https://wiki.archlinux.org/api.php?action=feedcontributions&user=Dr-bone&feedformat=atomArchWiki - User contributions [en]2024-03-29T06:35:52ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=MariaDB&diff=726887MariaDB2022-04-18T16:21:15Z<p>Dr-bone: replace all "/etc/mysql/my.cnf" with "/etc/my.cnf" since the old path is not working anymore with the current version of mariadb</p>
<hr />
<div>[[Category:Relational DBMSs]]<br />
[[de:MariaDB]]<br />
[[fr:MariaDB]]<br />
[[ja:MariaDB]]<br />
[[zh-hans:MariaDB]]<br />
{{Related articles start}}<br />
{{Related|phpMyAdmin}}<br />
{{Related|Adminer}}<br />
{{Related|JDBC and MySQL}}<br />
{{Related|Open Database Connectivity}}<br />
{{Related articles end}}<br />
[[Wikipedia:MariaDB|MariaDB]] is a reliable, high performance and full-featured database server which aims to be an 'always Free, backward compatible, drop-in' replacement of [[MySQL]]. Since 2013 MariaDB is Arch Linux's default implementation of MySQL.[https://archlinux.org/news/mariadb-replaces-mysql-in-repositories/]<br />
<br />
== Installation ==<br />
<br />
[https://mariadb.com/ MariaDB] is the [https://archlinux.org/news/mariadb-replaces-mysql-in-repositories/ default implementation] of MySQL in Arch Linux, provided with the {{Pkg|mariadb}} package.<br />
<br />
{{Tip|<br />
* If the database (in {{ic|/var/lib/mysql}}) resides on a [[Btrfs]] file system, you should consider disabling [[Btrfs#Copy-on-Write (CoW)|Copy-on-Write]] for the directory before creating any database.<br />
* If the database resides on a [[ZFS]] file system, you should consult [[ZFS#Databases]] before creating any database.<br />
}}<br />
<br />
[[Install]] {{Pkg|mariadb}}, and run the following command '''before starting''' the {{ic|mariadb.service}}:<br />
<br />
# mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql<br />
<br />
{{Tip|If you use something different from {{ic|/var/lib/mysql}} for your data dir, you need to set {{ic|1=datadir=''YOUR_DATADIR''}} under section {{ic|[mysqld]}} of your {{ic|/etc/my.cnf.d/server.cnf}}.}}<br />
<br />
Now {{ic|mariadb.service}} can be [[started]] and/or [[enabled]].<br />
<br />
{{Note|Before continuing, it is recommended to [[#Improve initial security|improve the initial security]] of the MySQL installation.}}<br />
<br />
To simplify administration, you might want to install a [[MySQL#Graphical tools|front-end]].<br />
<br />
== Configuration ==<br />
<br />
{{Out of date|The main /etc/my.cnf configuration file is now split into various files in /etc/my.cnf.d/ dir.}}<br />
<br />
Once you have started the MySQL server and added a root account, you may want to change the default configuration.<br />
<br />
To log in as {{ic|root}} on the MySQL server, use the following command:<br />
<br />
# mysql -u root -p<br />
<br />
{{Note|The default password is empty. Press {{ic|Enter}} to log in.}}<br />
<br />
=== Add user ===<br />
<br />
Creating a new user takes two steps: create the user; grant privileges. In the below example, the user ''monty'' with ''some_pass'' as password is being created, then granted full permissions to the database ''mydb'': <br />
<br />
{{hc|# mysql -u root -p|<br />
MariaDB> CREATE USER 'monty'@'localhost' IDENTIFIED BY 'some_pass';<br />
MariaDB> GRANT ALL PRIVILEGES ON mydb.* TO 'monty'@'localhost';<br />
MariaDB> FLUSH PRIVILEGES;<br />
MariaDB> quit<br />
}}<br />
<br />
=== Configuration files ===<br />
<br />
''MariaDB'' configuration options are read from the following files in the given order:<br />
<br />
/etc/my.cnf ~/.my.cnf<br />
<br />
Depending on the scope of the changes you want to make (system-wide, user-only...), use the corresponding file. See [https://mariadb.com/kb/en/library/configuring-mariadb-with-option-files/ this entry] of the Knowledge Base for more information.<br />
<br />
=== Enable auto-completion ===<br />
<br />
{{Note|Enabling this feature can make the client initialization longer.}}<br />
<br />
The MySQL client completion feature is disabled by default. To enable it system-wide edit {{ic|/etc/my.cnf.d/mysql-clients.cnf}}, and add {{ic|auto-rehash}} under {{ic|mysql}}. Note that this must not be placed under {{ic|mysqld}}. Completion will be enabled next time you run the MySQL client.<br />
<br />
=== Using UTF8MB4 ===<br />
<br />
{{Warning|Before changing the character set be sure to create a backup first.}}<br />
<br />
{{Note|<br />
* The {{Pkg|mariadb}} package already uses {{ic|utf8mb4}} as charset and {{ic|utf8mb4_unicode_ci}} as collation. Users using the default (character) settings may want to skip this section.<br />
* UTF8MB4 is recommended over UTF-8 since it allows full Unicode support [https://mathiasbynens.be/notes/mysql-utf8mb4] [https://stackoverflow.com/questions/30074492/what-is-the-difference-between-utf8mb4-and-utf8-charsets-in-mysql].<br />
}}<br />
<br />
[[Append]] the following values to the main configuration file located at {{ic|/etc/my.cnf}}:<br />
<br />
{{bc|1=<br />
[client]<br />
default-character-set = utf8mb4<br />
<br />
[mysqld]<br />
collation_server = utf8mb4_unicode_ci<br />
character_set_server = utf8mb4<br />
<br />
[mysql]<br />
default-character-set = utf8mb4<br />
}}<br />
<br />
[[Restart]] {{ic|mariadb.service}} to apply the changes.<br />
<br />
See [[#Maintenance]] to optimize and check the database health.<br />
<br />
=== Increase character limit ===<br />
<br />
{{Out of date|As of 10.3.1 this section is no longer applicable. All 3 options are now enabled by default. {{ic|innodb_file_format}} and {{ic|innodb_large_prefix}} are deprecated and can no longer be used. The mariadb service will fail to start if either are included in {{ic|my.cnf}} ([https://mariadb.com/kb/en/library/innodb-system-variables/#innodb_file_format source])}}<br />
<br />
{{Note|The character-limit depends on the character-set in use [https://web.archive.org/web/20181229154254/http://mechanics.flite.com/blog/2014/07/29/using-innodb-large-prefix-to-avoid-error-1071/] [https://dev.mysql.com/doc/refman/5.5/en/innodb-parameters.html#sysvar_innodb_large_prefix] [https://easyengine.io/tutorials/mysql/enable-innodb-file-per-table/].}}<br />
<br />
For InnoDB execute the following commands to support a higher character-limit:<br />
<br />
mysql> set global innodb_file_format = BARRACUDA;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> set global innodb_file_per_table = ON;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
mysql> set global innodb_large_prefix = ON;<br />
Query OK, 0 rows affected (0.00 sec)<br />
<br />
[[Append]] the following lines in {{ic|/etc/my.cnf}} to always use a higher character-limit:<br />
<br />
[mysqld]<br />
innodb_file_format = barracuda<br />
innodb_file_per_table = 1<br />
innodb_large_prefix = 1<br />
<br />
[[Restart]] {{ic|mariadb.service}} to apply the changes.<br />
<br />
On table creating append the {{ic|ROW_FORMAT}} as seen in the example:<br />
<br />
mysql> create table if not exists products (<br />
-> day date not null,<br />
-> product_id int not null,<br />
-> dimension1 varchar(500) not null,<br />
-> dimension2 varchar(500) not null,<br />
-> unique index unique_index (day, product_id, dimension1, dimension2)<br />
-> ) ENGINE=InnoDB ROW_FORMAT=DYNAMIC;<br />
Query OK, 0 rows affected (0.02 sec)<br />
<br />
=== Using a tmpfs for tmpdir ===<br />
<br />
The directory used by MySQL for storing temporary files is named ''tmpdir''. For example, it is used to perform disk based large sorts, as well as for internal and explicit temporary tables.<br />
<br />
Create the directory with appropriate permissions:<br />
<br />
# mkdir -pv /var/lib/mysqltmp<br />
# chown mysql:mysql /var/lib/mysqltmp<br />
<br />
Add the following [[tmpfs]] mount to your {{ic|/etc/fstab}} file:<br />
<br />
tmpfs /var/lib/mysqltmp tmpfs rw,gid=mysql,uid=mysql,size=100M,mode=0750,noatime 0 0<br />
<br />
Add to your {{ic|/etc/my.cnf.d/server.cnf}} file under the {{ic|mysqld}} group:<br />
<br />
tmpdir = /var/lib/mysqltmp<br />
<br />
[[Stop]] {{ic|mariadb.service}}, [[mount]] {{ic|/var/lib/mysqltmp/}} and [[start]] {{ic|mariadb.service}}.<br />
<br />
=== Time zone tables ===<br />
<br />
Although time zone tables are created during the installation, they are not automatically populated. They need to be populated if you are planning on using CONVERT_TZ() in SQL queries.<br />
<br />
To populate the time zone tables with all the time zones:<br />
<br />
$ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -u root -p mysql<br />
<br />
Optionally, you may populate the table with specific time zone files:<br />
<br />
$ mysql_tzinfo_to_sql ''timezone_file'' ''timezone_name'' | mysql -u root -p mysql<br />
<br />
== Security ==<br />
<br />
=== Improve initial security ===<br />
<br />
The {{ic|mysql_secure_installation}} command will interactively guide you through a number of recommended security measures, such as removing anonymous accounts and removing the test database:<br />
<br />
# mysql_secure_installation<br />
<br />
{{Warning|After running this, please note that TCP port 3306 will still be open, but refusing connections with an error message. To prevent MySQL from listening on an external interface, see the [[#Listen only on the loopback address]] and [[#Enable access locally only via Unix sockets]] sections.}}<br />
<br />
=== Listen only on the loopback address ===<br />
<br />
By default, MySQL will listen on the 0.0.0.0 address, which includes all network interfaces. In order to restrict MySQL to listen only to the loopback address, add the following line in {{ic|/etc/my.cnf.d/server.cnf}}:<br />
<br />
[mysqld]<br />
bind-address = 127.0.0.1<br />
<br />
=== Enable access locally only via Unix sockets ===<br />
<br />
By default, MySQL is accessible via both Unix sockets and the network. If MySQL is only needed for the localhost, you can improve security by not listening on TCP port 3306, and only listening on Unix sockets instead. To do this, add the following line in {{ic|/etc/my.cnf.d/server.cnf}}:<br />
<br />
[mysqld]<br />
skip-networking<br />
<br />
You will still be able to log in locally as before, but only using Unix sockets.<br />
<br />
=== Grant remote access ===<br />
<br />
{{Warning|This is not considered as best practice and may cause security issues. Consider using [[Secure Shell]], [[VNC]] or [[VPN]], if you want to maintain the MySQL server from another host inside/outside your network.}}<br />
<br />
To allow remote access to the MySQL server, ensure that MySQL has [[#Enable access locally only via Unix sockets|networking enabled]] and is [[#Listen only on the loopback address|listening on the appropriate interface]].<br />
<br />
Grant any MySQL user remote access (example for root):<br />
<br />
# mysql -u root -p<br />
<br />
Check current users with remote access privileged:<br />
<br />
SELECT User, Host FROM mysql.user WHERE Host <> 'localhost';<br />
<br />
Now grant remote access for your user (here root):<br />
<br />
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.%' IDENTIFIED BY 'my_optional_remote_password' WITH GRANT OPTION;<br />
<br />
You can change the '%' wildcard to a specific host if you like. The password can be different from user's main password.<br />
<br />
=== Configure access to home directories ===<br />
<br />
For security reasons, the systemd service file contains {{ic|1=ProtectHome=true}}, which prevents MariaDB from accessing files under the {{ic|/home}}, {{ic|/root}} and {{ic|/run/user}} hierarchies. The {{ic|datadir}} has to be in an accessible location and [[chown|owned]] by the {{ic|mysql}} user and group.<br />
<br />
