder in which iTunes was asked to create its library on the server has its mode set 0777: drwxrwxrwx 9 1000 10 9 Nov 18 03:33 Test
  • UID/GIDs:
    • Solaris: kim=1000:10
    • Mac: kim=501:20
  • The Solaris ZFS share was exported as follows (displayed using sharemfr show -vp):
zfs/tank/backup nfs=(log="global") smb=(rw="@192.168") nfs:krb5=(rw="@192.168") nfs:krb5i=(rw="@192.168") nfs:krb5p=(rw="@192.168") nfs:sys=(rw="@192.168")
          tank_backup=/tank/backup


For each of the following tests I performed the steps below:
  • mount the remote filing system
  • open iTunes (Option key to prompt creation of a new library)
  • tried to create library on the NFS share
  • close the application and unmount the share

The results below are categorised as:
WORKS: means iTunes succeeded and no errors appear (at the time)
FAILED: means it complained about being unable to read/write partway through the process.

FAILED results don't appear to be basic perms problems, in most cases because it does create files (deletion may cause problems in some cases)
Ultimately NFS v4alpha works and Newnfs v4 fails (not to mention V3 apparently killing the kernel - maybe a one off but I don't want to retest just now)

I have captured NFS network traffic for these but between iTunes and NFS being so verbose it's hard to wade through. I did try and couldn't see the actual problem. I think getting newnfs v3 to work is probably the key step (as it should be simpler).

SMBFS — WORKS
bigmac:~ kim$ mount -t smbfs //kim@blackhole/tank_backup /private/mnt/backup

iTunes_smb/
 3 d--------- 3 1000 10    11 Nov 18 03:33 .
 3 drwxrwxrwx 9 1000 10     9 Nov 18 03:33 ..
 5 ---------- 1 1000 10  4096 Nov 18 03:33 ._iTunes Library
 5 ---------- 1 1000 10  4096 Nov 18 03:33 ._iTunes Library.xml
 5 ---------- 1 1000 10  4096 Nov 18 03:33 ._sentinel
 5 ---------- 1 1000 10  3208 Nov 18 03:33 iTunes Library
13 ---------- 1 1000 10 12288 Nov 18 03:33 iTunes Library Extras.itdb
33 ---------- 1 1000 10 32768 Nov 18 03:33 iTunes Library Genius.itdb
15 ---------- 1 1000 10 14623 Nov 18 03:33 iTunes Library.xml
 3 d--------- 3 1000 10     5 Nov 18 03:33 iTunes Media
 2 ---------- 1 1000 10     8 Nov 18 03:33 sentinel


NFSv3 — WORKS
bigmac:/ kim$ mount -t nfs -o vers=3  blackhole:/tank/backup /private/mnt/backup		

iTunesv3/
 3 drwxr-xr-x 2 1000 10    10 Nov 18 03:07 .
 3 drwxrwxrwx 9 1000 10     9 Nov 18 03:33 ..
 5 -rw-r--r-- 1 1000 10  4096 Nov 18 03:07 ._iTunes Library
 5 -rw-r--r-- 1 1000 10  4096 Nov 18 03:07 ._iTunes Library.xml
 5 -rw-r--r-- 1 1000 10  4096 Nov 18 03:07 ._sentinel
 5 -rw-r--r-- 1 1000 10  3182 Nov 18 03:07 iTunes Library
13 -rw-r--r-- 1 1000 10 12288 Nov 18 03:07 iTunes Library Extras.itdb
33 -rw-r--r-- 1 1000 10 32768 Nov 18 03:07 iTunes Library Genius.itdb
15 -rw-r--r-- 1 1000 10 14593 Nov 18 03:07 iTunes Library.xml
 2 -rw-r--r-- 1 1000 10     8 Nov 18 03:07 sentinel


NEWNFS V3 SYS Auth — FAILED (Ultimately hung system)
bigmac:/ kim$ mount -t newnfs -o "-3,-T,-Ssys"  blackhole:/tank/backup /private/mnt/backup 

iTunesv3/
3 drwxr-xr-x 2  501 10 4 Nov 18 03:09 .
3 drwxrwxrwx 9 1000 10 9 Nov 18 03:33 ..
1 -rw-r--r-- 1  501 20 0 Nov 18 03:09 ._sentinel
1 -rw-r--r-- 1  501 20 0 Jul 10  1995 sentinel


