Re: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE
Spencer Shepler <spencer.shepler@sun.com> Fri, 01 October 2004 22:58 UTC
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA06114 for <nfsv4-web-archive@ietf.org>; Fri, 1 Oct 2004 18:58:40 -0400 (EDT)
Received: from megatron.ietf.org ([132.151.6.71]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CDWUu-0006sN-64 for nfsv4-web-archive@ietf.org; Fri, 01 Oct 2004 19:07:33 -0400
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CDW1i-0006QF-13; Fri, 01 Oct 2004 18:37:22 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1CDVoq-0000n1-Pa for nfsv4@megatron.ietf.org; Fri, 01 Oct 2004 18:24:04 -0400
Received: from ietf-mx.ietf.org (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id SAA01721 for <nfsv4@ietf.org>; Fri, 1 Oct 2004 18:24:02 -0400 (EDT)
Received: from nwkea-mail-2.sun.com ([192.18.42.14]) by ietf-mx.ietf.org with esmtp (Exim 4.33) id 1CDVxO-0001do-Au for nfsv4@ietf.org; Fri, 01 Oct 2004 18:32:54 -0400
Received: from centralmail1brm.Central.Sun.COM ([129.147.62.1]) by nwkea-mail-2.sun.com (8.12.10/8.12.9) with ESMTP id i91MO335023745 for <nfsv4@ietf.org>; Fri, 1 Oct 2004 15:24:03 -0700 (PDT)
Received: from nfsclient.central.sun.com (nfsclient.Central.Sun.COM [129.153.128.2]) by centralmail1brm.Central.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL, v2.2) with ESMTP id i91MO2jW005788 for <nfsv4@ietf.org>; Fri, 1 Oct 2004 16:24:03 -0600 (MDT)
Received: from nfsclient.central.sun.com (localhost [127.0.0.1]) by nfsclient.central.sun.com (8.13.1+Sun/8.13.1) with ESMTP id i91MO2J4025551 for <nfsv4@ietf.org>; Fri, 1 Oct 2004 17:24:02 -0500 (CDT)
Received: (from shepler@localhost) by nfsclient.central.sun.com (8.13.1+Sun/8.13.1/Submit) id i91MO2aT025550 for nfsv4@ietf.org; Fri, 1 Oct 2004 17:24:02 -0500 (CDT)
Date: Fri, 01 Oct 2004 17:24:02 -0500
From: Spencer Shepler <spencer.shepler@sun.com>
To: nfsv4@ietf.org
Subject: Re: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE
Message-ID: <20041001222402.GH25304@nfsclient.central.sun.com>
Mail-Followup-To: Spencer Shepler <spencer.shepler@sun.com>, nfsv4@ietf.org
References: <200409271551.LAA12550@snowhite.cis.uoguelph.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <200409271551.LAA12550@snowhite.cis.uoguelph.ca>
User-Agent: Mutt/1.4.1i
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 082a9cbf4d599f360ac7f815372a6a15
X-BeenThere: nfsv4@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: spencer.shepler@sun.com
List-Id: NFSv4 Working Group <nfsv4.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/nfsv4>
List-Post: <mailto:nfsv4@ietf.org>
List-Help: <mailto:nfsv4-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/nfsv4>, <mailto:nfsv4-request@ietf.org?subject=subscribe>
Sender: nfsv4-bounces@ietf.org
Errors-To: nfsv4-bounces@ietf.org
X-Spam-Score: 0.0 (/)
X-Scan-Signature: c0bedb65cce30976f0bf60a0a39edea4
On Mon, rick@snowhite.cis.uoguelph.ca wrote: > > We use the NFS4ERR_ADMIN_REVOKED error for indicating when state > > [clientid, stateid (either open,lock, or delegation)] has been revoked and > > will no longer be accepted by the server. > > Yep. My main concern in this area was "how permanent" this has to be. Which > you've addressed later. (Put another way when/if the NFS4ERR_ADMIN_REVOKED > can be replaced by NFS4ERR_EXPIRED.) Clientid doesn't apply and I think that is understood in that if the clientid is revoked then NFS4ERR_EXPIRED should be returned, not NFS4ERR_ADMIN_REVOKED. > > Once the client as a whole has been marked as revoked, we do not do any > > renewing of it. > > Once the client's state structures are reclaimed (which may be some time > > after it has really "expired"), then the client would get back the > > NFS4ERR_EXPIRED error. > > This sounds exactly like what my current code will do. (I, also, don't > expire the client until sometime after the expiry.) > > > The only way for the client to get past this client wide revoke is to then > > issue a SETCLIENTID/SETCLIENTID_CONFIRM sequence. This will purge all > > revoked state from the client and it can begin anew. Do you do something > > like this OR do you make the revoke permanent? That is, require > > administrative intervention to lift the embargo on the bad client ? > > I also allow the SetClientID/confirm to lift the embargo, although I am > still on the fence as to whether or not that should be the case. The server has to return NFS4ERR_EXPIRED to old state from the client regardless of how long the client keeps sending it (unless the server eventually reboots). Even if the client does a SETCLIENTID/SETCLIENTID_CONFIRM and is confused enough to send old state requests, those old state requests still have to receive NFS4ERR_EXPIRED. > > We do not tie the revokes to a specific open owner. The main reason being > > is that the server hands out clientids and stateids, but not "open > > owners". The server only revokes things it hands out. > > This sounds like the only place where our current code differs. I used > the open/lockowner since it was explicitly referred to in the RFC. (My > assumption was that the author was thinking that an open/lockowner equates > to a client process/task that went south without releasing the state as > it should.) btw, when I say "revoke an openowner" I mean that all stateids > for all opens and lockowners associated with that openowner will be revoked > and use of all those stateids will get NFS4ERR_ADMIN_REVOKED. > > My current code could easily be changed to revoke opens instead of openowners. > > Do others see this as an issue? (ie. Does it matter w.r.t the protocol whether > the openowner with all associated opens or the individual opens, gets revoked?) Administratively, I would expect that files or shares/exports are the unit of revocation. The admin is unlikely to care about openowners unless there seems to something broken with the NFSv4 client and it that case the entire client might as well be revoked. Spencer _______________________________________________ nfsv4 mailing list nfsv4@ietf.org https://www1.ietf.org/mailman/listinfo/nfsv4
- [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE rick
- Re: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE Spencer Shepler
- RE: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE Noveck, Dave
- Re: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE Spencer Shepler
- RE: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE Noveck, Dave
- Re: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE Spencer Shepler
- [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE rick
- RE: [nfsv4] re: re: NFS4ERR_ADMIN_REVOKE Noveck, Dave