You can modify this behavior by creating a supplementary service file as described [https://mariadb.com/kb/en/systemd/#configuring-access-to-home-directories here].<br />
<br />
== Maintenance ==<br />
<br />
=== Upgrade databases on major releases ===<br />
<br />
Upon a major version release of {{Pkg|mariadb}} (for example mariadb-10.1.10-1 to mariadb-10.1.18-1), it is wise to upgrade databases:<br />
<br />
# mysql_upgrade -u root -p<br />
<br />
To upgrade from 10.1.x to 10.3.x:<br />
<br />
* keep the 10.1.x database daemon running<br />
* upgrade the package<br />
* run {{ic|mysql_upgrade}} (from the new package version) against the old still-running daemon. This will produce some error messages; however, the upgrade will succeed.<br />
* restart the daemon, so the 10.3.x daemon runs.<br />
<br />
Alternatively, stop the (old) daemon, run the (new) daemon in safe mode, run {{ic|mysql_upgrade}} against that, and then start the (new) daemon as described in [[#Unable to run mysql_upgrade because MySQL cannot start]].<br />
<br />
=== Checking, optimizing and repairing databases ===<br />
<br />
{{Pkg|mariadb}} ships with {{ic|mysqlcheck}} which can be used to check, repair, and optimize tables within databases from the shell. See the mysqlcheck man page for more. Several command tasks are shown:<br />
<br />
To check all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -c<br />
<br />
To analyze all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -a<br />
<br />
To repair all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -r<br />
<br />
To optimize all tables in all databases:<br />
<br />
$ mysqlcheck --all-databases -u root -p -o<br />
<br />
== Backup ==<br />
<br />
There are various [https://mariadb.com/kb/en/mariadb/documentation/backing-up-and-restoring/ tools and strategies] to back up your databases.<br />
<br />
If you are using the default InnoDB storage engine, a [https://mariadb.com/kb/en/mariadb/documentation/clients-and-utilities/backup-restore-and-import/mysqldump/#examples suggested] way of backing up all your bases online while provisioning for [https://dev.mysql.com/doc/refman/5.6/en/point-in-time-recovery.html point-in-time recovery] (also known as “roll-forward,” when you need to restore an old backup and replay the changes that happened since that backup) is to execute the following command:<br />
<br />
$ mysqldump --single-transaction --flush-logs --master-data=2 --all-databases -u root -p > all_databases.sql<br />
<br />
This will prompt for '''MariaDB's''' root user's password, which was defined during database [[#Configuration]].<br />
<br />
Specifying the password on the command line is [https://dev.mysql.com/doc/refman/5.6/en/password-security-user.html strongly discouraged], as it exposes it to discovery by other users through the use of {{ic|ps aux}} or other techniques. Instead, the aforementioned command will prompt for the specified user's password, concealing it away.<br />
<br />
=== Compression ===<br />
<br />
As SQL tables can get pretty large, it is recommended to pipe the output of the aforementioned command in a compression utility like {{Pkg|gzip}}:<br />
<br />
$ mysqldump --single-transaction --flush-logs --master-data=2 --all-databases -u root -p | gzip > all_databases.sql.gz<br />
<br />
Decompressing the backup thus created and reloading it in the server is achieved by doing:<br />
<br />
$ zcat all_databases.sql.gz | mysql -u root -p<br />
<br />
This will recreate and repopulate all the databases previously backed up (see [https://stackoverflow.com/questions/23180963/restore-all-mysql-database-from-a-all-database-sql-gz-file#comment35453351_23180977 this] or [https://www.linuxquestions.org/questions/linux-server-73/how-to-restore-mysqldump-all-databases-backup-892922/ this]).<br />
<br />
=== Non-interactive ===<br />
<br />
If you want to setup non-interactive backup script for use in [[cron]] jobs or [[Systemd/cron_functionality|systemd timers]], see [https://dev.mysql.com/doc/refman/5.6/en/option-files.html option files] and [https://stackoverflow.com/a/9293090 this illustration] for ''mysqldump''.<br />
<br />
Basically you should add the following section to the relevant [[#Configuration files|configuration file]]:<br />
<br />
{{bc|1=<br />
[mysqldump]<br />
user=mysqluser<br />
password=secret<br />
}}<br />
<br />
Mentioning a user here is optional, but doing so will free you from having to mention it on the command line. If you want to set this for all tools, including {{ic|mysql}}, use the {{ic|[client]}} group.<br />
<br />
==== Example script ====<br />
<br />
The database can be dumped to a file for easy backup. The following shell script will do this for you, creating a {{ic|db_backup.gz}} file in the same directory as the script, containing your database dump:<br />
<br />
#!/bin/sh<br />
<br />
THISDIR=$(dirname $(readlink -f "$0"))<br />
<br />
mysqldump --single-transaction --flush-logs --master-data=2 --all-databases \<br />
| gzip > $THISDIR/db_backup.gz<br />
echo 'purge master logs before date_sub(now(), interval 7 day);' | mysql<br />
<br />
See also the official {{ic|mysqldump}} page in the [https://dev.mysql.com/doc/refman/5.6/en/mysqldump.html MySQL] and [https://mariadb.com/kb/en/mariadb/documentation/clients-and-utilities/backup-restore-and-import/mysqldump MariaDB] manuals.<br />
<br />
=== Holland Backup ===<br />
<br />
A python-based software package named [https://hollandbackup.org/ Holland Backup] is available in [[AUR]] to automate all of the backup work. It supports direct mysqldump, LVM snapshots to tar files (mysqllvm), LVM snapshots with mysqldump (mysqldump-lvm), and {{pkg|xtrabackup}} methods to extract the data. The Holland framework supports a multitude of options and is highly configurable to address almost any backup situation.<br />
<br />
The main {{AUR|holland}} and {{AUR|holland-common}} packages provide the core framework; one of the sub-packages ({{AUR|holland-mysqldump}}, {{AUR|holland-mysqllvm}} and/or {{AUR|holland-xtrabackup}} must be installed for full operation. Example configurations for each method are in the {{ic|/usr/share/doc/holland/examples/}} directory and can be copied to {{ic|/etc/holland/backupsets/}}, as well as using the {{ic|holland mk-config}} command to generate a base configuration for a named provider.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Unable to run mysql_upgrade because MySQL cannot start ===<br />
<br />
Try run MySQL in safemode:<br />
<br />
# mysqld_safe --datadir=/var/lib/mysql/<br />
<br />
And then run:<br />
<br />
# mysql_upgrade -u root -p<br />
<br />
=== Reset the root password ===<br />
<br />
# Stop {{ic|mariadb.service}}. <br />
# Start the mysqld server with safety features: {{bc|# mysqld_safe --skip-grant-tables --skip-networking &}}<br />
# Connect to it: {{bc|# mysql -u root}}<br />
# Change root password: {{bc|<nowiki><br />
MariaDB [(none)]> use mysql<br />
MariaDB [mysql]> flush privileges;<br />
MariaDB [mysql]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';<br />
MariaDB [mysql]> exit<br />
</nowiki>}}<br />
# Kill running mysqld* processes: {{bc|# kill $(cat /var/lib/mysql/$HOSTNAME.pid)}}<br />
# Start {{ic|mariadb.service}}.<br />
<br />
=== Check and repair all tables ===<br />
<br />
Check and auto repair all tables in all databases, [https://dev.mysql.com/doc/refman/5.7/en/mysqlcheck.html see more]:<br />
<br />
# mysqlcheck -A --auto-repair -u root -p<br />
<br />
=== Optimize all tables ===<br />
<br />
Forcefully optimize all tables, automatically fixing table errors that may come up.<br />
<br />
# mysqlcheck -A --auto-repair -f -o -u root -p<br />
<br />
=== OS error 22 when running on ZFS ===<br />
<br />
If using MySQL databases on [[ZFS]], the error {{ic|InnoDB: Operating system error number 22 in a file operation}} may occur.<br />
<br />
A workaround is to disable {{ic|aio_writes}} in {{ic|/etc/my.cnf}}:<br />
<br />
{{hc|/etc/my.cnf|2=<br />
[mysqld]<br />
innodb_use_native_aio = 0<br />
}}<br />
<br />
=== Cannot login through CLI, but phpmyadmin works well ===<br />
<br />
This may happen if you are using a long (>70-75) password. As for 5.5.36, for some reason, mysql CLI cannot handle that many characters in readline mode. So, if you are planning to use the recommended password input mode:<br />
<br />
{{hc|$ mysql -u ''user'' -p|<br />
Password:<br />
}}<br />
<br />
Consider changing the password to smaller one.<br />
<br />
{{Note|You still can log in by specifying the password as an argument to mysql command.<br />
<br />
{{Warning|This behavior is considered dangerous, because your password might leak, for example, to the logs. Use it only in case of emergency and do not forget to change password right afterwards.}}<br />
<br />
$ mysql -u ''user'' -p"''some-very-strong-password''"<br />
<br />
}}<br />
<br />
=== MySQL binary logs are taking up huge disk space ===<br />
<br />
{{Out of date|section=Mistakes in "MySQL binary logs are taking up huge disk space"}}<br />
<br />
By default, mysqld creates binary log files in {{ic|/var/lib/mysql}}. This is useful for replication master server or data recovery. But these binary logs can eat up your disk space. If you do not plan to use replication or data recovery features, you may disable binary logging by commenting out these lines in {{ic|/etc/my.cnf}}:<br />
<br />
#log-bin=mysql-bin<br />
#binlog_format=mixed<br />
<br />
Or you could limit the size of the logfile like this:<br />
<br />
expire_logs_days = 10<br />
max_binlog_size = 100M<br />
<br />
Alternatively, you can purge some binary logs in {{ic|/var/lib/mysql}} to free up disk space with this command:<br />
<br />
# mysql -u root -p"PASSWORD" -e "PURGE BINARY LOGS TO 'mysql-bin.0000xx';"<br />
<br />
{{Warning|This may decrease the chances of successful data recovery when trying to repair database tables (i.e. on database corruption).}}<br />
<br />
=== OpenRC fails to start MySQL ===<br />
<br />
To use MySQL with [[OpenRC]] you need to add the following lines to the {{ic|[mysqld]}} section in the MySQL configuration file, located at {{ic|/etc/my.cnf}}.<br />
<br />
user = mysql<br />
basedir = /usr<br />
datadir = /var/lib/mysql<br />
pid-file = /run/mysqld/mysql.pid<br />
<br />
You should now be able to start MySQL using:<br />
<br />
# rc-service mysql start<br />
<br />
=== Specified key was too long ===<br />
<br />
See [[#Increase character limit]].<br />
<br />
=== Changed limits warning on max_open_files/table_open_cache ===<br />
<br />
Increase the number of file descriptors by creating a [[Systemd#Drop-in_files|systemd drop-in]], e.g.:<br />
<br />
{{hc|/etc/systemd/system/mysqld.service.d/limit_nofile.conf|2=<br />
[Service]<br />
LimitNOFILE=8192<br />
}}<br />
<br />
=== 10.4 to 10.5 upgrade crash: "InnoDB: Upgrade after a crash is not supported. The redo log was created with MariaDB 10.4.x" ===<br />
<br />
Before MariaDB 10.5, redo log was unnecessarily split into multiple files.[https://mariadb.com/kb/en/upgrading-from-mariadb-104-to-mariadb-105/]<br />
<br />
Move the old binary logs {{ic|/var/lib/mysql/ib_logfile*}} out of the way, thus letting MariaDB 10.5 create new ones. Then [[restart]] {{ic|mariadb.service}} and upgrade your tables with {{ic|mysql_upgrade}}.<br />
<br />
=== Unable to connect from IPv6 only clients ===<br />
<br />
MariaDB in its default configuration binds to {{ic|0.0.0.0}} and is only accessible using IPv4. If you want to connect from hosts using IPv6 exclusively you have to change the servers bind accordingly. {{ic|::}} will listen on IPv6 and IPv4.<br />
<br />
{{hc|/etc/my.cnf|2=<br />
[mysqld]<br />
bind-address=::<br />
}}<br />
<br />
== See also ==<br />
<br />