NFS V4 ALPHA — WORKS
bigmac:/ kim$ mount -t nfs -o vers=4.0alpha  blackhole:/tank/backup /private/mnt/backup 

iTunesv4a/
 3 drwxr-xr-x 2  501 20    10 Nov 18 03:07 .
 3 drwxrwxrwx 9 1000 10     9 Nov 18 03:33 ..
 5 -rw-r--r-- 1  501 20  4096 Nov 18 03:07 ._iTunes Library
 5 -rw-r--r-- 1  501 20  4096 Nov 18 03:06 ._iTunes Library.xml
 5 -rw-r--r-- 1  501 20  4096 Nov 18 03:06 ._sentinel
 5 -rw-r--r-- 1  501 20  3183 Nov 18 03:07 iTunes Library
13 -rw-r--r-- 1  501 20 12288 Nov 18 03:06 iTunes Library Extras.itdb
33 -rw-r--r-- 1  501 20 32768 Nov 18 03:06 iTunes Library Genius.itdb
15 -rw-r--r-- 1  501 20 14593 Nov 18 03:06 iTunes Library.xml
 2 -rw-r--r-- 1  501 20     8 Nov 18 03:07 sentinel


NEWNFS V4 SYS — FAILED
bigmac:/ kim$ mount -t newnfs -o "-4,-T,-Ssys"  blackhole:/tank/backup /private/mnt/backup

iTunesv4n/
 3 drwxr-xr-x 2  501 10     7 Nov 18 03:08 .
 3 drwxrwxrwx 9 1000 10     9 Nov 18 03:33 ..
 1 -rw-r--r-- 1  501 20     0 May 30  1926 Temp File 1.tmp
 1 -rw-r--r-- 1  501 20     0 May  6  1925 Temp File.tmp
13 -rw-r--r-- 1  501 10 12288 Nov 18 03:08 iTunes Library Extras.itdb
33 -rw-r--r-- 1  501 10 32768 Nov 18 03:08 iTunes Library Genius.itdb
 1 -rw-r--r-- 1  501 20     0 Jul  2  1919 sentinel


NEWNFS V4 KRB5 — FAILED
bigmac:~ kim$  mount -t newnfs -o "-4,-T,-Skrb5" blackhole:/tank/backup /private/mnt/backup

iTunesv4nk/
 3 drwxr-xr-x 3 1000 10     7 Nov 18 03:27 .
 3 drwxrwxrwx 9 1000 10     9 Nov 18 03:33 ..
 5 -rw-r--r-- 1 1000 10  4096 Nov 18 03:27 ._sentinel
13 -rw-r--r-- 1 1000 10 12288 Nov 18 03:27 iTunes Library Extras.itdb
33 -rw-r--r-- 1 1000 10 32768 Nov 18 03:27 iTunes Library Genius.itdb
 3 drwxr-xr-x 3 1000 10     3 Nov 18 03:27 iTunes Media
 1 -rw-r--r-- 1 1000 10     0 Jul 14  1970 sentinel


  • + : A leading plus sign indicates that this word must be present in every object returned.
  • - : A leading minus sign indicates that this word must not be present in any row returned.
  • By default (when neither plus nor minus is specified) the word is optional, but the object that contain it will be rated higher.
  • < > : These two operators are used to change a word's contribution to the relevance value that is assigned to a row.
  • ( ) : Parentheses are used to group words into subexpressions.
  • ~ : A leading tilde acts as a negation operator, causing the word's contribution to the object relevance to be negative. It's useful for marking noise words. An object that contains such a word will be rated lower than others, but will not be excluded altogether, as it would be with the - operator.
  • * : An asterisk is the truncation operator. Unlike the other operators, it should be appended to the word, not prepended.
  • " : The phrase, that is enclosed in double quotes ", matches only objects that contain this phrase literally, as it was typed.

Categories

Related Sites

Toolbox

Print