From 18e3d4929982c4f61673b2c78b0e9abced5239d7 Mon Sep 17 00:00:00 2001 From: Frederick Dilger Date: Wed, 14 Aug 2024 11:48:46 -0600 Subject: [PATCH] LU-4315 doc: updating lctl-[node] man page style Updating files to match the new code style for Lustre manual pages as enforced by 'contrib/scripts/checkpatch-man.pl'. This also includes other changes like removing < > or { } for singular required arguments and placing [ ] around optional ones as well as making all arguments CAPITAL and italicized, literal arguments are bolded. Lines over 80 characters should be split at the natural line end rather than the word that goes over the limit as fewer lines will need to be modified when making changes if each sentence is on it's own line. Only using features that appear in groff 1.22.3 as this is the available version is CentOS 8. Checked files: - lctl-nodemap-activate.8 - lctl-nodemap-add.8 - lctl-nodemap-add-idmap.8 - lctl-nodemap-add-range.8 - lctl-nodemap-del.8 - lctl-nodemap-del-idmap.8 - lctl-nodemap-del-range.8 - lctl-nodemap-modify.8 - lctl-nodemap-set-fileset.8 - lctl-nodemap-set-sepol.8 Test-Parameters: trivial Signed-off-by: Frederick Dilger Change-Id: I48a17b30f6e32918f5e1a0e874faaa18c39f65e0 Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/56059 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Maximilian Dilger Reviewed-by: Oleg Drokin Reviewed-by: Andreas Dilger --- lustre/doc/lctl-nodemap-activate.8 | 36 ++++---- lustre/doc/lctl-nodemap-add-idmap.8 | 58 ++++++------ lustre/doc/lctl-nodemap-add-range.8 | 97 +++++++++---------- lustre/doc/lctl-nodemap-add.8 | 48 +++++----- lustre/doc/lctl-nodemap-del-idmap.8 | 59 ++++++------ lustre/doc/lctl-nodemap-del-range.8 | 42 ++++----- lustre/doc/lctl-nodemap-del.8 | 38 ++++---- lustre/doc/lctl-nodemap-modify.8 | 169 ++++++++++++++++------------------ lustre/doc/lctl-nodemap-set-fileset.8 | 67 +++++++------- lustre/doc/lctl-nodemap-set-sepol.8 | 98 ++++++++++---------- 10 files changed, 354 insertions(+), 358 deletions(-) diff --git a/lustre/doc/lctl-nodemap-activate.8 b/lustre/doc/lctl-nodemap-activate.8 index 4c743e5..44f499a 100644 --- a/lustre/doc/lctl-nodemap-activate.8 +++ b/lustre/doc/lctl-nodemap-activate.8 @@ -1,35 +1,33 @@ -.TH LCTL-NODEMAP_ACTIVATE 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_ACTIVATE 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_activate \- activate or deactivate the nodemap feature .SH SYNOPSIS -.br -.B lctl nodemap_activate "<0|1>" -.br +.SY "lctl nodemap_activate" +.RB { 0 | 1 } +.YS .SH DESCRIPTION .B nodemap_activate -is used to activate or deactivate the nodemap feature. When nodemap is -active, all client operations are mapped based on rules created by the -administrator. - +is used to globally activate or deactivate the nodemap feature. When nodemap is +active, all client IDs are mapped based on rules specified by the administrator, +and filesystem operations may be restricted or prevented. .SH OPTIONS Passing 0 disables the nodemap feature, while 1 activates the feature. - .SH EXAMPLES -.nf -# lctl nodemap_activate 1 -.fi - +.EX +.B # lctl nodemap_activate 1 +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_activate is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_53_0-13-gae295503f5 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-add-range (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-add-idmap.8 b/lustre/doc/lctl-nodemap-add-idmap.8 index b7957fb..6097c1c 100644 --- a/lustre/doc/lctl-nodemap-add-idmap.8 +++ b/lustre/doc/lctl-nodemap-add-idmap.8 @@ -1,47 +1,51 @@ -.TH LCTL-NODEMAP_ADD_IDMAP 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_ADD_IDMAP 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_add_idmap \- define ID mappings for a nodemap .SH SYNOPSIS -.br -.B lctl nodemap_add_idmap <--name name> <--idtype {uid|gid|projid}> -.B <--idmap clientid:fsid> -.br +.SY "lctl nodemap_add_idmap" +.B --name +.I NODEMAP_NAME +.BR --idtype " {" uid | gid | projid } +.B --idmap +.IR CLIENTID [- CLIENTID_END ]: FSID [- FSID_END ] +.YS .SH DESCRIPTION .B nodemap_add_idmap adds an identity mapping to a nodemap. Clients that are members of the given nodemap will have the identities of their users mapped accordingly. - .SH OPTIONS -.I name -is the name of the nodemap that this idmap should be added to. - -.I idtype -is either "uid" or "gid" or "projid" depending on if it is a user ID or group +.TP +.BI --name " NODEMAP_NAME" +The name of the nodemap that this idmap should be added to. +.TP +.BR --idtype " {" uid | gid | projid } +Either "uid" or "gid" or "projid" depending on if it is a user ID or group ID or project ID that is to be mapped. - -.I idmap -is the identity to map, and what it should be mapped to. The first digit is the -ID of the user or group as it is on the client, and the second number is the ID -that it should map to on the Lustre filesystem. - +.TP +.BI --idmap " CLIENTID\fR[" - CLIENTID_END\fR] : FSID\fR[ - FSID_END\fR] +The identity to map, and what it should be mapped to. +The first number is the ID of the user or group as it is on the client, +and the second number is the ID that it should map to on the Lustre filesystem. .SH EXAMPLES -.nf -# lctl nodemap_add_idmap --name remotesite --idtype uid --idmap 2001:1001 -# lctl nodemap_add_idmap --name remotesite --idtype gid --idmap 2002:1002 -# lctl nodemap_add_idmap --name remotesite --idtype projid --idmap 33:1 -.fi +.EX +.B # lctl nodemap_add_idmap --name remotesite --idtype uid --idmap 2001:1001 +.B # lctl nodemap_add_idmap --name remotesite --idtype gid --idmap 2002:1002 +.B # lctl nodemap_add_idmap --name remotesite --idtype projid --idmap 33:1 +.B # lctl nodemap_add_idmap --name othersite --idtype uid --idmap 0-999:9000 +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_add_idmap is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_56_0-14-g294b0efc31 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), .BR lctl-nodemap-add-range (8), -.BR lctl-nodemap-del-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-add-range.8 b/lustre/doc/lctl-nodemap-add-range.8 index 8672cf4..bd2fd21 100644 --- a/lustre/doc/lctl-nodemap-add-range.8 +++ b/lustre/doc/lctl-nodemap-add-range.8 @@ -1,63 +1,64 @@ -.TH LCTL-NODEMAP_ADD_RANGE 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_ADD_RANGE 8 2024-08-14" Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_add_range \- define a range of NIDs for a nodemap .SH SYNOPSIS -.br -.B lctl nodemap_add_range <--name name> <--range range> -.br +.SY "lctl nodemap_add_range" +.BI --name " NODEMAP_NAME" +.BI --range " NID_RANGE" +.YS .SH DESCRIPTION -.B nodemap_add_range adds a range of NIDs to an existing nodemap. The NID range -cannot overlap with an existing NID range. Clients with NIDs that fall into the -new range will be moved into the given nodemap. - +.B nodemap_add_range adds a range of NIDs to an existing nodemap. +The NID range cannot overlap with an existing NID range. +Clients with NIDs that fall into the new range +will be moved into the given nodemap and any future RPCs will be subject +to the properties configured for that nodemap. .SH OPTIONS -.I name -is the name of the nodemap that this range should be added to. - -.I range -is the NID range that should be added to the nodemap. The syntax for the range -is the same as the rootsquash syntax, with the added constraint that the range -must be contiguous. - -.SH Formal LNET Range Definition - -.nf - :== [ ' ' ] - :== '@' - :== '*' | - | - - :== - ... - :== | - - :== '[' [ ',' ] ']' - :== | - '-' | - '-' '/' - :== | - :== "lo" | "tcp" | "o2ib" | "cib" | "openib" | "iib" | - "vib" | "ra" | "elan" | "gm" | "mx" | "ptl" - :== | -.fi - +.TP +.BI --name " NODEMAP_NAME" +The name of the nodemap that this range should be added to. +.TP +.BI --range " NID_RANGE" +The NID range that should be added to the nodemap. +The syntax for the range is the same as the rootsquash syntax, +with the added constraint that the range must be contiguous. +.SH Formal LNet NID Range Definition +.EX +NID_RANGE :== ADDR_RANGE@NET +ADDR_RANGE :== '*' | IPADDR_RANGE | NUM_RANGE +IPADDR_RANGE :== NUM_RANGE.NUM_RANGE.NUM_RANGE.NUM_RANGE +NUM_RANGE :== NUMBER | EXPR_LIST +EXPR_LIST :== '['RANGE_EXPR[,RANGE_EXPR]']' +RANGE_EXPR :== NUMBER | NUMBER-NUMBER | NUMBER-NUMBER/NUMBER +NET :== NET_TYPE[NUMBER] +.\" Currently supported LNet types are listed in libcfs_netstrfns[] +NET_TYPE :== "lo" | "tcp" | "o2ib" | "ptlf" | "gni" | "gip" | "kfi" +NUMBER :== NONNEGATIVE_DECIMAL | HEXADECIMAL +.EE +Where +.IR MIN - MAX / SKIP +indicates a sequence of numbers starting at +.I MIN +and incrementing by +.I SKIP +each time until no larger than +.IR MAX . .SH EXAMPLES -.nf -# lctl nodemap_add_range --name remotesite --range 192.168.1.[1-254]@tcp -# lctl nodemap_add_range --name otherremotesite --range 192.168.2.[1-254]@tcp -.fi - +.EX +.B # lctl nodemap_add_range --name remotesite --range 192.168.1.[1-254]@tcp +.B # lctl nodemap_add_range --name othersite --range 192.168.2.[1-254]@tcp +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_add_range is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_56_0-13-g4642f30970 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-add.8 b/lustre/doc/lctl-nodemap-add.8 index 77a193a..ad9ee2f 100644 --- a/lustre/doc/lctl-nodemap-add.8 +++ b/lustre/doc/lctl-nodemap-add.8 @@ -1,37 +1,37 @@ -.TH LCTL-NODEMAP_ADD 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_ADD 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME -lctl-nodemap_add \- add a new nodemap, to which NID ranges, identities, and -properties can be added +lctl-nodemap_add \- create a new nodemap to define client behavior .SH SYNOPSIS -.br -.B lctl nodemap_add -.br +.SY "lctl nodemap_add" +.I NODEMAP_NAME +.YS .SH DESCRIPTION -.B nodemap_add creates and names a new nodemap. The administrator can then add -NID ranges and identity mappings to the nodemap, as well as modify its -properties. - +.B nodemap_add +creates and names a new nodemap to which NID ranges, process identities, +and properties can be added to limit or otherwise manage capabilities +and filesystem access permission of those NID(s). .SH OPTIONS -.I name -is the name to give the new nodemap. It can be any string except "default". - +.TP +.I NODEMAP_NAME +The name to give the new nodemap. It can be any string except +.RB \(dq default \(dq. .SH EXAMPLES -.nf -# lctl nodemap_add remotesite -# lctl nodemap_add otherremotesite -.fi - +.EX +.B # lctl nodemap_add remotesite +.B # lctl nodemap_add othersite +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_add is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_53_0-13-gae295503f5 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-add-range (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-del-idmap.8 b/lustre/doc/lctl-nodemap-del-idmap.8 index a1a26e0..a149e8b 100644 --- a/lustre/doc/lctl-nodemap-del-idmap.8 +++ b/lustre/doc/lctl-nodemap-del-idmap.8 @@ -1,45 +1,48 @@ -.TH LCTL-NODEMAP_DEL_IDMAP 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_DEL_IDMAP 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_del_idmap \- delete an existing idmap from a nodemap .SH SYNOPSIS -.br -.B lctl nodemap_del_idmap <--name name> <--idtype {uid|gid|projid}> -.B <--idmap clientid:fsid> -.br +.SY "lctl nodemap_del_idmap" +.BI --name " NODEMAP_NAME" +.BR --idtype " {" uid | gid | projid } +.B --idmap +.IR CLIENTID [- CLIENTID_END ]: FSID [- FSID_END ] +.YS .SH DESCRIPTION .B nodemap_del_idmap -deletes an idmap from a nodemap. Users or groups or projects in the nodemap with -that ID will be squashed, if the trusted flag is not enabled. - +deletes an idmap from a nodemap. +Users or groups or projects in the nodemap with that ID will be squashed, +if the trusted flag is not enabled. .SH OPTIONS -.I name -is the name of the nodemap that this idmap should be deleted from. - -.I idtype -is either "uid" or "gid" or "projid" depending on if it is a user or group or +.TP +.BI --name " NODEMAP_NAME" +The name of the nodemap that this idmap should be deleted from. +.TP +.BR --idtype " {" uid | gid | projid } +Either "uid" or "gid" or "projid" depending on if it is a user or group or project ID mapping that is to be removed. - -.I idmap -is the identity map to delete. - +.TP +.BI --idmap " CLIENTID\fR[" - CLIENTID_END\fR] : FSID\fR[ - FSID_END\fR] +The identity map to delete. .SH EXAMPLES -.nf -# lctl nodemap_del_idmap --name remotesite --idtype uid --idmap 2001:1001 -# lctl nodemap_del_idmap --name remotesite --idtype gid --idmap 2002:1002 -# lctl nodemap_del_idmap --name remotesite --idtype projid --idmap 33:1 -.fi - +.EX +.B # lctl nodemap_del_idmap --name remotesite --idtype uid --idmap 2001:1001 +.B # lctl nodemap_del_idmap --name remotesite --idtype gid --idmap 2002:1002 +.B # lctl nodemap_del_idmap --name remotesite --idtype projid --idmap 33:1 +.B # lctl nodemap_add_idmap --name othersite --idtype uid --idmap 0-999:9000 +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_del_idmap is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_56_0-14-g294b0efc31 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), +.BR lctl-nodemap-add-idmap (8), .BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-range (8), -.BR lctl-nodemap-add-idmap (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-del-range.8 b/lustre/doc/lctl-nodemap-del-range.8 index 65266be..da91668 100644 --- a/lustre/doc/lctl-nodemap-del-range.8 +++ b/lustre/doc/lctl-nodemap-del-range.8 @@ -1,39 +1,39 @@ -.TH LCTL-NODEMAP_DEL_RANGE 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_DEL_RANGE 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_del_range \- delete an existing NID range from a nodemap .SH SYNOPSIS -.br -.B lctl nodemap_del_range "<--name name> <--range range>" -.br +.SY "lctl nodemap_del_range" +.BI --name " NODEMAP_NAME" +.BI --range " NID_RANGE" +.YS .SH DESCRIPTION .B nodemap_del_range deletes a NID range from a nodemap. Clients will be moved to the default nodemap. - .SH OPTIONS -.I name -is the name of the nodemap that this range should be deleted from. - -.I range -is the NID range that should be deleted from the nodemap. - +.TP +.BI --name " NODEMAP_NAME" +The name of the nodemap that this range should be deleted from. +.TP +.BI --range " NID_RANGE" +The NID range that should be deleted from the nodemap. .SH EXAMPLES -.nf -# lctl nodemap_del_range --name remotesite --range 192.168.1.[1-254]@tcp -# lctl nodemap_del_range --name otherremotesite --range 192.168.2.[1-254]@tcp -.fi - +.EX +.B # lctl nodemap_del_range --name remotesite --range 192.168.1.[1-254]@tcp +.B # lctl nodemap_del_range --name othersite --range 192.168.2.[1-254]@tcp +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_del_range is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_56_0-13-g4642f30970 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-add-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-del.8 b/lustre/doc/lctl-nodemap-del.8 index f557e69..8f510a1 100644 --- a/lustre/doc/lctl-nodemap-del.8 +++ b/lustre/doc/lctl-nodemap-del.8 @@ -1,36 +1,36 @@ -.TH LCTL-NODEMAP_DEL 8 "2015-01-20" Lustre "configuration utilities" +.TH LCTL-NODEMAP_DEL 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_del \- delete an existing nodemap .SH SYNOPSIS -.br -.B lctl nodemap_del "" -.br +.SY "lctl nodemap_del" +.I NODEMAP_NAME +.YS .SH DESCRIPTION -.B nodemap_del deletes an existing nodemap. All of the associated mappings and +.B nodemap_del +deletes an existing nodemap. All of the associated mappings and NID ranges will be removed as well, and existing clients will be moved to the default nodemap. - .SH OPTIONS -.I name -is the name of the nodemap to delete. The default nodemap cannot be deleted. - +.TP +.I NODEMAP_NAME +The name of the nodemap to delete. The default nodemap cannot be deleted. .SH EXAMPLES -.nf -# lctl nodemap_del remotesite -# lctl nodemap_del otherremotesite -.fi - +.EX +.B # lctl nodemap_del remotesite +.B # lctl nodemap_del othersite +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_del is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_53_0-13-gae295503f5 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-add-range (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-modify.8 b/lustre/doc/lctl-nodemap-modify.8 index e392b34..be82213 100644 --- a/lustre/doc/lctl-nodemap-modify.8 +++ b/lustre/doc/lctl-nodemap-modify.8 @@ -1,139 +1,130 @@ -.TH LCTL-NODEMAP_MODIFY 8 "2019-01-22" Lustre "configuration utilities" +.TH LCTL-NODEMAP_MODIFY 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_modify \- modify a nodemap property .SH SYNOPSIS -.br -.B lctl nodemap_modify <--name nodemap_name> <--property property_name> -<--value value> -.br +.SY "lctl nodemap_modify" +.BI --name " NODEMAP_NAME" +.BI --property " PROPERTY_NAME" +.BI --value " VALUE" +.YS .SH DESCRIPTION .B nodemap_modify modifies a property of the given nodemap. - .SH OPTIONS -.I nodemap_name -is the name of the nodemap to modify - -.I property_name -is one of the following properties: -.RS 0.3i -.PP -admin -.RS 4 +.TP +.BI --name " NODEMAP_NAME" +Rhe name of the nodemap to modify +.TP +.BI --property " PROPERTY_NAME" +One of the following properties: +.RS 8 +.TP 4 +.B admin Defaults to 0. If set to 1, then root will NOT be squashed. By default, the root user is mapped to the value of squash_uid. -.RE -.PP -trusted -.RS 4 +.TP +.B trusted Defaults to 0. If set to 1, then user mapping will be disabled for all non-root users. This means that the identities provided by the client will be trusted to match the identities of the file system. By default, the client user identities are mapped to the file system identities based on the nodemap rules. -.RE -.PP -squash_uid -.RS 4 -Defaults to 99. The user ID that unknown users (if not trusted) and root (if not admin) should be mapped to. -.RE -.PP -squash_gid -.RS 4 -Defaults to 99. The group ID that unknown groups (if not trusted) and root (if not admin) should be mapped to. -.RE -.PP -squash_projid -.RS 4 -Defaults to 99. The project ID that unknown projects (if not trusted) should be mapped to. -.RE -.PP -deny_unknown -.RS 4 +.TP +.B squash_uid +Defaults to +.B NODEMAP_NOBODY_UID +if not specified, which is 65534 to match the standard Linux +.B nobody +user ID. +The user ID that unknown users (if not trusted) +and root (if not admin) should be mapped to. +.TP +.B squash_gid +Defaults to +.B NODEMAP_NOBODY_UID +if not specified, which is 65534 to match the standard Linux +.B nobody +user ID. +The group ID that unknown groups (if not trusted) +and root (if not admin) should be mapped to. +.TP +.B squash_projid +Defaults to +.B NODEMAP_NOBODY_UID +if not specified, which is 65534 to match the standard Linux +.B nobody +user ID. +The project ID that unknown projects (if not trusted) should be mapped to. +.TP +.B deny_unknown Defaults to 0. If set to 1 then unknown (squashed) users will be denied access to the filesystem completely instead of just being squashed. Users are considered unknown by nodemap if the admin flag is off and the user is root, or trusted are set to off and the user is not mapped. - +.IP Note: directory entries cached by a Lustre client may be visible to unknown users located on the same client, though the contents of the files will not be. -.RE -.PP -audit_mode -.RS 4 +.TP +.B audit_mode Defaults to 1, which lets clients record file system access events to the Changelogs, if Changelogs are otherwise activated. If set to 0, events from these clients are not logged into the Changelogs, no matter if Changelogs are activated or not. The reason not to record file system events from given clients is to prevent some nodes (e.g. backup, HSM agent nodes) from flooding the Changelogs. -.RE -.PP -map_mode -.RS 4 +.TP +.B map_mode Defaults to all, which means the nodemap maps UIDs, GIDs, and PROJIDs. Other possible values (multiple can be specified, comma separated) are uid to map UIDs, gid to map GIDs, both to map UIDs and GIDs, and projid to map PROJIDs. -.RE -.PP -forbid_encryption -.RS 4 +.TP +.B forbid_encryption Defaults to 0, which means encryption is allowed. Set to 1 to prevent clients from using encryption. -.RE -.PP -readonly_mount -.RS 4 +.TP +.B readonly_mount Defaults to 0, which lets clients mount in read-write mode. If set to 1, clients are forced to a read-only mount if not specified explicitly. -.RE -.PP -rbac -.RS 4 +.TP +.B rbac Defaults to all, which means all roles are allowed. Other possible values (multiple can be specified, comma separated) are: -.br +.EX - byfid_ops, to allow operations by FID (e.g. 