* [https://mariadb.com/ MariaDB Official Website]<br />
* [https://mariadb.com/kb/en/ MariaDB knowledge Base]<br />
* [https://www.askapache.com/mysql/performance-tuning-mysql/ MySQL Performance Tuning Scripts and Know-How]</div>Dr-bonehttps://wiki.archlinux.org/index.php?title=Syncthing&diff=694239Syncthing2021-09-05T10:30:20Z<p>Dr-bone: /* Troubleshooting */ added read-only file system error on /etc as root</p>
<hr />
<div>[[Category:Synchronization]]<br />
[[Category:Peer-to-peer]]<br />
[[ja:Syncthing]]<br />
{{Related articles start}}<br />
{{Related|Resilio Sync}}<br />
{{Related|Synchronization and backup programs}}<br />
{{Related articles end}}<br />
<br />
[https://syncthing.net Syncthing] is an open-source file synchronization client/server application,<br />
written in [[Go]], implementing its own, equally free [https://docs.syncthing.net/specs/bep-v1.html Block Exchange Protocol].<br />
All transit communications between syncthing nodes are encrypted using [[Wikipedia: Transport_Layer_Security|TLS]], and all nodes are uniquely identified with cryptographic certificates.<br />
<br />
== Installation ==<br />
<br />
[[Install]] the {{Pkg|syncthing}} package.<br />
<br />
Syncthing provides a [[#Web-GUI]] for control and monitoring. [https://docs.syncthing.net/users/contrib.html#gui-wrappers GUI wrappers] like [[#Syncthing-GTK]] and [[#Syncthing Tray]] (provided in separate packages) also exist.<br />
<br />
== Running Syncthing ==<br />
<br />
=== Starting Syncthing ===<br />
<br />
Run the {{ic|syncthing}} binary manually from a terminal. The multiple optional parameters are described in {{man|1|syncthing}}.<br />
{{Note|You can run multiple copies of syncthing, but only one instance per user as syncthing locks the database to it. Check logs for errors related to locked database.}}<br />
<br />
=== Autostarting Syncthing ===<br />
<br />
Syncthing can either be installed as a [[systemd|systemd system-wide]] service or as a [[systemd/User|systemd user]] service to run automatically at startup.<br />
<br />
==== System service ====<br />
<br />
Running Syncthing as a system service ensures that it is running at startup even if the user has no active session, it is intended to be used on a server.<br />
[[Enable]] and [[start]] the {{ic|syncthing@''myusername''.service}} where ''myusername'' is the actual name of the Syncthing user.<br />
<br />
{{Note|If a service account was created explicitly for syncthing (e.g. via {{ic|useradd -r}}) then ensure that the user has a valid home directory otherwise the service will immediately fail. Syncthing attempts to put configuration files into $HOME/.config/syncthing}}<br />
<br />
==== User service ====<br />
<br />
Running Syncthing as a ''systemd user'' service ensures that Syncthing only starts after the user has logged into the system (e.g., via the graphical login screen, or ssh). Thus, the user service is intended to be used on a (multiuser) desktop computer. To use the user service, [[start/enable]] the user unit {{ic|syncthing.service}} (i.e. with the {{ic|--user}} flag).<br />
<br />
{{Tip|It is also possible to run the systemd-user service at boot (i.e. without logging in) using [[Systemd/User#Automatic start-up of systemd user instances]].}}<br />
<br />
=== Syncthing-GTK ===<br />
<br />
{{AUR|syncthing-gtk}} provides a [[GTK]] graphical user interface, desktop notifications and integration with the file managers [[Nautilus]], [[Nemo]] and Caja.<br />
Syncthing can be launched by Syncthing-GTK: use the interface settings to run syncthing-gtk at startup, and to state whether to launch the syncthing daemon.<br />
<br />
{{Note|When launching the syncthing daemon using both systemd and syncthing-gtk, it might happen that two syncthing instances run concurrently leading to high CPU consumption: one launched by syncthing-gtk, and the other (slightly later) by systemd. To solve this, either avoid launching syncthing using systemd, or configure syncthing-gtk to wait for the syncthing daemon.}}<br />
<br />
=== Web-GUI ===<br />
<br />
Syncthing provides a web interface accessible by default on http://localhost:8384.<br />
{{Tip|To access the GUI remotely, see the [https://docs.syncthing.net/users/faq.html#how-do-i-access-the-web-gui-from-another-computer FAQ].}}<br />
<br />
=== Syncthing Tray ===<br />
<br />
{{aur|syncthingtray}} complements the Web-GUI by providing a Qt-based system tray icon and desktop notifications. There exists a desktop environment neutral version and a plasmoid for [[Plasma]] 5. It also provides integration with systemd and the [[Dolphin]] file manager.<br />
<br />
The packages also comes with the syncthingctl utility which allows to interact with Syncthing from the command line.<br />
<br />
== Configuration ==<br />
<br />
After installation, Syncthing already has a proper start-up configuration. New servers and/or folders can be added by visiting the web interface. For detailed instructions on how to setup a simple network, read [https://docs.syncthing.net/intro/getting-started.html Syncthing's getting started]. <br />
<br />
After a successful first start, a default repository at {{ic|~/Sync}} is created. You can see this in the web admin interface. On the right is the list of nodes you have added. On the left is the list of repositories, which are folders you can choose to share with other nodes.<br />
<br />
To add another node, click "Add Node" underneath the list of nodes. You will be prompted for their Node ID (which can be found on the other machine by clicking {{ic|Edit > Show ID}}) as well as a short name and the address.<br />
If you specify "dynamic" for the address, the syncthing announce server will be used to automatically exchange addresses between nodes. If you want to know more about Node IDs, including the cryptographic implications, you can read the appropriate [https://docs.syncthing.net/dev/device-ids.html Syncthing documentation page].<br />
<br />
After saving the configuration, the syncthing server restarts automatically. Next, you can either change the configuration of the default node (click its name and then {{ic|Edit}}), or create a new one to share data with. Simply tick the node you wish to share the data with, and they will have permission to access it.<br />
<br />
=== Local network setup ===<br />
<br />
In the typical case several machines share a LAN (''Local Area Network'') behind a NAT (''Network Address Translation'') router, it is advised for a versatile configuration to:<br />
<br />
* Activate both local and global discovery on each node. This will allow discovery in all situations, including if some of the nodes are mobile devices like laptops or Android phones, and leave the LAN and connect to the internet from the outside. This way they will still be found with global discovery.<br />
<br />
* Use a different [https://docs.syncthing.net/users/config.html#listen-addresses listen address port] for each machine, like {{ic|tcp://:22010}}, {{ic|tcp://:22011}}, {{ic|tcp://:22012}} and so forth. This will differentiate the nodes on the global discovery servers and avoid the ''"Connected to myself - should not happen"'' message on the other local devices whenever they leave the LAN.<br />
<br />
* If running multiple instances for different users on the same machine, set a different port for each user's ''localAnnouncePort'' (IPv4 broadcasts) as to avoid Syncthing complaints and choose the same ''localAnnounceMCAddr'' (IPv6 multicasts) as to find other devices on the LAN without global discovery (see [https://docs.syncthing.net/users/config.html#options-element Options Element]).<br />
<br />
* If two instances on the same machine should find each other without global discovery, add {{ic|tcp://127.0.0.1:xxxxx}} as device's second ''address'', e.g., {{ic|tcp://127.0.0.1:22001}} and {{ic|tcp://127.0.0.1:22002}} (see [https://docs.syncthing.net/users/config.html#device-element Device Element]).<br />
<br />
* Enable if possible [[Wikipedia:universal plug and play|UPnP]] port forwarding or manually forward each port to the right machine on the LAN. When a new node is discovered, Syncthing tries to use its configured listening port, ''22000'' by default. If this port happens to be closed, it will seek another port locally: whenever ''NAT traversal'' is enabled in Syncthing, it will attempt to use UPnP to map a random external port to the internal listening port chosen, for example ''22000''. If UPnP is not supported or if this is not desirable, each port should be manually forwarded to the right machine on the LAN. Eventually, if no open port can be found on both sides, [https://docs.syncthing.net/users/relaying.html relaying] will be used.<br />
<br />
=== Using inotify ===<br />
<br />
[[Wikipedia:inotify|inotify]] ''(inode notify)'' is a Linux kernel subsystem that acts to extend filesystems to notice changes to the filesystem, and report those changes to applications. Syncthing supports inotify and the functionality can be enabled in the configuration menu for individual folders.<br />
<br />
== Participate in the infrastructure ==<br />
<br />
One can participate in the [https://docs.syncthing.net/dev/infrastructure.html Syncthing infrastructure] by running a global discovery server or a relay server.<br />
<br />
=== Running a relay ===<br />
<br />
Syncthing has the ability to connect two devices via a [https://docs.syncthing.net/users/relaying.html relay] when it is not possible to establish a direct connection between them. Relayed connections are end-to-end encrypted in the usual manner, so the relay has no insight into the connection other than the knowledge of the IP addresses and device IDs.<br />
<br />
Anyone can run a [https://docs.syncthing.net/users/strelaysrv.html relay server] and it will automatically join the [https://relays.syncthing.net/ Syncthing relay pool] and be available to all Syncthing's users. To run your own relay, [[install]] {{Pkg|syncthing-relaysrv}} and [[systemd#Using units|Start/Enable]] {{ic|syncthing-relaysrv.service}}. Rate limiting and other options can be configured via the command line. These options can be set in the {{ic|ExecStart}} directive of the service [[drop-in file]] as follows:<br />
<br />
{{hc|/etc/systemd/system/syncthing-relaysrv.service.d/override.conf|2=<br />
[Service]<br />
ExecStart=<br />
ExecStart=/usr/bin/syncthing-relaysrv -global-rate 500000 -provided-by ''relayprovidername''}}<br />
<br />
{{Note|The relay listens by default to port ''22067'' for data and ''22070'' for service status (used for public statistics), they should therefore be open for TCP connections. The default ports can be respectively overridden with the {{ic|-listen}} and {{ic|-status-srv}} options if necessary. }}<br />
<br />
{{Tip|The traffic statistics of a particular relay are accessible by default on port 22070, e.g. http://example.com:22070/status}}<br />
<br />
=== Running a discovery server ===<br />
<br />
[https://docs.syncthing.net/specs/globaldisco-v3.html Global discovery] is used by Syncthing to find peers on the internet.<br />
Any device announces itself at startup to the discovery server which stores the device ID, IP address, port and current time. <br />
Then on request, for a given device ID, it returns the information stored in JSON format, for instance.<br />
<br />
As an example, the request {{ic|<nowiki>https://discovery.syncthing.net/?device=ITZRNXE-YNROGBZ-HXTH5P7-VK5NYE5-QHRQGE2-7JQ6VNJ-KZUEDIU-5PPR5AM</nowiki>}} returns {{ic|{"seen":"2020-02-29T14:56:08.34589801Z","addresses":["quic://212.121.228.172:22000","tcp://212.121.228.172:22000"]} }}.<br />
<br />
