NFS servers
| Line 1: | Line 1: | ||
| − | NFS is the standard way to use network file systems in a Unix environment. As such, UGCS employs several. We recently gained the ability to quickly configure and deploy NFS servers using cfengine. Future improvements involve using Kerberos to authenticate and secure via NFS4. | + | NFS is the standard way to use network file systems in a Unix environment. As such, UGCS employs several. We recently gained the ability to quickly configure and deploy NFS servers using cfengine. Furthermore, we also use cfengine to mount NFS (except for mounts essential in the boot process). Future improvements involve using Kerberos to authenticate and secure via NFS4. |
=Cfengine= | =Cfengine= | ||
All of the NFS servers will be put into a cfengine class that overwrites the /etc/exports file when cfrun is activated. This class will also restart nfs-kernel-server to take the new settings into effect. Then, each group of servers will have an separate class that concatenates the appropriate exports files to this blank file. | All of the NFS servers will be put into a cfengine class that overwrites the /etc/exports file when cfrun is activated. This class will also restart nfs-kernel-server to take the new settings into effect. Then, each group of servers will have an separate class that concatenates the appropriate exports files to this blank file. | ||
| + | |||
| + | Servers mounting various NFS shares will be grouped into classes (depending on the share). Then, cfengine will locally edit /etc/fstab to update the mount points and remount. | ||
==Exports== | ==Exports== | ||
| Line 12: | Line 14: | ||
==Relevant files== | ==Relevant files== | ||
* /afs/.../cfengine/global/inputs/cfagent.conf - contains class definitions | * /afs/.../cfengine/global/inputs/cfagent.conf - contains class definitions | ||
| − | * /afs/.../cfengine/global/inputs/nfs.conf - NFS server commands | + | * /afs/.../cfengine/global/inputs/nfs.conf - NFS server and mount commands |
* /afs/.../cfengine/hosts/nfs/<exports> - export definitions imported by cfengine | * /afs/.../cfengine/hosts/nfs/<exports> - export definitions imported by cfengine | ||
* /afs/.../configurator/generate_nfs_exports.py - creates the keytab export from the UGCSComputer pickle | * /afs/.../configurator/generate_nfs_exports.py - creates the keytab export from the UGCSComputer pickle | ||
| Line 19: | Line 21: | ||
* [[Apollo]] - common keys for shellservers | * [[Apollo]] - common keys for shellservers | ||
* [[Apollo]] - common opt for shellservers | * [[Apollo]] - common opt for shellservers | ||
| − | * [[ | + | * [[Apollo]] - large shared filespace for groups |
* [[Demeter]] - cfengine root (not configured by cfengine) | * [[Demeter]] - cfengine root (not configured by cfengine) | ||
| + | |||
| + | =Current NFS mount groups (in cfengine)= | ||
| + | |||
| + | * nfs_shared - [[Poseidon]] and [[Shellservers]] | ||
==See Also== | ==See Also== | ||
[[Category:Sysadmin_Documentation]] | [[Category:Sysadmin_Documentation]] | ||
Revision as of 05:53, 29 April 2010
NFS is the standard way to use network file systems in a Unix environment. As such, UGCS employs several. We recently gained the ability to quickly configure and deploy NFS servers using cfengine. Furthermore, we also use cfengine to mount NFS (except for mounts essential in the boot process). Future improvements involve using Kerberos to authenticate and secure via NFS4.
Contents |
Cfengine
All of the NFS servers will be put into a cfengine class that overwrites the /etc/exports file when cfrun is activated. This class will also restart nfs-kernel-server to take the new settings into effect. Then, each group of servers will have an separate class that concatenates the appropriate exports files to this blank file.
Servers mounting various NFS shares will be grouped into classes (depending on the share). Then, cfengine will locally edit /etc/fstab to update the mount points and remount.
Exports
Each individual set of exports is self-contained, and ideally configured for an individual purpose. If a server pulls double duty, it should be entered into multiple classes and thus have multiple concatenated exports files.
Keytab exports
At the moment, the keytabs are generated separately (vis configurator). This will need to be automatically generated eventually.
Relevant files
- /afs/.../cfengine/global/inputs/cfagent.conf - contains class definitions
- /afs/.../cfengine/global/inputs/nfs.conf - NFS server and mount commands
- /afs/.../cfengine/hosts/nfs/<exports> - export definitions imported by cfengine
- /afs/.../configurator/generate_nfs_exports.py - creates the keytab export from the UGCSComputer pickle
Current NFS servers
- Apollo - common keys for shellservers
- Apollo - common opt for shellservers
- Apollo - large shared filespace for groups
- Demeter - cfengine root (not configured by cfengine)
Current NFS mount groups (in cfengine)
- nfs_shared - Poseidon and Shellservers