'lfs rmfid'). -.br - chlg_ops, to allow access to Lustre Changelogs. -.br - dne_ops, to allow operations related to DNE (e.g. 'lfs mkdir'). -.br - file_perms, to allow modifications of file permissions and owners. -.br -- fscrypt_admin, to allow fscrypt related admin tasks (create or modify -protectors/policies). Note that even without this role, it is still possible -to lock or unlock encrypted directories, as these operations only need read -access to fscrypt metadata. +.EE +- fscrypt_admin, to allow fscrypt related admin tasks +(create or modify protectors/policies). Note that even without this role, +it is still possible to lock or unlock encrypted directories, +as these operations only need read access to fscrypt metadata. .br - quota_ops, to allow quota modifications. -.br -Apart from all, any role not explicitly specified is forbidden. And to forbid -all roles, use 'none' value. +Apart from all, any role not explicitly specified is forbidden. +And to forbid all roles, use 'none' value. .RE - -.RE -.I value -is the value to set for the property. Should be 0 or 1 for admin and trusted. - +.TP +.BI --value " VALUE" +The value to set for the property. Should be 0 or 1 for admin and trusted. .SH EXAMPLES -.nf -# lctl nodemap_modify --name remotesite --property trusted --value 1 -# lctl nodemap_modify --name remotesite --property admin --value 1 -# lctl nodemap_modify --name remotesite --property map_mode --value uid_only -# lctl nodemap_modify --name otherremotesite --property squash_uid --value 101 -.fi - +.EX +.B # lctl nodemap_modify --name remotesite --property trusted --value 1 +.B # lctl nodemap_modify --name remotesite --property admin --value 1 +.B # lctl nodemap_modify --name remotesite --property map_mode --value uid_only +.B # lctl nodemap_modify --name othersite --property squash_uid --value 101 +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_modify is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.6.0 +.\" Added in commit v2_5_56_0-13-g4642f30970 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-add-range (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8) diff --git a/lustre/doc/lctl-nodemap-set-fileset.8 b/lustre/doc/lctl-nodemap-set-fileset.8 index 4bba67f..4374c16 100644 --- a/lustre/doc/lctl-nodemap-set-fileset.8 +++ b/lustre/doc/lctl-nodemap-set-fileset.8 @@ -1,56 +1,53 @@ -.TH LCTL-NODEMAP_SET_FILESET 8 "2019-01-17" Lustre "configuration utilities" +.TH LCTL-NODEMAP_SET_FILESET 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_set_fileset \- add a fileset to a nodemap .SH SYNOPSIS -.br -.B lctl nodemap_set_fileset --name -.RI < nodemap > -.B --fileset -.RI < fileset > -.br +.SY "lctl nodemap_set_fileset" +.BI --name " NODEMAP" +.BI --fileset " SUBDIRECTORY" +.YS .SH DESCRIPTION .B nodemap_set_fileset adds -.I fileset +.I FILESET to the specified -.IR nodemap . +.IR NODEMAP . The -.I fileset -must -begin with '/'. Clients belonging to -.I nodemap +.I SUBDIRECTORY +must begin with '/'. Clients belonging to +.I NODEMAP will be automatically presented the corresponding -.I fileset -when mounting. This means these clients -are doing an implicit subdirectory mount on the subdirectory represented by -the defined -.IR fileset . - +.I SUBDIRECTORY +when mounting. +This means these clients are doing an implicit subdirectory +mount on the subdirectory represented by the defined +.IR SUBDIRECTORY . .SH OPTIONS -.I nodemap -is the name of the nodemap that this fileset should be associated with. - -.I fileset -is the fileset to restrict the clients to. The fileset must begin with '/'. - +.TP +.BI --name " NODEMAP" +The name of the nodemap that this fileset should be associated with. +.TP +.BI --fileset " SUBDIRECTORY" +The fileset to restrict the clients to. The fileset must begin with '/'. .SH EXAMPLES -.nf -# lctl nodemap_set_fileset --name tenant1 --fileset '/dir1' -# lctl nodemap_set_fileset --name admins --fileset '' -.fi - +.EX +.B # lctl nodemap_set_fileset --name tenant1 --fileset '/dir1' +.B # lctl nodemap_set_fileset --name admins --fileset '' +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_set_fileset is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.9.0 +.