Skip to content

DRAFT Enforce NFSv4#3163

Draft
gmarciani wants to merge 2 commits into
aws:developfrom
gmarciani:wip/mgiacomo/3160/nfsv4-0415-1
Draft

DRAFT Enforce NFSv4#3163
gmarciani wants to merge 2 commits into
aws:developfrom
gmarciani:wip/mgiacomo/3160/nfsv4-0415-1

Conversation

@gmarciani

@gmarciani gmarciani commented Apr 15, 2026

Copy link
Copy Markdown
Contributor

DO NOT MERGE YET: This is just a draft, validated on Ubuntu, but facing issues on AL23 and it's missing proper unit tests

Description of changes

Enforce NFSv4-only mode on the NFS server across all supported operating systems.
In particular:

  1. Override upstream nfs cookbook defaults to enable NFSv4 and disable NFSv2/NFSv3.
  2. Add default['cluster']['nfs']['mask-nfsv2-nfsv3-services'] (default true) to mask rpcbind.service and rpcbind.socket, preventing rpc-statd and nfs-mountd from starting as transitive deps of nfs-server.service. This is done because NFsv4 does not require those services. This is exposed as a Chef attribute so customers who need NFSv2/v3 can set it to false to unmask those services.

Tests

  • TODO

References

This change fixes:

  1. NFS - Disable V2 and V3 aws-parallelcluster#6622 because we are enforcing now NFSv4-only.
  2. chef recipes are forcing lockd to port 32768 which leads to occasional NFS mount failures. aws-parallelcluster#6949 because we are masking the services not required by NFSv4, which were responsible for the intermittent ports collision.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@gmarciani gmarciani added the 3.x label Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant