DOKK / manpages / debian 13 / nfs-ganesha / ganesha-core-config.8.en
GANESHA-CORE-CONFIG(8) NFS-Ganesha GANESHA-CORE-CONFIG(8)

ganesha-core-config - NFS Ganesha Core Configuration File

/etc/ganesha/ganesha.conf

NFS-Ganesha reads the configuration data from: | /etc/ganesha/ganesha.conf

This file lists NFS related core config options.

Core parameters:

This is the list of hosts that can serve as HAProxy load balancers/proxies that will use the HAProxy protocol to indicate to Ganesha the actual end client IP address. This parameter may be repeated to extend the list.

Host list entries can take on one of the following forms:

* Match any host @name Netgroup name x.x.x.x/y IPv4 network address, IPv6 addresses are also allowed
but the format is too complex to show here


character (and is not simply "*"), the string is used to pattern match host names. Note that [] may also be used, but the pattern MUST have at least one ? or *
addresses returned by getaddrinfo will match, the getaddrinfo call is made at config parsing time)

IP address Match a single host



Port number used by NFS Protocol.
Port number used by MNT Protocol.
Port number used by NLM Protocol.
Port number used by Rquota Protocol.
Port number used by NFS Over RDMA Protocol.
(NONE, 3, v3, NFS3, NFSv3, 4.0, v4.0, NFS4.0, NFSv4.0, 4.1, ALL)

Supported NFS Version for NFS Over RDMA. By default, NFSv4.0 is enabled.

Port number used to export monitoring metrics.
Whether to create metrics labels on the fly based on client-ip, export name, etc. Provides more debugging information, but significantly reduces performance. Enabled by default for backward compatibility.
The address to which to bind for our listening port.
RPC program number for NFS.
RPC program number for MNT.
RPC program number for NLM.
For NFSv3, whether to drop rather than reply to requests yielding I/O errors. It results in client retry.
For NFSv3, whether to drop rather than reply to requests yielding invalid argument errors. False by default and settable with Drop_Inval_Errors.
For NFSv3, whether to drop rather than reply to requests yielding delay errors. False by default and settable with Drop_Delay_Errors.
Path to the directory containing server specific modules
Whether to collect performance statistics. By default the performance counting is enabled. Enable_NFS_Stats can be enabled or disabled dynamically via ganesha_stats.
Whether to use fast stats. If enabled this will skip statistics counters collection for per client and per export.
Whether to count and collect FSAL specific performance statistics. Enable_FSAL_Stats can be enabled or disabled dynamically via ganesha_stats
Whether to count and collect "detailed statistics" for NFSv3. Enable_FULLV3_Stats can be enabled or disabled dynamically via ganesha_stats.
Whether to count and collect "detailed statistics" for NFSv4. Enable_FULLV4_Stats can be enabled or disabled dynamically via ganesha_stats.
Whether to count and collect statistics for all NFS operations requested by NFS clients. Enable_CLNT_AllOps_Stats can be enabled or disabled dynamically via ganesha_stats.
Whether to use short NFS file handle to accommodate VMware NFS client. Enable this if you have a VMware NFSv3 client. VMware NFSv3 client has a max limit of 56 byte file handles.
How long the server will trust information it got by calling getgroups() when "Manage_Gids = TRUE" is used in a export entry.
Frequency of dbus health heartbeat in ms.
Whether to support the Network Lock Manager protocol.
This option allows disabling support for the NLM4PROC_SHARE and NLM4PROC_UNSHARE RPC procedures that implement share reservations for NFSv3 via NLM. With this set to true, these procedures will fail.
Polling interval for blocked lock polling thread
3, 4, NFS3, NFS4, V3, V4, NFSv3, NFSv4, 9P

The protocols that Ganesha will listen for. This is a hard limit, as this list determines which sockets are opened. This list can be restricted per export, but cannot be expanded.

Whether to use the supplied name rather than the IP address in NSM operations.
Whether this Ganesha is part of a cluster of Ganeshas. Its vendor specific option.
Whether to use device major/minor for fsid.
How many times to attempt stat while resolving POSIX filesystems for exports.
How long to delay between stat attempts while resolving POSIX filesystems for exports.
Whether to use Pseudo (true) or Path (false) for NFS v3 and 9P mounts.

This option defaults to false for backward compatibility, however, for new setups, it's strongly recommended to be set true since it then means the same server path for the mount is used for both v3 and v4.x.

