#!/bin/ksh
# $Id: nfs,v 1.9 2008/10/26 18:53:16 ksb Exp $
# We're a netlint plugin that checks the validity of our nfs	(petef,ksb)
# configuration.

#****p* netlint/nfs
# NAME
#   nfs
# DESCRIPTION
#   The networked filesystem (NFS) can be used to share disk resource between
#   nodes. We don't use this in production to share data, as it can lead to
#   major single points of failure. We do use it for our home directories for
#   non-critical command and control hosts with the understanding that we can
#   login as root to fix any issues without access to our personal home
#   directory.
#***

PROGNAME=`basename $0`
: ${CARP:=echo}
MAYBE=""
for DLCHK in /etc/fstab /etc/checklist /etc/vfstab /etc/disklist \
	/etc/filesystems
do
	[ -s "$DLCHK" ] || continue
	MAYBE=$DLCHK
	break
done
: ${FSTABPATH:=$MAYBE}
MAYBE=""
for DLCHK in /etc/exports /etc/dfs/dfstab
do
	[ -s "$DLCHK" ] || continue
	MAYBE=$DLCHK
	break
done
: ${EXTABPATH:=$MAYBE}

export FSTABPATH CARP
if [ _"$1" = _"-V" ]; then
	echo "$PROGNAME: "'$Id: nfs,v 1.9 2008/10/26 18:53:16 ksb Exp $'
	[ -s "$FSTABPATH" ] && echo "$PROGNAME: found fstab $FSTABPATH"
	[ -s "$EXTABPATH" ] && echo "$PROGNAME: found exports $EXTABPATH"
	exit 0
fi

#****a* nfs/NFS_FSTAB_MISSING
# NAME
#   NFS_FSTAB_MISSING
# FORMAT
#   NFS_FSTAB_MISSING: path
# DESCRIPTION
#   The filesystem table on the host was not readable by netlint, or was not
#   found at all.
# REMEDIATION
#   Netlint looks in:
#   * $FSTABPATH
#   * /etc/fstab
#   * /etc/checklist
#   * /etc/vfstab
#   * /etc/disklist
#   * /etc/filesystems
#
#   Install one of these files on the host or fix the code in netlint's nfs
#   plugin to recognize another file.
#***

# knob 0, we have to have list of filesystems to run
if [ ! -s "$FSTABPATH" ] ; then
	$CARP "NFS_FSTAB_MISSING: $FSTABPATH"
elif expr "$FSTABPATH" : ".*/filesystems" >/dev/null ; then
	(
	cat $FSTABPATH
	echo "EOF:"
	) |
	sed -e 's/\*.*//' -e '/^[ 	]*$/d'  -e 's/[ 	]*=[ 	]*/=/'g \
		-e 's/[ 	]*$//' |
	sed -e '/^[^:]*$/n
	: top
	N
	/:.*:/{
		P
		D
	}
	s/\n[	 ]*/ /
	b top
	' | grep vfs=nfs | while read fs PARAMS
	do

#****a* nfs/NFS_MOUNT
# NAME
#   NFS_MOUNT
# FORMAT
#   NFS_MOUNT: nodename:path
# DESCRIPTION
#   This reports an entry in the file system table which mounts the path from
#   the NFS service nodename. It might be marked noauto (so it might not be
#   mounted now), but netlint reports all listed NFS lines. The reporter cross
#   checks for services that do not export a requested mount, but not for
#   permission to mount, which would be nearly impossible.
# IMPACT
#   NFS issues will block the nodes kernel in disk wait, this leads to horribly
#   long delays in processing transaction. Never use NFS for real-time
#   production services.
# REMEDIATION
#   Remediate by either exporting the requested filesystem, or by removing the
#   resource for the file system table.
#***

		eval $PARAMS
		${CARP} "NFS_MOUNT: $nodename:$dev"
	done
else
	sed -e 's/[ 	][ 	]*/ /g' <"$FSTABPATH" |
	sed -n -e 's/#.*//' \
		-e 's/^\([^ 	:]*\):\([^ 	]*\).* nfs .*/\1:\2/p' |
		xapply -S/bin/ksh -f '. $NETLINT_FUNCS
			F=`FQDN %[1:1]`
			$CARP "NFS_MOUNT: $F:%[1:-1]"' -
fi

if [ ! -s "$EXTABPATH" ] ; then
	exit 0
fi
exec 3>&1

#****a* nfs/NFS_EXPORT
# NAME
#   NFS_EXPORT
# FORMAT
#   NFS_EXPORT: directory
# DESCRIPTION
#   Netlint reports the contents of the export table.
#   Each exported line is marked as either "NOEXPORT" or "EXPORT". The "NO"
#   demotes that the directory is listed but doesn't exist on the node, or
#   netlint can't stat it to see it.
# REMEDIATION
#   Update the export file, or remove it.
# SEE ALSO
#   NFS_NOEXPORT
#   NFS_EXPORT_FMT
#***

#****a* nfs/NFS_NOEXPORT
# NAME
#   NFS_NOEXPORT
# FORMAT
#   NFS_NOEXPORT: directory
# DESCRIPTION
#   Netlint reports the contents of the export table.
#   Each exported line is marked as either "NOEXPORT" or "EXPORT". The "NO"
#   demotes that the directory is listed but doesn't exist on the node, or
#   netlint can't stat it to see it.
# REMEDIATION
#   Update the export file, or remove it.
# SEE ALSO
#   NFS_EXPORT
#***

#****a* nfs/NFS_EXPORT_FMT
# NAME
#   NFS_EXPORT_FMT
# FORMAT
#   NFS_EXPORT_FMT: path
# DESCRIPTION
#   Format errors in the export table are reported with the path to the file
#   in question.
# REMEDIATION
#   Correct or remove the bad format.
# SEE ALSO
#   NFS_EXPORT
#***

case ${EXTABPATH##*/} in
exports)
	sed -n -e '/^#/d' -e '/^$/d' -e 's/^\([^ 	]*\).*/\1/p' <$EXTABPATH
	;;
dfstab)
	sed -n -e '/^#/d' -e 's/"[^"]*"/word/g' -e 's/^[ 	]*share/_/p' <$EXTABPATH |
	while read line
	do
		set $line
		shift
		while [ $# -gt 0 ]
		do
			case "$1" in
			-[Fod])
				shift ; shift ;;
			-[Fod]*)
				shift ;;
			--)
				shift
				break ;;
			*)
				echo $1
				break ;;
			esac
		done
	done
	;;
*)
	$CARP "NFS_EXPORT_FMT: $EXTABPATH" 1>&3
	;;
esac | sort -u |
	xapply -f 'if [ -d "%1" ] ; then
			 $CARP "NFS_EXPORT: %1"
		else
			 $CARP "NFS_NOEXPORT: %1"
		fi' -

exit 0