pool: add property to specity IP addresses exposed to NFS clients

Motivation: In complex network configuration pool can have multiple IP addresses that are not reachable by the NFS clients. As those addresses propagated to doors, application might experience long delays before the first byte delivered. Modification: Introduce `pool.mover.nfs.multipath` property to accept comma separated list of IP addresses that pool will advertise to NFS clients. If the property is not set, then all available IP addresses will be published, unless `-Dorg.dcache.net.localaddresses=` Java property is set. Result: More predictable client behavior in complex network setups. Acked-by: Reported-by: Ryan Taylor Reported-by: Onno Zweers Target: master Require-book: no Require-notes: yes
dCache · Oct 1, 2024 · 17b79d5 · 17b79d5
1 parent d3dbba9
commit 17b79d5
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 2 deletions.
diff --git a/modules/dcache-nfs/src/main/java/org/dcache/chimera/nfsv41/mover/NfsTransferService.java b/modules/dcache-nfs/src/main/java/org/dcache/chimera/nfsv41/mover/NfsTransferService.java
@@ -38,6 +38,7 @@
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 import java.util.Set;
 import java.util.concurrent.Callable;
 import java.util.concurrent.ConcurrentHashMap;
@@ -188,6 +189,10 @@ public class NfsTransferService
      */
     private boolean _enableTls;
 
+    /**
+     * IP addresses that should be advertised to clients.
+     */
+    private String[] _multipathAddresses;
 
     // This is a workaround for the issue with the grizzly allocator.
     // (which uses a fraction of heap memory for direct buffers, instead of configured direct memory limit
@@ -236,7 +241,12 @@ public void init() throws Exception {
         tryToStartRpcService();
 
         int localPort = _rpcService.getInetSocketAddress(IpProtocolType.TCP).getPort();
-        _localSocketAddresses = localSocketAddresses(NetworkUtils.getLocalAddresses(), localPort);
+
+        if (_multipathAddresses == null || _multipathAddresses.length == 0) {
+            _localSocketAddresses = localSocketAddresses(NetworkUtils.getLocalAddresses(), localPort);
+        } else {
+            _localSocketAddresses = localSocketAddresses(_multipathAddresses, localPort);
+        }
 
         _embededDS = new NFSServerV41.Builder()
               .withOperationExecutor(_operationFactory)
@@ -401,6 +411,10 @@ public void setEnableTls(boolean enableTls) {
         _enableTls = enableTls;
     }
 
+    public void setMultipathAddresses(String[] multipathAddresses) {
+        _multipathAddresses = multipathAddresses;
+    }
+
     public void shutdown() throws IOException {
         _cleanerExecutor.shutdown();
         _embededDS.getStateHandler().shutdown();
@@ -462,6 +476,14 @@ private InetSocketAddress[] localSocketAddresses(Collection<InetAddress> address
               .toArray(InetSocketAddress[]::new);
     }
 
+
+    private InetSocketAddress[] localSocketAddresses(String[] addresses, int port) {
+        return Arrays.stream(addresses)
+              .map(InetAddresses::forString)
+              .map(a -> new InetSocketAddress(a, port))
+              .toArray(InetSocketAddress[]::new);
+    }
+
     /**
      * Add mover into list of allowed transfers.
      *
@@ -659,7 +681,8 @@ public void run() {
     public void getInfo(PrintWriter pw) {
         CellInfoProvider.super.getInfo(pw);
         var endpoint = _rpcService.getInetSocketAddress(IpProtocolType.TCP);
-        pw.printf("   Listening on: %s:%d\n", InetAddresses.toUriString(endpoint.getAddress()), endpoint.getPort());
+        pw.printf("   Listening on       : %s:%d\n", InetAddresses.toUriString(endpoint.getAddress()), endpoint.getPort());
+        pw.printf("   Multipath addresses: %s\n", Optional.ofNullable(_multipathAddresses).map(Arrays::toString));
     }
 
     /**

diff --git a/modules/dcache/src/main/resources/org/dcache/pool/classic/pool.xml b/modules/dcache/src/main/resources/org/dcache/pool/classic/pool.xml
@@ -366,6 +366,7 @@
       <property name="certFile" value="${pool.mover.nfs.hostcert.cert}"/>
       <property name="keyFile" value="${pool.mover.nfs.hostcert.key}"/>
       <property name="caPath" value="${pool.mover.nfs.capath}"/>
+      <property name="multipathAddresses" value="${pool.mover.nfs.multipath}"/>
   </bean>
 
   <bean id="signing-policy"

diff --git a/skel/share/defaults/pool.properties b/skel/share/defaults/pool.properties
@@ -264,6 +264,17 @@ pool.mover.nfs.capath=${dcache.authn.capath}
 pool.mover.nfs.port.min = ${dcache.net.lan.port.min}
 pool.mover.nfs.port.max = ${dcache.net.lan.port.max}
 
+
+# ---- IP addresses advertised to NFS clients
+#
+# Comma separated list of IP addresses that the pool advertises to NFS clients.
+# If empty, the pool will advertise all IP addresses on the host, unless
+# `-Dorg.dcache.net.localaddresses=` Java property is set.
+#
+# Example:
+#    pool.mover.nfs.multipath=192.168.1.1,fe80::2e2e:50de:7aa5:395
+pool.mover.nfs.multipath =
+
 #  ---- NFS mover's request processing policy ----
 #
 # When a NFS request received over the network there are two