Note that as an export related option, it seems very desirable to be able to change this on config reload, unfortunately, at the moment it is NOT changeable on config reload. A restart is necessary to change this.

DBus name prefix. Required if one wants to run multiple ganesha instances on single host. The prefix should be different for every ganesha instance. If this is set, the dbus name will be <prefix>.org.ganesha.nfsd
Whether to create UDP listeners for Mount, NFS, NLM, RQUOTA, and register them with portmapper. Set to false, e.g., to run as non-root. Set to Mount to enable only Mount UDP listener.
Maximum number of concurrent uid2grp requests that can be made by ganesha. In environments with a slow Directory Service Provider, where users are part of large number of groups, and Manage_Gids is set to True, uid2grp queries made by ganesha can fail if a large number of them are made in parallel. This option throttles the number of concurrent uid2grp queries that ganesha makes.
Set true to enforce when v3 file handle used for v4
Response size of readdir request. Suggested values are 4096,8192,16384 and 32768. Recommended 16384(16K) if readdir(ls command) operation performed on directory which has more files.
Maximum number of directory entries returned for a readdir request. Suggested values are 4096,8192,16384 and 32768. Recommended 16384(16K) if readdir(ls command) operation performed on directory which has more files.
Whether to call extra getattrs after read, in order to check file size and validate the EOF flag correctness. Needed for ESXi client compatibility when FSAL's don't set it correctly.
Set true to enable dynamic malloc_trim support.
Minimum threshold value to call malloc_trim. The malloc_trim will be called once memory allocation exceeds minimum value. Size in MB's. Note, this setting has no effect when Enable_malloc_trim is set to false.
if Manage_Gids=True and group resolution fails, then use gid data from rpc request.
When enabled, a client (from the same source IP address), is allowed to be connected to a single Ganesha server at a specific point in time. See details in connection_manager.h
Timeout for waiting until client is fully disconnected from other Ganesha servers.
Unique value to the ganesha node, to diffrintiate it for the rest of the node. will be used as prefix for the Client id, to make sure it is unique between ganesha nodes and file write verifier. if 0 is supplied server boot epoch time in seconds will be used
In linux, we need to set PR_SET_IO_FLUSHER to avoid a potential deadlock when mounting ganesha locally in a system that nears out memory. This is not possible due to lacking permissions in some environments (specifically unprivileged containers). If you are running in an unprivileged environment and you are sure your use case doesn't require setting PR_SET_IO_FLUSHER, you can enable this option and Ganesha will not fail on startup if it can't set it. For more info, see: https://git.kernel.org/torvalds/p/8d19f1c8e1937baf74e1962aae9f90fa3aeab463

Whether to disable the DRC entirely.
High water mark for number of DRCs in recycle queue.
Number of partitions in the tree for the TCP DRC.
Maximum number of requests in a transport's DRC.
Number of entries in the O(1) front-end cache to a TCP Duplicate Request Cache.
High water mark for a TCP connection's DRC at which to start retiring entries if we can.
Number of partitions in the recycle tree that holds per-connection DRCs so they can be used on reconnection (or recycled.)
How long to wait (in seconds) before freeing the DRC of a disconnected client.
Whether to use a checksum to match requests as well as the XID

Number of partitions in the tree for the UDP DRC.
Maximum number of requests in the UDP DRC.
Number of entries in the O(1) front-end cache to the UDP Duplicate Request Cache.
High water mark for the UDP DRC at which to start retiring entries if we can
Whether to use a checksum to match requests as well as the XID.

Maximum number of connections for TIRPC.
Idle timeout (seconds). Default to 300 seconds.
Size of RPC send buffer.
Size of RPC receive buffer.
Maximum number of RDMA connections for TIRPC. Limiting the number of RDMA connections to 64 by default to avoid memory exhaustion.
Max credits of RDMA channel, representing the max number of outstanding NFS operations on the channel.
TIRPC ioq max simultaneous io threads
Partitions in GSS ctx cache table
Max GSS contexts in cache. Default 16k
Max entries to expire in one idle check

Whether tcp sockets should use SO_KEEPALIVE
Maximum number of TCP probes before dropping the connection
Idle time before TCP starts to send keepalive probes
Time between each keepalive probe

Configuration for hash table for NFS Name/IP map.
Expiration time for ip-name mappings.