A list of public of [https://docs.syncthing.net/dev/infrastructure.html#global-discovery-servers global discovery server] is provided. In addition, anyone can run a [https://docs.syncthing.net/users/stdiscosrv.html discovery server], to run your own, [[install]] the {{aur|syncthing-discosrv}} package.<br />
<br />
The discovery server requires certificates to run, which should ideally be placed in {{ic|/var/discosrv}}. The user/group {{ic|syncthing}} needs permissions to be able to read the certificate files. You need to edit the systemd unit file to correctly point to the certificates (and to undertake any other configuration change you may want, see [https://docs.syncthing.net/users/stdiscosrv.html#configuring list]).<br />
<br />
{{hc|/usr/lib/systemd/system/syncthing-discosrv.service|2=<br />
[Unit]<br />
Description=Syncthing discovery server<br />
After=network.target<br />
<br />
[Service]<br />
User=syncthing<br />
Group=syncthing<br />
ExecStart=/usr/bin/syncthing-discosrv -db-dsn /var/discosrv/discosrv.db -cert /var/discosrv/cert.pem -key /var/discosrv/key.pem<br />
Restart=on-failure<br />
SuccessExitStatus=2<br />
<br />
PrivateDevices=true<br />
ProtectSystem=full<br />
ProtectHome=true<br />
NoNewPrivileges=true<br />
<br />
[Install]<br />
WantedBy=multi-user.target}}<br />
<br />
To point the client to your discovery server, change the {{ic|Global Discovery Servers}} variable under Settings to {{ic|<nowiki>https://yourserver:8443/</nowiki>}} (default port) or whatever port you have reconfigured to. The variable takes a comma-separated list of discovery servers. It is possible to include multiple ones, including the default one. <br />
<br />
If you are using self-signed certificates, the client refuses to connect unless you append the discovery server ID to its domain. The ID is printed to stdout upon launching the discovery server. Amend the ''Global Discovery Servers'' entry to add the ID: {{ic|<nowiki>https://yourserver.com:8443/?id=AAAAAAA-BBBBBBB-CCCCCCC-DDDDDDD-EEEEEEE-FFFFFFF-GGGGGGG-HHHHHHH</nowiki>}}.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Stop journal spam ===<br />
<br />
Syncthing can be quite noisy even while it is not doing anything. The service ExecStart can be overridden to filter output directly without an extra script (adjust "grep" as needed):<br />
{{hc|/etc/systemd/system/syncthing@.service.d/nospam.conf|<nowiki><br />
[Service]<br />
ExecStart=<br />
ExecStart=/bin/bash -c 'set -o pipefail; /usr/bin/syncthing -no-browser -no-restart -logflags=0 | grep -v "INFO: "'</nowiki>}}<br />
<br />
=== Run in VirtualBox ===<br />
<br />
It is possible to have Syncthing connect both locally and globally within a [[VirtualBox]] virtual machine (''VM'') while keeping its network adapter in the [https://www.virtualbox.org/manual/ch06.html#network_nat standard NAT] mode (as opposed to [https://www.virtualbox.org/manual/ch06.html#network_bridged bridged networking] attached to the host computer's adapter). <br />
<br />
To enable this mode, Syncthing should listen to a port in the VM different from the listening port already used by the host.<br />
For example, if the default 22000 port is used by the host, one could use 22001 in the VM.<br />
The listening port in the VM can be changed through Syncthing's [https://docs.syncthing.net/users/config.html#listen-addresses Sync Protocol Listen Addresses] to {{ic|tcp://:22001}} in the GUI ''Settings''.<br />
<br />
The 22001/TCP port of the host must be forwarded to the guest in this configuration. This can be done with the following command:<br />
$ VBoxManage modifyvm ''myvmname'' --natpf1 "syncthing,tcp,,22001,,22001"<br />
In this setup, relaying should not be necessary: local devices can connect to the VM on port 22001 while global devices are accessible as long as they have themselves an open port.<br />
<br />
{{Note|local discovery in this setup is limited because the discovery listening port 21027 is already used by the host. The guest is therefore not able to build a table of local announcements though it can still broadcast to the local network via the VM NAT and announce itself. The steps described above allow to run a functioning server in the default NAT configuration but bridged networking is recommended for an optimal setup.}}<br />
<br />
=== Running through a proxy ===<br />
<br />
Syncthing can be run through a proxy to enable use behind a corporate firewall or tunneling via SSH. According to the [https://docs.syncthing.net/users/proxying.html using proxies] documentation it is necessary to set the {{ic|all_proxy}} environment variable, and it must indicate a ''socks5'' proxy type.<br />
<br />
* If the service is run from a script or from the command line, you must set the variables beforehand as follows:<br />
<br />
export all_proxy="socks5://''proxy_address'':''proxy_port''"<br />
export no_proxy="127.0.0.1"<br />
<br />
* If it is run as a service, you must define the variables in the service configuration as follows:<br />
<br />
{{hc|/etc/systemd/system/syncthing@''myusername''.service.d/override.conf|2=<br />
[Service]<br />
Environment="all_proxy=socks5://''proxy_address'':''proxy_port''"<br />
Environment="no_proxy=127.0.0.1"}}<br />
<br />
You must then reload systemd daemons configurations:<br />
<br />
# systemctl daemon-reload<br />
<br />
and [[restart]] the {{ic|syncthing@''myusername''.service}}.<br />
<br />
This file can be edited using systemd facility {{ic|systemctl edit --full syncthing@''myusername''.service}} according to the [[systemd#Editing provided units]] section.<br />
<br />
== Troubleshooting ==<br />
<br />
=== Database issue ===<br />
<br />
One may encounter database issue at some stage. To force a rescan of files and resync of database use the following command:<br />
<br />
$ syncthing -reset-database<br />
<br />
=== read-only file system error on /etc although run as root ===<br />
In case Syncthing complains it is a read-only file system although the user (e.g. root on /etc) has write permissions, check the systemd service definition:<br />
$ systemctl cat syncthing@.service<br />
Within the [Service] part, there is a part "Hardening" and below that, there is "ProtectSystem" which is set to "full" by default. <br />
Check the man page of systemd.exec and search for "ProtectSystem" to learn what this parameter does.<br />
$ man systemd.exec<br />
And override it to a value that suits your needs. (note: exported EDITOR value defines which editor is used)<br />
$ systemctl edit syncthing@.service<br />
In case you're trying to sync a sub-folder of /etc following lines do the trick: <br />
$ ### Anything between here and the comment below will become the new contents of the file<br />
$ [Service]<br />
$ ProtectSystem=true<br />
$ ### Lines below this comment will be discarded<br />
Note that the first and the last line are part of the template. (= are already there when the editor opens)<br />
<br />
=== Others ===<br />
<br />
See [https://docs.syncthing.net/dev/debugging.html Debugging Syncthing].</div>Dr-bonehttps://wiki.archlinux.org/index.php?title=User:Dr-bone/vector.css&diff=674169User:Dr-bone/vector.css2021-05-28T21:39:06Z<p>Dr-bone: Created page with "@namespace url(http://www.w3.org/1999/xhtml); body, #content, table { background-color: #201f1f !important; color: #d4d2cf !important; } h1, h2, h3, h4, h5 { color: #f..."</p>
<hr />
<div>@namespace url(http://www.w3.org/1999/xhtml);<br />
<br />
body, #content, table<br />
{<br />
background-color: #201f1f !important;<br />
color: #d4d2cf !important;<br />
}<br />
<br />
h1, h2, h3, h4, h5<br />
{<br />
color: #ff6e6e !important;<br />
}<br />
<br />
pre, code, .pBody, #p-cactions li a<br />
{<br />
background-color: #2b2a2a !important;<br />
border: none !important;<br />
color: #d4d2cf !important;<br />
}<br />
<br />
div, #p-personal .portlet, #p-personal .pBody, #p-cactions .pBody<br />
{<br />
background-color: #201f1f !important;<br />
color: #d4d2cf !important;<br />
}<br />
<br />
input<br />
{<br />
background-color: #2b2a2a !important;<br />
color: #d4d2cf !important;<br />
}<br />
<br />
table.results th<br />
{<br />
background-color: #2b2a2a !important;<br />
}<br />
<br />
table.results tr.odd<br />
{<br />
background-color: #373636 !important;<br />
}<br />
<br />
table.results tr.even<br />
{<br />
background-color: #2b2a2a !important;<br />
}<br />
<br />
.pun .punwrap, .pun .blockpost h2<br />
{<br />
border: none;<br />
background: none;<br />
border-bottom: 1px dotted #BBB;<br />
border-top: 1px dotted #BBB;<br />
}<br />
<br />
#brdmain, .pun .blockpost .postbody, .pun .blockpost .postfoot, .pun .blockpost, .pun .quotebox, .pun .codebox, .pun .pagelink a, .pun .pagelink *<br />
{<br />
border-style: none !important;<br />
}<br />
<br />
.pun .quotebox, pre, code, .pun .quotebox blockquote div<br />
{<br />
background-color: #2B2A2A !important;<br />
}<br />
<br />
#brdmenu a, #brdmenu a:link, #brdmenu a:visited, .pun .blocktable *<br />
{<br />
background-color: #201f1f !important;<br />
border: none !important;<br />
}<br />
<br />
.pun .blocktable tr<br />
{<br />
border-top: 1px dotted #BBB !important;<br />
}<br />
<br />
#content a:not(.new), #mw-navigation li:not(.new) a:not(.new), #mw-panel li:not(.new) a:not(.new), #column-one li:not(.new) a:not(.new), #footer a:not(.new)<br />
{<br />
color: #e6ab00 !important;<br />
}<br />
/* i really want this to be global */</div>Dr-bonehttps://wiki.archlinux.org/index.php?title=NFS&diff=621339NFS2020-06-21T14:11:00Z<p>Dr-bone: /* Mount using /etc/fstab with systemd */ Added tip to not add a dependency to network-online.target because of https://github.com/systemd/systemd-stable/issues/69.</p>
<hr />
<div>[[Category:File systems]]<br />
[[Category:Network sharing]]<br />
[[Category:Servers]]<br />
[[ar:NFS]]<br />
[[de:Network File System]]<br />
[[es:NFS]]<br />
[[fr:NFS]]<br />
[[it:NFS]]<br />
[[ja:NFS]]<br />
[[zh-hans:NFS]]<br />
{{Related articles start}}<br />
{{Related|NFS/Troubleshooting}}<br />
{{Related articles end}}<br />
From [[Wikipedia: Network File System|Wikipedia]]: <br />
:Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984, allowing a user on a client computer to access files over a network in a manner similar to how local storage is accessed.<br />
<br />
{{Note|<br />
* NFS is not encrypted. Tunnel NFS through an encrypted protocol like [[Kerberos]] or (secure) [[VPN]] when dealing with sensitive data.<br />
* Unlike [[Samba]], NFS does not have any user authentication by default, client access is restricted by their IP-address/[[hostname]].<br />
* NFS expects the [[user]] and/or [[user group]] ID's are the same on both the client and server. [[#Enabling NFSv4 idmapping|Enable NFSv4 idmapping]] or overrule the UID/GID manually by using {{ic|anonuid}}/{{ic|anongid}} together with {{ic|all_squash}} in {{ic|/etc/exports}}.<br />
}}<br />
<br />
== Installation ==<br />
<br />
Both client and server only require the [[install|installation]] of the {{Pkg|nfs-utils}} package.<br />
<br />
It is '''highly''' recommended to use a [[time synchronization]] daemon to keep client/server clocks in sync. Without accurate clocks on all nodes, NFS can introduce unwanted delays.<br />
<br />
== Configuration ==<br />
<br />
=== Server ===<br />
<br />
Global configuration options are set in {{ic|/etc/nfs.conf}}. Users of simple configurations should not need to edit this file.<br />
<br />
The NFS server needs a list of exports (see {{man|5|exports}} for details) which are defined in {{ic|/etc/exports}} or {{ic|/etc/exports.d/*.exports}}. These shares are relative to the so-called NFS root. A good security practice is to define a NFS root in a discrete directory tree which will keep users limited to that mount point. Bind mounts are used to link the share mount point to the actual directory elsewhere on the [[filesystem]].<br />
