Setting up NFS4:

Zusätzlich musste ich unter Ubuntu folgendes Paket installieren:

sudo apt-get install nfs4-acl-tools

Dann die /etc/fstab :

192.168.123.95:/var/nfs4exports      /home/gerald/Server/files     nfs4     soft,intr,rsize=8192,wsize=8192    0 0
# old version: 192.168.123.95:/var/files      /home/gerald/Server/files     nfs     soft,intr,rsize=8192,wsize=8192    0 0
 exec,nosuid,ro,rsize=8192,wsize=8192    0 0
192.168.123.95:/nfs4exports/pictures /home/gerald/Server/pictures      nfs4     soft,intr,rsize=8192,wsize=8192    0 0

Ausserdem musste ich beim Server noch ein 'nohide' beim nfs4-root-Export einfügen. Meine (funktionierende) /etc/exports sieht so aus:

/nfs4exports        192.168.123.2/255.255.255.0(ro,nohide,sync,insecure,root_squash,no_subtree_check,fsid=0) 
/nfs4exports/files	192.168.123.2/255.255.255.0(rw,nohide,sync,insecure,root_squash,no_subtree_check)
/nfs4exports/pictures    192.168.123.2/255.255.255.0(rw,nohide,sync,insecure,root_squash,no_subtree_check)

Quelle1)

I have been running in to numerous problems with locking over NFS lately and in desperation I have decided to set up NFSv4 and mount my shares using that. The reason for the upgrade is simply because NFSv3 doesn't handle locking very well. Im not convicend that NFSv4 handles locking well enough to make it work for what I want but it looks like the set up isn't that hard so I'm going to give it a spin.

Why Upgrade to NFSv4

There are numerous advantages to using NFSv3 over previous versions to name but a few they are:

  • Locking and mounting is now handled directly by the NFS protocol rather than by seperate deamons.
  • The protocol is now stateful so crashes are handled more cleanly.
  • There is far more caching so NFS is now much faster.
  • Fully standardized protocol over seen by IETF.
  • Much more secure - introduction of RPCSEC_GSS.
  • Handles UTF8 correctly.

Kernels from 2.6 onwards come with NFSv4 built in so if you are still running a 2.4 kernel it's time to upgrade. Setting up the server is really very siliar to setting up NFSv3 and so I refer you to the setting up NFS guide that I have already put together suffice to say you need to install nfs-kernel-server and portmap. The big difference with NFSv4 over previous versions is in the way exports are handled. Rather than have several (easy to understand) exports you now have to build a virtual export tree. There are upsides and downsides to the new export syntax. Personally I think I preferred the old style but it did have the disadvantage of being a bit fragile and inflexible. The upside was that you didn't need to put bind mounts all over the place.

Creating the Pseudo File System

First off create a directory under / called nfs4exports as root:

mkdir -m 1777 /nfs4exports

This will be the root of the pseudo file system for the export. In effect this is / to the machines that can see the NFS exports. We give the directory full permissions so that clients can access the items under it. In most situations I expect there will be a number of bid mounted directories under this directory that clients will actually mount.

In this example I'm aiming to provide two main resources to the clients. The first is their home directories the second is a data directory. Thus the NFS pseudo file system will have the points /, /home and /data (as well as any directories under these of course). I have chosen to make the / directory read only. The idea behind this is that I don't want people mounting / and writting files to it when what I really want them to do is mount /home or /data. It also means that in the future I can easily add a directory under / that contains read only content. To get started add the following to /etc/exports

/nfs4exports        192.168.0.0/24(ro,sync,insecure,root_squash,no_subtree_check,fsid=0) 

This line expors the /nfs4exports directory as the root of the NFS pseudo file system to the whole of the local network. We know that this specifies the root of the pseudo file system beause of the fsid=0 option. Once you have made changes to /etc/exports run

exportfs -rv

To re-export all the filesystems. We now want to include /home and /data under this root export which is done as follows. Create bind mount points under /nfs4exports called, wait for it, home and data:

cd /nfs4exports
mkdir -m 1777 data 
mkdir -m 1777 home

Then bind mount /data and /home to /nfs4exports/data and /nfs4exports/home respectivly.

mount --bind /data data 
mount --bind /home home 

To make these bindings permanent they need to be added to /etc/fstab which I will do later after I have tested they work. For now export the home and data directories so that they are read-writable.

/nfs4exports/data   192.168.0.0/24(rw,nohide,sync,insecure,root_squash,no_subtree_check)
/nfs4exports/home   192.168.0.0/24(rw,nohide,sync,insecure,root_squash,no_subtree_check) 

I found that I needed to restart the nfs server to make these exports visible to the world but I suspect that was because I screwed something up the first time round. The nohide option is necessary even though the exports man page indicates that bad things can happen when it is used. The home and data directories are bind mounted into the nfs4exports directory so when they themselves are exported a little bit of security kicks in that only lets the client see an empty directory. The nohide argument presents them with the files.

On the client mount the directories with a command similar to this:

mount -t nfs4 server:/data /data

Or if you are mounting at boot time an entry in /etc/fstab like this:

server:/data /data nfs4 rw 0 0

The bind mounts on the server can be specified in the /etc/fstab like this:

/data           /nfs4exports/data   none    rw,bind 0   0
/home           /nfs4exports/home   none    rw,bind 0   0 

I think that should just about be all you need to do to get NFSv4 working. Like previous versions of NFS it really is a simple to set up but still very powerful. On a positive note the appliications (digiKam and Open Office) that wouldn't run under NFSv3 work fine under NFSv4.

 
Nach oben
nfs/nfs4.txt · Zuletzt geändert: 2024/02/29 13:36 von 127.0.0.1
chimeric.de = chi`s home Creative Commons License Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0
DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp   Dogecoin Donations Accepted Here    DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp  DFmW2CEce3htPL1uNQuHUVu4Tk6WXigFQp