From b71bc4e48097b47fe63fd7c734276d772b89b9c4 Mon Sep 17 00:00:00 2001 From: Zach Loafman Date: Fri, 23 Oct 2015 11:24:59 -0700 Subject: [PATCH] Fix volumes/test/nfs: Needs to run insecure to allow container connections Since this is a container service port anyways, "insecure" is a bit of a red herring. There's no real security relevance to the incoming port numbers for the NFS server pod. This lets us get rid of the examples/nfs/exporter Docker build (@jsafrane's personal image). --- examples/nfs/exporter/Dockerfile | 11 ---- examples/nfs/exporter/README.md | 48 --------------- examples/nfs/exporter/run_nfs | 72 ----------------------- examples/nfs/nfs-server-rc.yaml | 3 +- test/images/volumes-tester/nfs/Makefile | 2 +- test/images/volumes-tester/nfs/run_nfs.sh | 2 +- 6 files changed, 3 insertions(+), 135 deletions(-) delete mode 100644 examples/nfs/exporter/Dockerfile delete mode 100644 examples/nfs/exporter/README.md delete mode 100755 examples/nfs/exporter/run_nfs diff --git a/examples/nfs/exporter/Dockerfile b/examples/nfs/exporter/Dockerfile deleted file mode 100644 index 68755ed44b..0000000000 --- a/examples/nfs/exporter/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM fedora:21 -MAINTAINER Jan Safranek -EXPOSE 2049/tcp - -RUN yum -y install nfs-utils && yum clean all - -ADD run_nfs /usr/local/bin/ - -RUN chmod +x /usr/local/bin/run_nfs - -ENTRYPOINT ["/usr/local/bin/run_nfs"] diff --git a/examples/nfs/exporter/README.md b/examples/nfs/exporter/README.md deleted file mode 100644 index 284ea27e1d..0000000000 --- a/examples/nfs/exporter/README.md +++ /dev/null @@ -1,48 +0,0 @@ - - - - -WARNING -WARNING -WARNING -WARNING -WARNING - -

PLEASE NOTE: This document applies to the HEAD of the source tree

- -If you are using a released version of Kubernetes, you should -refer to the docs that go with that version. - - -The latest 1.0.x release of this document can be found -[here](http://releases.k8s.io/release-1.0/examples/nfs/exporter/README.md). - -Documentation for other releases can be found at -[releases.k8s.io](http://releases.k8s.io). - --- - - - - - -# NFS-exporter container - -Inspired by https://github.com/cpuguy83/docker-nfs-server. Rewritten for -Fedora. - -Serves NFS4 exports, defined on command line. At least one export must be defined! - -Usage:: - - docker run -d --name nfs --privileged jsafrane/nfsexporter /path/to/share /path/to/share2 ... - - - -[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/examples/nfs/exporter/README.md?pixel)]() - diff --git a/examples/nfs/exporter/run_nfs b/examples/nfs/exporter/run_nfs deleted file mode 100755 index b6b888e930..0000000000 --- a/examples/nfs/exporter/run_nfs +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash - -# Copyright 2015 The Kubernetes Authors All rights reserved. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -function start() -{ - - # prepare /etc/exports - seq=0 - for i in "$@"; do - echo "$i *(rw,sync,no_root_squash,insecure,fsid=$seq)" >> /etc/exports - seq=$(($seq + 1)) - echo "Serving $i" - done - - # from /lib/systemd/system/proc-fs-nfsd.mount - mount -t nfsd nfds /proc/fs/nfsd - - # from /lib/systemd/system/nfs-config.service - /usr/lib/systemd/scripts/nfs-utils_env.sh - - # from /lib/systemd/system/nfs-mountd.service - . /run/sysconfig/nfs-utils - /usr/sbin/rpc.mountd $RPCMOUNTDARGS - - # from /lib/systemd/system/nfs-server.service - . /run/sysconfig/nfs-utils - /usr/sbin/exportfs -r - /usr/sbin/rpc.nfsd -N 2 -N 3 -V 4 -V 4.1 $RPCNFSDARGS - - echo "NFS started" -} - -function stop() -{ - echo "Stopping NFS" - - # from /lib/systemd/system/nfs-server.service - /usr/sbin/rpc.nfsd 0 - /usr/sbin/exportfs -au - /usr/sbin/exportfs -f - - # from /lib/systemd/system/nfs-mountd.service - kill $( pidof rpc.mountd ) - # from /lib/systemd/system/proc-fs-nfsd.mount - umount /proc/fs/nfsd - - echo > /etc/exports - exit 0 -} - - -trap stop TERM - -start "$@" - -# Ugly hack to do nothing and wait for SIGTERM -while true; do - read -done diff --git a/examples/nfs/nfs-server-rc.yaml b/examples/nfs/nfs-server-rc.yaml index e6f7f07377..15c4014080 100644 --- a/examples/nfs/nfs-server-rc.yaml +++ b/examples/nfs/nfs-server-rc.yaml @@ -13,8 +13,7 @@ spec: spec: containers: - name: nfs-server - # TODO(zmerlynn): change to gcr.io/google_containers/volume-nfs - image: jsafrane/nfs-data + image: gcr.io/google_containers/volume-nfs ports: - name: nfs containerPort: 2049 diff --git a/test/images/volumes-tester/nfs/Makefile b/test/images/volumes-tester/nfs/Makefile index a9c0961278..a70fb7902f 100644 --- a/test/images/volumes-tester/nfs/Makefile +++ b/test/images/volumes-tester/nfs/Makefile @@ -1,6 +1,6 @@ all: push -TAG = 0.3 +TAG = 0.4 container: docker build -t gcr.io/google_containers/volume-nfs . # Build new image and automatically tag it as latest diff --git a/test/images/volumes-tester/nfs/run_nfs.sh b/test/images/volumes-tester/nfs/run_nfs.sh index 1fc465f3fa..fd56429dbe 100755 --- a/test/images/volumes-tester/nfs/run_nfs.sh +++ b/test/images/volumes-tester/nfs/run_nfs.sh @@ -20,7 +20,7 @@ function start() # prepare /etc/exports for i in "$@"; do # fsid=0: needed for NFSv4 - echo "$i *(rw,fsid=0,no_root_squash)" >> /etc/exports + echo "$i *(rw,fsid=0,insecure,no_root_squash)" >> /etc/exports echo "Serving $i" done