<br />
Consider this following example wherein:<br />
<br />
# The NFS root is {{ic|/srv/nfs}}.<br />
# The export is {{ic|/srv/nfs/music}} via a bind mount to the actual target {{ic|/mnt/music}}.<br />
<br />
# mkdir -p /srv/nfs/music /mnt/music<br />
# mount --bind /mnt/music /srv/nfs/music<br />
<br />
{{Note|[[ZFS]] filesystems require special handling of bindmounts, see [[ZFS#Bind mount]].}}<br />
<br />
To make the bind mount persistent across reboots, add it to [[fstab]]:<br />
<br />
{{hc|/etc/fstab|<br />
/mnt/music /srv/nfs/music none bind 0 0<br />
}}<br />
<br />
Add directories to be shared and limit them to a range of addresses via a CIDR or hostname(s) of client machines that will be allowed to mount them in {{ic|/etc/exports}}, e.g.:<br />
<br />
{{hc|/etc/exports|2=<br />
/srv/nfs 192.168.1.0/24(rw,sync,crossmnt,fsid=0)<br />
/srv/nfs/music 192.168.1.0/24(rw,sync)<br />
/srv/nfs/home 192.168.1.0/24(rw,sync,nohide)<br />
/srv/nfs/public 192.168.1.0/24(ro,all_squash,insecure) desktop(rw,sync,all_squash,anonuid=99,anongid=99) # map to user/group - in this case ''nobody''<br />
}}<br />
<br />
{{Tip|<br />
* The {{ic|crossmnt}} option makes it possible for clients to access '''all''' filesystems mounted on a filesystem marked with {{ic|crossmnt}} and clients won't be required to mount every child export separately. Note this may not be desirable if a child is shared with a different range of addresses.<br />
* Instead of {{ic|crossmnt}}, one can also use the {{ic|nohide}} option on child exports so that they can be automatically mounted when a client mounts the root export. Being different from {{ic|crossmnt}}, {{ic|nohide}} still respects address ranges of child exports.<br />
* Use an asterisk (*) to allow access from any interface.}}<br />
<br />
It should be noted that modifying {{ic|/etc/exports}} while the server is running will require a re-export for changes to take effect:<br />
<br />
# exportfs -arv<br />
<br />
To view the current loaded exports state in more detail, use:<br />
<br />
# exportfs -v<br />
<br />
For more information about all available options see {{man|5|exports}}.<br />
<br />
{{Tip|[http://ip2cidr.com/ ip2cidr] is a tool to convert an IP ranges to correctly structured CIDR specification.}}<br />
<br />
{{Note|If the target export is a [[tmpfs]] filesystem, the {{ic|1=fsid=1}} option is required.}}<br />
<br />
==== Starting the server ====<br />
<br />
[[Start]] and [[enable]] {{ic|nfs-server.service}}.<br />
<br />
{{Warning|A hard dependency of serving NFS ({{ic|rpc-gssd.service}}) will wait until the [[random number generator]] pool is sufficiently initialized possibly delaying the boot process. This is particularly prevalent on headless servers. It is ''highly'' recommended to populate the entropy pool using a utility such as [[Rng-tools]] (if [[TPM]] is supported) or [[Haveged]] in these scenarios.}}<br />
<br />
{{Note|If exporting ZFS shares, also [[start]]/[[enable]] {{ic|zfs-share.service}}. Without this, ZFS shares will no longer be exported after a reboot. See [[ZFS#NFS]].}}<br />
<br />
==== Restricting NFS to interfaces/IPs ====<br />
<br />
By default, starting {{ic|nfs-server.service}} will listen for connections on all network interfaces, regardless of {{ic|/etc/exports}}. This can be changed by defining which IPs and/or hostnames to listen on.<br />
<br />
{{hc|/etc/nfs.conf|2=<br />
[nfsd]<br />
host=192.168.1.123<br />
# Alternatively, use the hostname.<br />
# host=myhostname<br />
}}<br />
<br />
[[Restart]] {{ic|nfs-server.service}} to apply the changes immediately.<br />
<br />
==== Firewall configuration ====<br />
<br />
To enable access through a [[firewall]], TCP and UDP ports {{ic|111}}, {{ic|2049}}, and {{ic|20048}} may need to be opened when using the default configuration; use {{ic|rpcinfo -p}} to examine the exact ports in use on the server:<br />
<br />
{{hc|$ rpcinfo -p {{!}} grep nfs|<br />
100003 3 tcp 2049 nfs<br />
100003 4 tcp 2049 nfs<br />
100227 3 tcp 2049 nfs_acl<br />
}}<br />
<br />
When using NFSv4, make sure TCP port {{ic|2049}} is open. No other port opening should be required:<br />
<br />
{{hc|/etc/iptables/iptables.rules|2=<br />
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT<br />
}}<br />
<br />
When using an older NFS version, make sure other ports are open:<br />
<br />
# iptables -A INPUT -p tcp -m tcp --dport 111 -j ACCEPT<br />
# iptables -A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT<br />
# iptables -A INPUT -p tcp -m tcp --dport 20048 -j ACCEPT<br />
# iptables -A INPUT -p udp -m udp --dport 111 -j ACCEPT<br />
# iptables -A INPUT -p udp -m udp --dport 2049 -j ACCEPT<br />
# iptables -A INPUT -p udp -m udp --dport 20048 -j ACCEPT<br />
<br />
To have this configuration load on every system start, edit {{ic|/etc/iptables/iptables.rules}} to include the following lines:<br />
<br />
{{hc|/etc/iptables/iptables.rules|2=<br />
-A INPUT -p tcp -m tcp --dport 111 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 2049 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 20048 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 111 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 2049 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 20048 -j ACCEPT<br />
}}<br />
<br />
The previous commands can be saved by executing:<br />
<br />
# iptables-save > /etc/iptables/iptables.rules<br />
<br />
{{Warning|This command will '''override''' the current iptables start configuration with the current iptables configuration!}}<br />
<br />
If using NFSv3 and the above listed static ports for {{ic|rpc.statd}} and {{ic|lockd}} the following ports may also need to be added to the configuration:<br />
<br />
{{hc|/etc/iptables/iptables.rules|2=<br />
-A INPUT -p tcp -m tcp --dport 32765 -j ACCEPT<br />
-A INPUT -p tcp -m tcp --dport 32803 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 32765 -j ACCEPT<br />
-A INPUT -p udp -m udp --dport 32803 -j ACCEPT<br />
}}<br />
<br />
To apply changes, [[Restart]] {{ic|iptables.service}}.<br />
<br />
==== Enabling NFSv4 idmapping ====<br />
<br />
{{Expansion|Missing lookup information, static binding examples, etc.}}<br />
<br />
{{Note|1=<nowiki></nowiki><br />
* NFSv4 idmapping does not work with the default {{ic|1=sec=sys}} mount option. [http://dfusion.com.au/wiki/tiki-index.php?page=Why+NFSv4+UID+mapping+breaks+with+AUTH_UNIX]<br />
* NFSv4 idmapping needs to be enabled on '''both''' the client and server.<br />
* Another option is to make sure the user and group IDs (UID and GID) match on both the client and server.<br />
* [[Enabling]]/[[starting]] {{ic|nfs-idmapd.service}} should not be needed as it has been replaced with a new id mapper:<br />
{{hc|# dmesg &#124; grep id_resolver|<br />
[ 3238.356001] NFS: Registering the id_resolver key type<br />
[ 3238.356009] Key type id_resolver registered<br />
}}}}<br />
<br />
The NFSv4 protocol represents the local system's UID and GID values on the wire as strings of the form {{ic|user@domain}}. The process of translating from UID to string and string to UID is referred to as ''ID mapping'' [http://man7.org/linux/man-pages/man5/nfsidmap.5.html].<br />
<br />
Even though idmapd may be running, it may not be fully enabled. If {{ic|/sys/module/nfs/parameters/nfs4_disable_idmapping}}/{{ic|/sys/module/nfsd/parameters/nfs4_disable_idmapping}} returns {{ic|Y}} on a client/server, enable it by:<br />
<br />
On the client:<br />
# echo "N" | tee /sys/module/nfs/parameters/nfs4_disable_idmapping<br />
On the server:<br />
# echo "N" | tee /sys/module/nfsd/parameters/nfs4_disable_idmapping<br />
<br />
Set as [[Kernel modules#Setting module options|module option]] to make this change permanent, i.e.:<br />
<br />
{{hc|/etc/modprobe.d/nfsd.conf|2=<br />
options nfs nfs4_disable_idmapping=0<br />
options nfsd nfs4_disable_idmapping=0<br />
}}<br />
<br />
To fully use ''idmapping'', make sure the domain is configured in {{ic|/etc/idmapd.conf}} on '''both''' the server and the client: <br />
<br />
{{hc|/etc/idmapd.conf|2=<br />
# The following should be set to the local NFSv4 domain name<br />
# The default is the host's DNS domain name.<br />
Domain = ''domain.tld''<br />
}}<br />
<br />
See [https://unix.stackexchange.com/a/464950] for details.<br />
<br />
=== Client ===<br />
<br />
Users intending to use NFS4 with [[Kerberos]] need to [[start]] and [[enable]] {{ic|nfs-client.target}}.<br />
<br />
==== Manual mounting ====<br />
<br />
For NFSv3 use this command to show the server's exported file systems:<br />
<br />
$ showmount -e servername<br />
<br />
For NFSv4 mount the root NFS directory and look around for available mounts:<br />
<br />
# mount server:/ /mountpoint/on/client<br />
<br />
Then mount omitting the server's NFS export root: <br />
<br />
# mount -t nfs -o vers=4 servername:/music /mountpoint/on/client<br />
<br />
If mount fails try including the server's export root (required for Debian/RHEL/SLES, some distributions need {{ic|-t nfs4}} instead of {{ic|-t nfs}}):<br />
<br />
# mount -t nfs -o vers=4 servername:/srv/nfs/music /mountpoint/on/client<br />
<br />
{{Note|Server name needs to be a valid hostname (not just IP address). Otherwise mounting of remote share will hang.}}<br />
<br />
==== Mount using /etc/fstab ====<br />
<br />
Using [[fstab]] is useful for a server which is always on, and the NFS shares are available whenever the client boots up. Edit {{ic|/etc/fstab}} file, and add an appropriate line reflecting the setup. Again, the server's NFS export root is omitted.<br />
<br />
{{hc|/etc/fstab|2=<br />
servername:/music /mountpoint/on/client nfs defaults,timeo=900,retrans=5,_netdev 0 0<br />
}}<br />
<br />
{{Note|Consult {{man|5|nfs}} and {{man|8|mount}} for more mount options.}}<br />
<br />
Some additional mount options to consider:<br />
<br />
; rsize and wsize: The {{ic|rsize}} value is the number of bytes used when reading from the server. The {{ic|wsize}} value is the number of bytes used when writing to the server. By default, if these options are not specified, the client and server negotiate the largest values they can both support (see {{man|5|nfs}} for details). After changing these values, it is recommended to test the performance (see [[#Performance tuning]]).<br />
<br />
; soft or hard: Determines the recovery behaviour of the NFS client after an NFS request times out. If neither option is specified (or if the {{ic|hard}} option is specified), NFS requests are retried indefinitely. If the {{ic|soft}} option is specified, then the NFS client fails a NFS request after ''retrans'' retransmissions have been sent, causing the NFS client to return an error to the calling application.<br />
<br />
{{Warning|A so-called {{ic|soft}} timeout can cause silent data corruption in certain cases. As such, use the {{ic|soft}} option only when client responsiveness is more important than data integrity. Using NFS over TCP or increasing the value of the {{ic|retrans}} option may mitigate some of the risks of using the {{ic|soft}} option.}}<br />
<br />
; timeo: The {{ic|timeo}} value is the amount of time, in tenths of a second, to wait before resending a transmission after an RPC timeout. The default value for NFS over TCP is 600 (60 seconds). After the first timeout, the timeout value is doubled for each retry for a maximum of 60 seconds or until a major timeout occurs. If connecting to a slow server or over a busy network, better stability can be achieved by increasing this timeout value.<br />
<br />
