How to run NFS4-only Server without rpcbind on SLES 12 or 15

SUSE Linux Enterprise Server 15

SUSE Linux Enterprise Server 12

NFSv4 can run without rpcbind, and without other nfs-related services needed for v3 or v2, which normally register themselves with rpcbind.

 

However, NFS on SLES 12 and 15 still defaults to supporting all of the above, and does not automatically disable the potentially unnecessary services when you switch off NFS Server v3/v2 support.  There are reasons for this (see the "Additional Information" section, below, for some discussion).

 

If the administrator desires to disable rpcbind for a NFS-v4-only environment, it can be done.  First, the method and impacts should be understood.

 

NOTE:  This document does not apply to SLES 11 or older distributions.

Various notes are important when considering whether to disable the rpcbind services, when implementing an NFS4-only server:

1.  Without rpcbind running, any attempt to execute "rpcinfo" against this machine will fail.  "rpcinfo" is often used for troubleshooting nfs related services, even on client-only machines.  This will not effect normal NFS operations, but may hamper troubleshooting efforts.

 

2.  The configuration in the "Resolution" section above will prevent rpc.mountd from registering with rpcbind, but rpc.mountd will still run.  It must perform some internal functions for the v4 NFS Server, even though v4 clients do not need to communicate with it.

 

3.  Without rpc.mountd servicing v3/v2 calls, any machine attempting to do "showmount -e" (or similar calls) against this NFS Server (to get a lists of exports) will fail.  Various applications, including some setups of autofs (automount) rely on such queries to discover available NFS shares.

4.  Without rpcbind or rpc.statd and other v3/v2 services enabled, not only will this machine be a NFS4-only Server, it will also be a NFS4-only client.  In other words, if this machine attempts to perform an NFS mount command (even one pointing to a different, remote NFS server that supports both v4 and v3), a vers=4 mount will work, but a vers=3 mount will fail with dependency errors about the various disabled or masked services.  This is because some services (rpcbind, statd, lockd) are necessary for NFS v3/v2 Client functions, not just NFS v3/v2 Server functions.

5.  The configuration recommended in this TID will accomplish what is intended (a functioning NFS-v4-only machine) but there will be some failure messages logged while nfsserver starts.  These are not important, as they merely confirm that v3/v2 related services are unable to start.  Examples of the expected messages follow.  They could be in dmesg output (from boot time) or in /var/log/messages (if nfsserver is started after boot):

systemd[1]: rpcbind.socket: Socket service rpcbind.service not loaded, refusing.
systemd[1]: Failed to listen on RPCbind Server Activation Socket.
systemd[1]: Dependency failed for NFS status monitor for NFSv2/3 locking..
systemd[1]: rpc-statd.service: Job rpc-statd.service/start failed with result 'dependency'.

6.  To unmask a service which was previously masked, use the "unmask" directive, such as:

 

 

7.  For more information on systemd and nfs, see "man nfs.systemd".

8.  Potentially, rpcbind is used for more than just NFS.  NIS (Name Information Service or Yellow Pages) also requires it.  A few 3rd party programs also use it.  Therefore, it might not be safe to disable it, even if NFS v3 and v2 are not used.