PrincipalName(string, default "nfs")

Kerberos keytab.
The ganesha credential cache.
Whether to activate Kerberos 5. Defaults to true (if Kerberos support is compiled in)

Domain to use if we aren't using the nfsidmap.
Whether to enable idmapping
Cache validity in seconds for idmapped-user entries. The default value is -1, which indicates fallback to older config -- "NFS_CORE_PARAM.Manage_Gids_Expiration", for backward compatibility.
Cache validity in seconds for idmapped-group entries. The default value is -1, which indicates fallback to older config -- "NFS_CORE_PARAM.Manage_Gids_Expiration", for backward compatibility.
List of primary users/service name parts of the principal that should be assigned root privilege. Setting "all" will assign root privilege to all the options. Setting "none" in the list will override the other options in the list.
Max number of cached idmapped users
Max number of cached idmapped groups
Max number of cached user-groups entries
Cache validity in seconds for negative entries
Max number of negative cache users (the ones that failed idmapping)
Max number of negative cache groups (the ones that failed idmapping)
Cache reaping interval in seconds for idmapped cached entites. Its default value is set to 0, which basically means that the cache-reaping is disabled.
Whether to use fully qualified names for idmapping with pw-utils

Whether to disable the sticky grace.
Whether to disable the NFSv4 grace period.
The NFSv4 lease lifetime.
The NFS grace period.
This config param is deprecated. Use DomainName in DIRECTORY_SERVICES config section.
Path to the idmap configuration file.
Whether to use local password (PAM, on Linux) rather than nfsidmap.
Whether to allow bare numeric IDs in NFSv4 owner and group identifiers.
Whether to ONLY use bare numeric IDs in NFSv4 owner and group identifiers.
Whether to allow delegations.
Delay after which server will retry a recall in case of failures
Whether this a pNFS MDS server. For FSAL Gluster, if this is true, set pnfs_mds in gluster block as well.
Whether this a pNFS DS server.
Use different backend for client info:
  • fs : filesystem
  • fs_ng: filesystem (better resiliency)
  • rados_kv : rados key-value
  • rados_ng : rados key-value (better resiliency)
  • rados_cluster: clustered rados backend (active/active)

Specify the root recovery directory for fs or fs_ng recovery backends.
Specify the recovery directory name for fs or fs_ng recovery backends.
Specify the recovery old directory name for fs recovery backend.
List of supported NFSV4 minor version numbers.
Size of the NFSv4.1 slot table
Set true to enforce valid UTF-8 for path components and compound tags
Specify a max limit on number of NFS4 ClientIDs supported by the server. With filesystem recovery backend, each ClientID translates to one directory. With certain workloads, this could result in reaching inode limits of the filesystem that /var/lib/nfs/ganesha is part of. The above limit can be used as a guardrail to prevent getting into this situation.
Specify the value which is common for all cluster nodes. For e.g., Name of the cluster or cluster-id.
Connections to servers with the same server owner can be shared by the client. This is advertised to the client on EXCHANGE_ID.
Specify the maximum number of files that could be opened by a client. One misbehaving client could potentially open multiple files and exhaust the open FD limit allowed by ganesha's cgroup. Beyond this limit, client gets denied if it tries to open too many files. To disable set to ZERO.
Specify the threshold of number of expired clients to be kept in memory post lease period, unless the number of unresponsive clients go over this limit. Ganesha keeps track of all expired clients in LRU fashion and picks the oldest expired client when the number of clients exceeds the max limit. This allows Ganesha to retain the open & lock state and there by helping certain client workloads like MLPerf to run smoothly, even after a network partition.
Specify the maximum number of open files that an unresponsive client could have, beyond which Ganesha won't keep client intact in memory and expire it. Comes to play if the config Expired_Client_Threshold is not set to ZERO.
Specify the max amount of time till which to keep the unresponsive client in memory, beyond which Ganesha would start reaping and expire it off. Comes to play if the config Expired_Client_Threshold is not set to ZERO.

Connection to ceph cluster, should be file path for ceph configuration.
User ID to ceph cluster.
RADOS Namespace in which to store objects
Pool for client info.
Name of the object containing the rados_cluster grace DB
Unique node identifier within rados_cluster

Connection to ceph cluster, should be file path for ceph configuration.
User ID to ceph cluster.
rados:// URL to watch for notifications of config changes. When a notification is received, the server will issue a SIGHUP to itself.

This allows listing of the FSALs that will be used. This assures that the config blocks for those FSALs will not result in an error if no exports are configured using that FSAL. This parameter takes a list of FSAL names and the parameter may be listed multiple times.

April 18, 2025