; retrans: The number of times the NFS client retries a request before it attempts further recovery action. If the {{ic|retrans}} option is not specified, the NFS client tries each request three times. The NFS client generates a "server not responding" message after ''retrans'' retries, then attempts further recovery (depending on whether the hard mount option is in effect). <br />
<br />
; _netdev: The {{ic|_netdev}} option tells the system to wait until the network is up before trying to mount the share - [[systemd]] assumes this for NFS. <br />
<br />
{{Note|Setting the sixth field ({{ic|fs_passno}}) to a nonzero value may lead to unexpected behaviour, e.g. hangs when the systemd automount waits for a check which will never happen.}}<br />
<br />
==== Mount using /etc/fstab with systemd ====<br />
<br />
Another method is using the [[Fstab#Remote filesystem|x-systemd.automount]] option which mounts the filesystem upon access:<br />
<br />
{{hc|1=/etc/fstab|2=<br />
servername:/home ''/mountpoint/on/client'' nfs _netdev,noauto,x-systemd.automount,x-systemd.mount-timeout=10,timeo=14,x-systemd.idle-timeout=1min 0 0 <br />
}}<br />
<br />
To make systemd aware of the changes to fstab, [[reload]] systemd and restart {{ic|remote-fs.target}} [https://bbs.archlinux.org/viewtopic.php?pid=1515377#p1515377].<br />
<br />
{{Tip|<br />
* The {{ic|noauto}} mount option will not mount the NFS share until it is accessed: use {{ic|auto}} for it to be available immediately. <br> If experiencing any issues with the mount failing due to the network not being up/available, [[enable]] {{ic|NetworkManager-wait-online.service}}. It will ensure that {{ic|network.target}} has all the links available prior to being active.<br />
* The {{ic|users}} mount option would allow user mounts, but be aware it implies further options as {{ic|noexec}} for example.<br />
* The {{ic|1=x-systemd.idle-timeout=1min}} option will unmount the NFS share automatically after 1 minute of non-use. Good for laptops which might suddenly disconnect from the network.<br />
* If shutdown/reboot holds too long because of NFS, [[enable]] {{ic|NetworkManager-wait-online.service}} to ensure that NetworkManager is not exited before the NFS volumes are unmounted. <br />
* Do not add the {{ic|1=x-systemd.requires=network-online.target}} mount option as this can lead to ordering cycles within systemd. Systemd adds the network-online.target dependency to the mount unit automatically. <br />
* Using the {{ic|nocto}} option may improve performance for read-only mounts, but should be used only if the data on the server changes only occasionally.<br />
}}<br />
<br />
==== As systemd unit ====<br />
<br />
Create a new {{ic|.mount}} file inside {{ic|/etc/systemd/system}}, e.g. {{ic|mnt-myshare.mount}}. See {{man|5|systemd.mount}} for details.<br />
<br />
{{Note|Make sure the filename corresponds to the mountpoint you want to use.<br />
E.g. the unit name {{ic|mnt-myshare.mount}} can only be used if you are going to mount the share under {{ic|/mnt/myshare}}. Otherwise the following error might occur: {{ic|1=systemd[1]: mnt-myshare.mount: Where= setting does not match unit name. Refusing.}}.}}<br />
<br />
{{ic|1=What=}} path to share<br />
<br />
{{ic|1=Where=}} path to mount the share<br />
<br />
{{ic|1=Options=}} share mounting options<br />
<br />
{{Note|<br />
* Network mount units automatically acquire {{ic|After}} dependencies on ''remote-fs-pre.target'', ''network.target'' and ''network-online.target'', and gain a {{ic|Before}} dependency on ''remote-fs.target'' unless {{ic|nofail}} mount option is set. Towards the latter a {{ic|Wants}} unit is added as well.<br />
* [[Append]] {{ic|noauto}} to {{ic|Options}} preventing automatically mount during boot (unless it is pulled in by some other unit).<br />
* If you want to use a hostname for the server you want to share (instead of an IP address), add {{ic|1=nss-lookup.target}} to {{ic|1=After}} and {{ic|1=Wants}}. This might avoid mount errors at boot time that do not arise when testing the unit.}} <br />
<br />
{{hc|/etc/systemd/system/mnt-myshare.mount|2=<br />
[Unit]<br />
Description=Mount Share at boot<br />
<br />
[Mount]<br />
What=172.16.24.192:/mnt/myshare<br />
Where=/mnt/myshare<br />
Options=noatime<br />
Type=nfs<br />
TimeoutSec=30<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
{{Tip|In case of an unreachable system, [[append]] {{ic|1=ForceUnmount=true}} to {{ic|[Mount]}}, allowing the share to be (force-)unmounted.}}<br />
<br />
To use {{ic|mnt-myshare.mount}}, [[start]] the unit and [[enable]] it to run on system boot.<br />
<br />
===== automount =====<br />
<br />
To automatically mount a share, one may use the following automount unit:<br />
<br />
{{hc|/etc/systemd/system/mnt-myshare.automount|2=<br />
[Unit]<br />
Description=Automount myshare<br />
<br />
[Automount]<br />
Where=/mnt/myshare<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
[[Disable]]/[[stop]] the {{ic|mnt-myshare.mount}} unit, and [[enable]]/[[start]] {{ic|mnt-myshare.automount}} to automount the share when the mount path is being accessed.<br />
<br />
{{Tip|[[Append]] {{ic|TimeoutIdleSec}} to enable auto unmount. See {{man|5|systemd.automount}} for details.}}<br />
<br />
==== Mount using autofs ====<br />
<br />
Using [[autofs]] is useful when multiple machines want to connect via NFS; they could both be clients as well as servers. The reason this method is preferable over the earlier one is that if the server is switched off, the client will not throw errors about being unable to find NFS shares. See [[autofs#NFS network mounts]] for details.<br />
<br />
== Tips and tricks ==<br />
<br />
=== Performance tuning ===<br />
<br />
When using NFS on a network with a significant number of clients one may increase the default NFS threads from ''8'' to ''16'' or even a higher, depending on the server/network requirements:<br />
<br />
{{hc|/etc/nfs.conf|2=<br />
[nfsd]<br />
threads=16<br />
}}<br />
<br />
It may be necessary to tune the {{ic|rsize}} and {{ic|wsize}} mount options to meet the requirements of the network configuration.<br />
<br />
In recent linux kernels (>2.6.18) the size of I/O operations allowed by the NFS server (default max block size) varies depending on RAM size, with a maximum of 1M (1048576 bytes), the max block size of the server will be used even if nfs clients requires bigger {{ic|rsize}} and {{ic|wsize}}. See https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/Known_Issues-kernel.html<br />
It is possible to change the default max block size allowed by the server by writing to the {{ic|/proc/fs/nfsd/max_block_size}} before starting ''nfsd''. For example, the following command restores the previous default iosize of 32k:<br />
<br />
# echo 32768 > /proc/fs/nfsd/max_block_size<br />
<br />
To make the change permanent, create a [[Systemd#Temporary_files|systemd-tmpfile]]:<br />
<br />
{{hc|/etc/tmpfiles.d/nfsd-block-size.conf|<br />
w /proc/fs/nfsd/max_block_size - - - - 32768<br />
}}<br />
<br />
To mount with the increased {{ic|rsize}} and {{ic|wsize}} mount options:<br />
<br />
# mount -t nfs -o rsize=32768,wsize=32768,vers=4 servername:/srv/nfs/music /mountpoint/on/client<br />
<br />
Furthermore, despite the violation of NFS protocol, setting {{ic|async}} instead of {{ic|sync}} or {{ic|sync,no_wdelay}} may potentially achieve a significant performance gain especially on spinning disks. Configure exports with this option and then execute {{ic|exportfs -arv}} to apply.<br />
<br />
{{hc|/etc/exports|2=<br />
/srv/nfs 192.168.1.0/24(rw,async,crossmnt,fsid=0)<br />
/srv/nfs/music 192.168.1.0/24(rw,async)<br />
}}<br />
<br />
=== Automatic mount handling ===<br />
<br />
This trick is useful for NFS-shares on a [[wireless]] network and/or on a network that may be unreliable. If the NFS host becomes unreachable, the NFS share will be unmounted to hopefully prevent system hangs when using the {{ic|hard}} mount option [https://bbs.archlinux.org/viewtopic.php?pid=1260240#p1260240].<br />
<br />
Make sure that the NFS mount points are correctly indicated in [[fstab]]:<br />
<br />
{{hc|/etc/fstab|2=<br />
lithium:/mnt/data /mnt/data nfs noauto,noatime 0 0<br />
lithium:/var/cache/pacman /var/cache/pacman nfs noauto,noatime 0 0<br />
}}<br />
<br />
{{Note|<br />
* Use hostnames in [[fstab]] for this to work, not IP addresses.<br />
* In order to mount NFS shares with non-root users the {{ic|users}} option has to be added.<br />
* The {{ic|noauto}} mount option tells [[systemd]] to not automatically [[mount]] the shares at boot, otherwise this may cause the boot process to stall.<br />
}}<br />
<br />
Create the {{ic|auto_share}} script that will be used by [[cron]] or [[systemd/Timers]] to use ICMP ping to check if the NFS host is reachable:<br />
<br />
{{hc|/usr/local/bin/auto_share|<nowiki><br />
#!/bin/bash<br />
<br />
function net_umount {<br />
umount -l -f $1 &>/dev/null<br />
}<br />
<br />
function net_mount {<br />
mountpoint -q $1 || mount $1<br />
}<br />
<br />
NET_MOUNTS=$(sed -e '/^.*#/d' -e '/^.*:/!d' -e 's/\t/ /g' /etc/fstab | tr -s " ")$'\n'b<br />
<br />
printf %s "$NET_MOUNTS" | while IFS= read -r line<br />
do<br />
SERVER=$(echo $line | cut -f1 -d":")<br />
MOUNT_POINT=$(echo $line | cut -f2 -d" ")<br />
<br />
# Check if server already tested<br />
if [[ "${server_ok[@]}" =~ "${SERVER}" ]]; then<br />
# The server is up, make sure the share are mounted<br />
net_mount $MOUNT_POINT<br />
elif [[ "${server_notok[@]}" =~ "${SERVER}" ]]; then<br />
# The server could not be reached, unmount the share<br />
net_umount $MOUNT_POINT<br />
else<br />
# Check if the server is reachable<br />
ping -c 1 "${SERVER}" &>/dev/null<br />
<br />
if [ $? -ne 0 ]; then<br />
server_notok[${#server_notok[@]}]=$SERVER<br />
# The server could not be reached, unmount the share<br />
net_umount $MOUNT_POINT<br />
else<br />
server_ok[${#server_ok[@]}]=$SERVER<br />
# The server is up, make sure the share are mounted<br />
net_mount $MOUNT_POINT<br />
fi<br />
fi<br />
done<br />
</nowiki>}}<br />
<br />
{{Note|Test using a TCP probe instead of ICMP ping (default is tcp port 2049 in NFS4) then replace the line:<br />
<br />
# Check if the server is reachable<br />
ping -c 1 "${SERVER}" &>/dev/null<br />
<br />
with:<br />
<br />
# Check if the server is reachable<br />
timeout 1 bash -c ": < /dev/tcp/${SERVER}/2049"<br />
<br />
in the {{ic|auto_share}} script above.}}<br />
<br />
Make sure the script is [[executable]]:<br />
<br />
# chmod +x /usr/local/bin/auto_share<br />
<br />
Next check configure the script to run every X, in the examples below this is every minute.<br />
<br />
==== Cron ====<br />
<br />
{{hc|# crontab -e|<br />
* * * * * /usr/local/bin/auto_share<br />
}}<br />
<br />
==== systemd/Timers ====<br />
<br />
{{hc|/etc/systemd/system/auto_share.timer|2=<br />
[Unit]<br />
Description=Automount NFS shares every minute<br />
<br />
[Timer]<br />
OnCalendar=*-*-* *:*:00<br />
<br />
[Install]<br />
WantedBy=timers.target<br />
}}<br />
<br />
{{hc|/etc/systemd/system/auto_share.service|2=<br />
[Unit]<br />
Description=Automount NFS shares<br />
After=syslog.target network.target<br />
<br />
[Service]<br />
Type=oneshot<br />
ExecStart=/usr/local/bin/auto_share<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Finally, [[enable]] and [[start]] {{ic|auto_share.timer}}.<br />
<br />
==== Using a NetworkManager dispatcher ====<br />
<br />
[[NetworkManager#Network services with NetworkManager dispatcher|NetworkManager]] can also be configured to run a script on network status change.<br />
<br />
