autofs 5.1.3 attempts communication with portmapper (port 111) even for NFS4 mounts
This document (000020650) is provided subject to the disclaimer at the end of this document.
Environment
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 12 SP5
Situation
SLES 12 SP5 and SLES 15 SPx provide autofs 5.1.3, a newer version than previously supplied with SLES. With this version, if the automount daemon believes that a targetted NFS Server is at a local (same machine) IP address, autofs will attempt to communicate with the rpc portmapper on port 111, even for NFS4 mounts. This is not desired because NFS4 is intended to work even if an NFS client can communicate only with an NFS Server's port 2049. If this port 111 communication fails, the automount will fail.
Normally, this would not cause any problem because local port 111 is typically reachable. However, if an ssh tunnel (or some other feature) causes traffic on a local IP address to be fowarded to a remote system, firewalls or limitations of the tunnel configuration could block attempts to reach the remote port 111.
Normally, this would not cause any problem because local port 111 is typically reachable. However, if an ssh tunnel (or some other feature) causes traffic on a local IP address to be fowarded to a remote system, firewalls or limitations of the tunnel configuration could block attempts to reach the remote port 111.
Resolution
A certain syntax and an autofs patch will both be needed to resolve this issue. The patch suppresses the communication to port 111 only if the "port" option is set. Keep in mind that these steps are not typically needed unless autofs believes the NFS Server is at a local IP address.
1. Necessary syntax:
Include the nfs mount option "port=2049" in the automount map. Automount maps can be done in many ways, so the exact method may vary, but here is one example of including mount options within the /etc/auto.master entry of a direct map:
/- /etc/auto.direct nobind,rw,vers=4,port=2049,proto=tcp
2. Autofs patch:
For SLES 12 SP5, the change was introduced in autofs 5.1.3-3.8.1, released in public maintenance April 19, 2022.
For SLES 15 SP3, a change was introduced in autofs 5.1.3-150000.7.11.1, released in public maintenance April 26, 2022.
1. Necessary syntax:
Include the nfs mount option "port=2049" in the automount map. Automount maps can be done in many ways, so the exact method may vary, but here is one example of including mount options within the /etc/auto.master entry of a direct map:
/- /etc/auto.direct nobind,rw,vers=4,port=2049,proto=tcp
2. Autofs patch:
For SLES 12 SP5, the change was introduced in autofs 5.1.3-3.8.1, released in public maintenance April 19, 2022.
For SLES 15 SP3, a change was introduced in autofs 5.1.3-150000.7.11.1, released in public maintenance April 26, 2022.
Additional Information
The fix originated from the upstream Linux community, and was introduced there in autofs 5.1.4. SUSE has back-ported the fix into version 5.1.3 as well, for the distributions listed above.
In SUSE's autofs changelog, the fix appears as:
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
Suppress portmap calls when port explicitly given
(bsc#1195697)
The patches were described upstream changelog as:
- remove some redundant rpc library code.
- add port parameter to rpc_ping().
- dont probe NFSv2 by default.
- add version parameter to rpc_ping().
And the patches also included this description:
Add an version parameter to rpc_ping() to try and avoid NFS pings
to protocol or NFS version that isn't to be used.
When the port option is specified (possibly for NFS tunneling) it's
likely that the protocol is also specified which will reduce unneeded
NFS ping requests. But for this to work best (with the minimum delay)
the NFS version needs to also be specified in the NFS mount options.
In SUSE's autofs changelog, the fix appears as:
- 0004-autofs-5.1.3-add-port-parameter-to-rpc_ping.patch
Suppress portmap calls when port explicitly given
(bsc#1195697)
The patches were described upstream changelog as:
- remove some redundant rpc library code.
- add port parameter to rpc_ping().
- dont probe NFSv2 by default.
- add version parameter to rpc_ping().
And the patches also included this description:
Add an version parameter to rpc_ping() to try and avoid NFS pings
to protocol or NFS version that isn't to be used.
When the port option is specified (possibly for NFS tunneling) it's
likely that the protocol is also specified which will reduce unneeded
NFS ping requests. But for this to work best (with the minimum delay)
the NFS version needs to also be specified in the NFS mount options.
Disclaimer
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020650
- Creation Date: 04-May-2022
- Modified Date:04-May-2022
-
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com