\" Added in commit v2_8_53_0-63-g25420c75e4 .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) diff --git a/lustre/doc/lctl-nodemap-set-sepol.8 b/lustre/doc/lctl-nodemap-set-sepol.8 index e6faf07..dbc30a7 100644 --- a/lustre/doc/lctl-nodemap-set-sepol.8 +++ b/lustre/doc/lctl-nodemap-set-sepol.8 @@ -1,75 +1,77 @@ -.TH LCTL-NODEMAP_SET_SEPOL 8 "2019-01-21" Lustre "configuration utilities" +.TH LCTL-NODEMAP_SET_SEPOL 8 2024-08-14 Lustre "Lustre Configuration Utilities" .SH NAME lctl-nodemap_set_sepol \- set SELinux policy info on a nodemap .SH SYNOPSIS -.br -.B lctl nodemap_set_sepol --name -.RI < nodemap > -.B --sepol -.RI < sepol > -.br +.SY "lctl nodemap_set_sepol" +.BI --name " NODEMAP" +.BI --sepol " POLICY" +.YS .SH DESCRIPTION .B nodemap_set_sepol adds SELinux policy info as described by -.I sepol +.I POLICY to the specified -.IR nodemap . +.IR NODEMAP . The -.I sepol +.I POLICY string describing the SELinux policy has the following syntax: - -::: - +.EX +.IR MODE : NAME : VERSION : HASH where: .RS 4 -- is a digit telling if SELinux is in Permissive mode (0) or Enforcing -mode (1) - -- is the name of the SELinux policy - -- is the version of the SELinux policy - -- is the computed hash of the binary representation of the policy, as -exported in /etc/selinux//policy/policy. +.TP 9 +.RI - MODE +is a digit telling if SELinux is in Permissive mode (0) or Enforcing mode (1) +.TP +.RI - NAME +is the name of the SELinux policy +.TP +.RI - VERSION +is the version of the SELinux policy +.TP +.RI - HASH +is the computed hash of the binary representation of the policy, as exported in +.RI /etc/selinux/ NAME /policy/policy. VERSION .RE - +.EE +.P The reference -.I sepol -string can be obtained on a client node known to enforce the right SELinux policy, -by calling the l_getsepol command line utility. - +.I POLICY +string can be obtained on a client node known to enforce +the right SELinux policy, by calling the l_getsepol command line utility. +.P Clients belonging to -.I nodemap +.I NODEMAP must enforce the SELinux policy described by -.IR sepol , +.IR POLICY , otherwise they are denied access to the Lustre file system. - .SH OPTIONS -.I nodemap -is the name of the nodemap that this SELinux policy info should be associated -with. - -.I sepol -is the string describing the SELinux policy that clients must enforce. It has -to conform to the syntax described above. - +.TP +.BI --name " NODEMAP" +The name of the nodemap that this SELinux policy info should be associated with. +.TP +.BI --sepol " POLICY" +is the string describing the SELinux policy that clients must enforce. +It has to conform to the syntax described above. .SH EXAMPLES -.nf -# lctl nodemap_set_sepol --name restricted --sepol '1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f' -# lctl nodemap_set_sepol --name admins --sepol '' -.fi - +.EX +.B # lctl nodemap_set_sepol --name restricted --sepol \ +'1:mls:31:40afb76d077c441b69af58cccaaa2ca63641ed6e21b0a887dc21a684f508b78f' +.B # lctl nodemap_set_sepol --name admins --sepol '' +.EE .SH AVAILABILITY -.B lctl +.B lctl nodemap_set_sepol is part of the -.BR Lustre (7) -filesystem package. +.BR lustre (7) +filesystem package since release 2.13.0 +.\" Added in commit v2_12_50-89-g1f6cb3534e .SH SEE ALSO .BR lustre (7), .BR lctl-nodemap-activate (8), .BR lctl-nodemap-add (8), -.BR lctl-nodemap-del (8), -.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-add-idmap (8), +.BR lctl-nodemap-add-range (8), +.BR lctl-nodemap-del (8), .BR lctl-nodemap-del-idmap (8), +.BR lctl-nodemap-del-range (8), .BR lctl-nodemap-modify (8) -- 1.8.3.1