The easiest method for mount shares on network status change is to symlink the {{ic|auto_share}} script:<br />
<br />
# ln -s /usr/local/bin/auto_share /etc/NetworkManager/dispatcher.d/30-nfs.sh<br />
<br />
However, in that particular case unmounting will happen only after the network connection has already been disabled, which is unclean and may result in effects like freezing of KDE Plasma applets. <br />
<br />
The following script safely unmounts the NFS shares before the relevant network connection is disabled by listening for the {{ic|pre-down}} and {{ic|vpn-pre-down}} events, make the script is [[executable]]:<br />
<br />
{{hc|/etc/NetworkManager/dispatcher.d/30-nfs.sh|<nowiki><br />
#!/bin/bash<br />
<br />
# Find the connection UUID with "nmcli con show" in terminal.<br />
# All NetworkManager connection types are supported: wireless, VPN, wired...<br />
WANTED_CON_UUID="CHANGE-ME-NOW-9c7eff15-010a-4b1c-a786-9b4efa218ba9"<br />
<br />
if [[ "$CONNECTION_UUID" == "$WANTED_CON_UUID" ]]; then<br />
<br />
# Script parameter $1: NetworkManager connection name, not used<br />
# Script parameter $2: dispatched event<br />
<br />
case "$2" in<br />
"up")<br />
mount -a -t nfs4,nfs <br />
;;<br />
"pre-down");&<br />
"vpn-pre-down")<br />
umount -l -a -t nfs4,nfs -f >/dev/null<br />
;;<br />
esac<br />
fi<br />
</nowiki>}}<br />
<br />
{{Note|This script ignores mounts with the {{ic|noauto}} option, remove this mount option or use {{ic|auto}} to allow the dispatcher to manage these mounts.}}<br />
<br />
Create a symlink inside {{ic|/etc/NetworkManager/dispatcher.d/pre-down}} to catch the {{ic|pre-down}} events:<br />
<br />
# ln -s /etc/NetworkManager/dispatcher.d/30-nfs.sh /etc/NetworkManager/dispatcher.d/pre-down.d/30-nfs.sh<br />
<br />
== Troubleshooting ==<br />
<br />
There is a dedicated article [[NFS/Troubleshooting]].<br />
<br />
== See also ==<br />
<br />
* See also [[Avahi]], a Zeroconf implementation which allows automatic discovery of NFS shares.<br />
* HOWTO: [[Diskless network boot NFS root]]<br />
* [http://blogs.msdn.com/sfu/archive/2008/04/14/all-well-almost-about-client-for-nfs-configuration-and-performance.aspx Microsoft Services for Unix NFS Client info]<br />
* [https://blogs.oracle.com/jag/entry/nfs_on_snow_leopard NFS on Snow Leopard]{{Dead link|2020|04|01|status=404}} (Dead Link => [https://web.archive.org/web/20151212160906/https://blogs.oracle.com/jag/entry/nfs_on_snow_leopard Archive.org Mirror])<br />
* http://chschneider.eu/linux/server/nfs.shtml<br />
* [https://www.slashroot.in/how-do-linux-nfs-performance-tuning-and-optimization How to do Linux NFS Performance Tuning and Optimization]<br />
* [https://www.cyberciti.biz/faq/linux-unix-tuning-nfs-server-client-performance/ Linux: Tune NFS Performance]</div>Dr-bonehttps://wiki.archlinux.org/index.php?title=Dell_XPS_13_(9343)&diff=577332Dell XPS 13 (9343)2019-07-12T18:42:04Z<p>Dr-bone: documented how to disable the touchscreen using wayland and gnome if you want to do that</p>
<hr />
<div>[[Category:Dell]]<br />
[[ja:Dell XPS 13 (9343)]]<br />
{{Note|This page refers to the ''early'' 2015 model of XPS 13. For the ''late'' 2015 model, see [[Dell XPS 13 (9350)]].}}<br />
<br />
{| class="wikitable" style="float: right;"<br />
| '''Device''' || '''Status'''<br />
|-<br />
| Video || {{G|Working}}<br />
|-<br />
| Backlight control || {{G|Working}}<br />
|-<br />
| Wi-Fi || {{G|Working}}<br />
|-<br />
| Bluetooth || {{G|Working}}<br />
|-<br />
| Audio || {{G|Working}}<br />
|-<br />
| Touchpad || {{G|Working}}<br />
|-<br />
| Webcam || {{G|Working}}<br />
|-<br />
| Card Reader || {{G|Working}}<br />
|-<br />
| Wireless switch || {{G|Working}}<br />
|}<br />
{{Related articles start}}<br />
{{Related|Dell XPS 13 (9333)}}<br />
{{Related|Dell XPS 13 (9350)}}<br />
{{Related|Dell XPS 13 (9360)}}<br />
{{Related|Dell XPS 13 (9370)}}<br />
{{Related|Dell XPS 13 2-in-1 (9365)}}<br />
{{Related articles end}}<br />
<br />
The [http://www.dell.com/us/p/xps-13-9343-laptop/pd 2015 Dell XPS 13 (9343)] is the second-generation model of Dell's XPS 13 line. Like its predecessor, it has official Linux support courtesy of Dell's Project Sputnik team[https://bartongeorge.io/2015/04/09/4th-gen-dell-xps-13-developer-edition-available/]. They target Ubuntu 14.04 LTS, but the improvements and support from the Sputnik team are generally applicable to all distros.<br />
<br />
The installation process for Arch Linux on the XPS 13 does not differ from any other PC. For installation help, please see the [[Installation guide]] and [[UEFI]] pages. This page covers the current status of hardware support on Arch, as well as post-installation recommendations.<br />
<br />
As of kernel 4.1.3 (released July 2015), a patched kernel is no longer necessary. However, some manual configuration is still recommended to get the best experience.<br />
<br />
== Model differences ==<br />
Although the XPS 13 is sold in a variety of configurations in most markets, those wanting to run Linux should pay special attention to '''display''' options (FHD or QHD+) and '''Wi-Fi adapter''' differences (Dell DW1560 or Intel 7265).<br />
<br />
Users with QHD+ displays should use a DE/WM that properly supports [[HiDPI]].<br />
<br />
Regarding the Wi-Fi adapter, both cards work in Arch Linux. If the Intel one works out-of-the-box thanks to mainline kernel support, the Dell DW1560 instead requires a proprietary kernel module that is not well-supported; further details are reported in the proper below section.<br />
<br />
There are no exclusive hardware differences between the ''Developer Edition'' and the standard Windows edition, so this guide is equally applicable to both models.<br />
<br />
== Configuration ==<br />
<br />
=== BIOS updates ===<br />
The latest BIOS update is [https://www.dell.com/support/Home/us/en/19/Drivers/DriversDetails?driverId=TRF18 A19] and it was released on 15th February 2019. With version A02 or newer, almost everything should work out-of-the-box and the kernel boot parameters that were used in conjunction with earlier BIOS versions are no longer necessary.<br />
<br />
BIOS upgrade is easy, thanks to the EFI implementation: place the update binary in the EFI partition ({{ic|/boot/EFI}}) or on a USB flash drive, reboot, press {{ic|F12}} key in order to enter in the Boot Menu and then choose ''BIOS Update''.<br />
<br />
=== Screen and Keyboard Backlight ===<br />
Backlight and its control work out-of-the-box:<br />
* The [[Backlight#Save/Restore_functionality|systemd-backlight.service]] takes care of both ''eDP panel'' and ''keyboard'' backlight (and any other external device) status, saving at shutdown and restoring their values at boot.<br />
* Hardware Function keys ({{ic|Fn-F11}} and {{ic|Fn-F12}} for screen backlight and {{ic|Fn-F10}} for keyboard backlight) work without any operation, as well.<br />
<br />
{{Note|By default, the keyboard backlight automatically turns off after 60 seconds of inactivity. You can change the default behaviour by editing the related ''sysfs'' entry {{ic|1=/sys/devices/platform/dell-laptop/leds/dell\:\:kbd_backlight/stop_timeout}}.}}<br />
<br />
==== Dynamic Backlight/Brightness Control (DBC) ====<br />
You may notice that the screen looks dimmer than you expect or the screen overall brightness changes constantly. This behaviour is not a symptom of any monitor issue but a technology called '''Dynamic Backlight/Brightness Control (DBC)''', designed to save energy according to the content displayed on the screen.<br />
<br />
{{Tip|You can check this feature on this [https://tylerwatt12.com/dc/ website].}}<br />
<br />
{{Warning|This feature is ''automatic'' and ''not-controllable''. According to official Dell [http://www.dell.com/support/article/us/en/19/sln304876/xps-9343-9350-9360-and-9365-2-in-1-lcd-brightness-issues source], only the '''QHD+ models''' have a chance to disable it via a firmware update.}}<br />
<br />
=== SSD ===<br />
This laptop series comes with a SSD as storage device, connected via SATA. This technology needs some configuration in order to achieve the best operative conditions. See [[Solid State Drives]] for further information.<br />
<br />
=== Wi-Fi ===<br />
Most configurations sport the Dell DW1560 802.11ac adapter (based on the Broadcom BCM4352 chip) which requires {{Pkg|broadcom-wl}} or {{Pkg|broadcom-wl-dkms}} (in this case, remember to install {{ic|linux-headers}} too, even if it is listed as an optional dependency) to be installed. See the [[Broadcom wireless]] page for more details and/or assistance.<br />
<br />
Some higher-end models do not use the Dell-branded Broadcom adapter, instead they use an Intel Wireless 7265 card which is supported by the mainline kernel.<br />
<br />
{{Note|This card is widely available as an after-market purchase for those wishing to replace the Broadcom adapter in their laptop. This wireless adapter, other than an enviable driver support for both Wi-Fi and Bluetooth that makes installation easier, compared to the Broadcom card, it has a 2-3 times wider reception range and a much higher throughput, making it an worthwhile upgrade. Other cards are also available. The Intel Wireless 8265 is known to work}}<br />
<br />
=== Bluetooth ===<br />
{{Note|For users with Intel wireless adapter with both Wi-Fi and Bluetooth, the Bluetooth interface should be available out-of-the-box, as the required firmware is included in {{pkg|linux-firmware}}.}}<br />
<br />
The Broadcom Bluetooth firmware is not available in the kernel ([http://tech.sybreon.com/2015/03/15/xps13-9343-ubuntu-linux/ source]), so you need to install {{AUR|bcm20702a1-firmware}} and reboot if you want to use Bluetooth.<br />
<br />
Alternatively, you can retrieve the firmware directly from the [http://catalog.update.microsoft.com/v7/site/ScopedViewRedirect.aspx?updateid=87a7756f-1451-45da-ba8a-55f8aa29dfee Windows driver] by yourself. You need to extract the {{ic|.cab}} file with {{Pkg|cabextract}} and then convert it to a {{ic|.hcd}} file with ''hex2hcd'' from {{Pkg|bluez-utils}}:<br />
<br />
$ cabextract 20662520_6c535fbfa9dca0d07ab069e8918896086e2af0a7.cab<br />
$ hex2hcd BCM20702A1_001.002.014.1443.1572.hex<br />
# mv BCM20702A1_001.002.014.1443.1572.hcd /lib/firmware/brcm/BCM20702A1-0a5c-216f.hcd<br />
# ln -rs /lib/firmware/brcm/BCM20702A1-0a5c-216f.hcd /lib/firmware/brcm/BCM20702A0-0a5c-216f.hcd<br />
<br />
After reboot, the firmware is available for your Bluetooth interface.<br />
<br />
=== Audio ===<br />
{{Note|Proper audio support is dependent on having the latest BIOS update. If you have not yet updated to BIOS A02 or newer, please perform [[#BIOS updates]] first.}}<br />
<br />
The sound chipset in this laptop, a Realtek ALC3263, is described as "dual-mode", meaning it supports both the [[wikipedia:Intel_High_Definition_Audio|HDA standard]] and the [[wikipedia:I²S|I2S standard]]. The embedded controller in the XPS 13 uses the [[wikipedia:Advanced_Configuration_and_Power_Interface|ACPI]] _REV value provided by the OS itself to determine in which mode the sound chipset should be initialized in at boot.<br />
<br />
==== HDA mode ====<br />
With BIOS A02+ and official Arch Linux kernels '''older than 4.4''' and again starting '''from version 4.11.5''', the sound card will be initialized in HDA mode.<br />
<br />
{{Note|To use HDA mode on excluded kernels, re-compile them with the option {{ic|1=CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y}}. This will force HDA mode on.}}<br />
<br />
===== Setting the default sound card =====<br />
By default, ALSA does not output sound to the PCH card but to the HDMI card. This can be changed by following [[ALSA#Set the default sound card]]. To set the proper order, create the following {{ic|.conf}} file in {{ic|/etc/modprobe.d/}} [https://bbs.archlinux.org/viewtopic.php?pid=1446773#p1446773]:<br />
<br />
{{hc|/etc/modprobe.d/alsa-base.conf|2=<br />
options snd_hda_intel index=1,0<br />
}}<br />
<br />
{{Note|If you are dual-booting with Windows, you will have to do a cold boot twice before to have sound working in Linux and vice-versa.}}<br />
<br />
{{Note|This is not necessary in I2S mode.}}<br />
<br />
==== I2S mode ====<br />
With BIOS A02+ and official Arch Linux kernels '''from 4.4 to 4.11.4''', the sound card will be initialized in I2S mode. I2S support requires {{pkg|alsa-lib}} 1.1.0[http://www.spinics.net/lists/linux-acpi/msg57457.html] or newer. (I2S support was broken in mainline kernel 4.5, and fixed in Arch kernel 4.5.2 and mainline 4.8[https://bugs.archlinux.org/task/48936][https://git.kernel.org/cgit/linux/kernel/git/broonie/sound.git/commit/?h=topic/intel&id=a395bdd6b24b692adbce0df6510ec9f2af57573e]).<br />
<br />
===== Enabling the microphone =====<br />
{{Note|The microphone appears to be enabled by default as of official Arch Linux kernel 4.5.3, so these instructions may be unnecessary [https://bugs.archlinux.org/task/47989#comment146876].}}<br />
<br />
In I2S mode, the built-in microphone is muted by default. To enable it you have to unmute the {{ic|Mic}} item. Follow the instructions below in order to achieve the goal:<br />
* open {{ic|alsamixer}} (an utility included in the {{pkg|alsa-utils}} package)<br />
* press {{ic|F6}} and select the '''''broadwell-rt286''''' sound card<br />
* press {{ic|F4}} to switch to the ''Capture view'' and ensure that '''ADC0''' has the ''CAPTURE'' label. If it doesn't, toggle over to it with your arrow keys and press the spacebar to turn it on ''CAPTURE''<br />
* finally, toggle over to the '''Mic''' item and raise the volume to 100.<br />
<br />
{{Note|Cycling the '''Port''' (from ''Main Microphone'' to ''Headset Microphone (unplugged)'', and back) of the '''Input Devices''' tab in the {{ic|pavucontrol}} application, has the same effect of the above instructions.}}<br />
<br />
===== Using Jack =====<br />
By default Jack recognises four capture ports and is unusable because the transport is broken into short fragments with breaks between them. Limit input to two channels with {{ic|-i2}} on the command line or the corresponding option in {{pkg|qjackctl}}'s advanced settings.<br />
<br />
=== Touchpad ===<br />
With the latest BIOS, the touchpad should work out-of-the-box with either the synaptics or libinput drivers. The second is recommended over the former.<br />
<br />
==== Synaptics driver ====<br />
For more advanced settings with the Synaptics driver, see [[Touchpad Synaptics#Buttonless touchpads (aka ClickPads)|Touchpad Synaptics]].<br />
<br />
If the touchpad freezes when you use more than one finger, try enabling Clickpad mode with {{ic|1=synclient Clickpad=1}}.<br />
<br />
==== Libinput driver ====<br />
For better multi-touch support, you can use {{pkg|xf86-input-libinput}}. The libinput driver supports nearly all button layouts out-of-the-box with few additional settings. <br />
<br />
Refer to the specific [[libinput]] page for more details.<br />
<br />
For further configurable options (e.g. NaturalScrolling, MiddleEmulation), see {{man|1|libinput}}.<br />
<br />
=== Powersaving ===<br />
With kernel 4.6.5 and {{pkg|tlp}}, the idle power usage can reach ~2.3 W with the [[kernel parameter]] {{ic|1=pcie_aspm=force}} enabled.<br />
<br />
You may use {{Pkg|powertop}} or {{AUR|powerstat-git}} to reproduce and check this behaviour by yourself.<br />
<br />
{{Note|1=&nbsp;<br />
* With kernel 4.6+, frame-buffer compression ('''FBC''') is enabled by default, so {{ic|i915.enable_fbc}} is no longer needed.<br />
* Panel self refresh ('''PSR''') causes the display to flicker, so it has been disabled by default as of kernel 4.9 [https://bugs.freedesktop.org/show_bug.cgi?id=95176].<br />
* {{ic|1=i915.lvds_downclock=1}} for '''LVDS downclock''' is no longer needed. According to IRC #intel-gfx, ''"[...] there is a new auto-downclock for eDP panels in recent kernels and it is enabled by default if available, [...]"''.<br />
* {{ic|1=i915.enable_rc6=7}} is useless on Broadwell ('''Gen8''') systems because the deeper GPU power states that this option enables (RC6p and RC6pp) do not exist on '''Gen7+''' hardware [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/drivers/gpu/drm/i915/i915_drv.h#n2862][https://lists.freedesktop.org/archives/intel-gfx/2012-June/018383.html].}}<br />
<br />
=== Calibrated ICC profile ===<br />
<br />
==== QHD+ model ====<br />
{{Warning|This profile is only for QHD+ model. Do not use it if you have the FHD one.}}<br />
<br />
An [[ICC profiles|ICC profile]] is a binary file which contains precise data regarding the colour attributes of the monitor. It allows you to produce consistent and repeatable results for graphic and document. The following ICC profile is made with dispcalGUI ( {{pkg|displaycal}}) ArgyllCMS ( {{pkg|argyllcms}}) and a spectrophotometer for absolute colour accuracy; even if it is possible to achieve better results by calibrating your own monitor by yourself, in general this profile is definitively an improvement over the stock profile.<br />
<br />
This profile has been made with the spectrophotometer's high resolution spectral mode, with white and black level drift compensation, the high quality ArgyllCMS switch and 3440 patches. Dynamic Brightness Control has been disabled and the monitor has been turned on for at least 30 minutes prior to start the calibration.<br />
<br />
* [https://mega.nz/#!nkNVQDCI!YYcS32HLWk1Aqry30dmOrt0wrfH9W_VczNesHQEpG_U QHD+, D65, Gamma 2.2, max luminance].<br />
<br />
=== Disable the touchscreen ===<br />
This is an optional step and was tested 07.2019 using Gnome and Wayland. Find out which device it is:<br />
libinput list-devices<br />
Scroll to find the right section (Something like ELAN Touchscreen) and find the line "Kernel: /dev/input/event#". (in my case 6) Use the event# for the next command: <br />
udevadm info -a -p /sys/class/input/event#<br />
Find an attribute that is most probably unique/distinct. (I used: ATTRS{name}=="ELAN Touchscreen" )<br />
Use this in a newly created file: /etc/udev/rules.d/99-disable_touchscreen.rules<br />
KERNEL=="event*", ATTRS{name}=="ELAN Touchscreen", ENV{LIBINPUT_IGNORE_DEVICE}="1"<br />
Then check if it worked: <br />
udevadm test /sys/class/input/event6<br />
and search for: <br />
LIBINPUT_IGNORE_DEVICE=1<br />
If this line is there (most probably within the last 3 lines) reboot and your touchscreen should be disabled. <br />
<br />
== Troubleshooting ==<br />
<br />
=== Sometimes the system fails to resume from suspend after closing and reopening the LID ===<br />
Even if it has been reported as fixed upstream according to [https://bugzilla.kernel.org/show_bug.cgi?id=86241 this kernel.org bug report], users still suffer of this problem (reported for both FullHD model with kernel 4.20.12 and the QHD+ model with kernel 4.18.6).<br />
<br />
One more, following a comment in the abovementioned bug report, you can work it around by blacklisting ''mei'' modules:<br />
<br />
sudo cat << EOF > /etc/modprobe.d/blacklist.suspend-bug.conf<br />
<br />
blacklist mei<br />
blacklist mei_me<br />
EOF<br />
<br />
=== DE can't connect Bluetooth devices ===<br />
If the Bluetooth GUI can't connect the device, try to use {{ic|bluetoothctl}} to connect manually.<br />
<br />
=== Pink & green artifacts in video or webcam output ===<br />
Update {{pkg|xf86-video-intel}} to latest version. This should fix the issue.<br />
<br />
=== Graphical artifacting/instability after S3 resume ===<br />
If you encounter some artifacts and/or an unusable graphical environment after resuming from a suspend, you may want to [[Intel_graphics#SNA_issues|switch your Intel graphics acceleration from SNA to UXA]]. Switching to UXA, however, will result in worse performance. Switching to xf86-video-modesetting (Glamor acceleration) should not decrease performance considerably,however it is still not known if will fix the resume issue.<br />
<br />
=== Connection issues with Broadcom wireless ===<br />
If {{ic|wifi-menu}} and {{ic|iwlist scan}} fail after driver installation and reboot, try disabling "Wireless Switch" control in the BIOS.<br />
<br />
=== Wireless switch/rfkill issues with KDE ===<br />
As from kernel version 4.4 the rfkill switch works. The KDE plasma-nm (NetworkManager) widget does not indicate that wlan is active after it has been reactivated, but still connects correctly. The KDE system tray bluetooth widget usually disappears if the switch disables bluetooth, and fails to reappear when it is reactivated. You can work around this by setting the switch not to switch bluetooth in the BIOS setup. With kernel version < 4.13.11 and/or plasma-desktop < 5.11 the mouse pointer may freeze first time that the rfkill switch is used. To unfreeze it, switch to another virtual console and back.<br />
<br />
=== EFISTUB does not boot ===<br />
As of version A07, the BIOS does not pass any boot parameters to the kernel. Use a UEFI [[boot loader]] instead. [[systemd-boot]] will work with current kernels.<br />
<br />
=== Random kernel hangs at boot ===<br />
See [https://bugzilla.kernel.org/show_bug.cgi?id=105251 here]. This issue seems to affect only touchscreen model owners. The fix consists in removing "keyboard" from the HOOKS array in /etc/mkinitcpio.conf. If you need the keyboard at boot, edit the MODULES array as follow MODULES="atkbd usbhid hid-generic". You will have to run {{ic|mkinitcpio -p linux}} as root afterwards.<br />
<br />
=== Sound doesn't work after upgrading to kernel 4.4+ ===<br />
You need to do two cold boots ('''NOT''' a simple reboot, shut it down and turn it back on again) to make sound working again.<br />
<br />
Refer to the [[#HDA mode]] above for more info, as well as the [https://bbs.archlinux.org/viewtopic.php?id=208674 BBS thread] and [https://bugs.archlinux.org/task/47989 Arch Linux bug report].<br />
<br />
=== Loud cracks/noise during boot or audio playback ===<br />
Some users have reported the above sound problems, as described [https://bbs.archlinux.org/viewtopic.php?id=208496 here] for example.<br />
<br />
[[Advanced_Linux_Sound_Architecture/Troubleshooting#Pops_when_starting_and_stopping_playback|Disabling audio powersafe]] may work for people using the '''HDA''' audio mode.<br />
<br />
However, it is still unknown how to solve this issue for the '''I2S''' audio mode.<br />
<br />
For further reference, see the corresponding [https://bugzilla.kernel.org/show_bug.cgi?id=112611 kernel bug entry].<br />
<br />
== See also ==<br />
<br />
General:<br />
* [https://github.com/mpalourdio/xps13 Collection of links and different configurations]<br />
* [http://downloads.dell.com/Manuals/all-products/esuprt_laptop/esuprt_xps_laptop//xps-13-9343-laptop_Service%20Manual_en-us.pdf Service Manual for Dell XPS 13 (9343)]<br />
<br />
Project Sputnik:<br />
* [http://bartongeorge.net/2015/08/28/recent-fixes-for-xps-13-developer-edition/ Recent Fixes for XPS 13 developer edition]<br />
* [http://bartongeorge.net/2015/02/23/update-2-dell-xps-13-laptop-developer-edition-sputnik-gen-4/ Update 2: Dell XPS 13 laptop, developer edition – Sputnik Gen 4]<br />
* [http://bartongeorge.net/2015/02/05/update-dell-xps-13-laptop-developer-edition-sputnik-gen-4/ Update: Dell XPS 13 laptop, developer edition – Sputnik Gen 4]<br />
* [http://bartongeorge.net/2015/04/09/4th-gen-dell-xps-13-developer-edition-available/ 4th gen Dell XPS 13 developer edition available!]</div>Dr-bone