FedFsNfsDomainRoot0.8
From Linux NFS
Chucklever (Talk | contribs) (→Select one or more NFS servers to host the domain root export) |
Chucklever (Talk | contribs) (Explicit sec=sys is needed due to a mountd bug) |
||
(3 intermediate revisions not shown) | |||
Line 13: | Line 13: | ||
== Introduction == | == Introduction == | ||
- | A | + | A [[FedFsGlossary#Domain_Root_Directory|FedFS domain root directory]] is the top-level directory of a FedFS domain. It is what is visible when a FedFS-enabled client mounts the top of a [[FedFsGlossary#FedFS_Domain|FedFS domain]] namespace. Typically a FedFS-enabled NFS client mounts the directory at /nfs4/''fedfs-domain-name'' . |
A FedFS domain root usually contains nothing but junctions that refer clients to file servers that hold more interesting content, like user directories. The domain root is simply a starting point for accessing the rest of a domain's name space. | A FedFS domain root usually contains nothing but junctions that refer clients to file servers that hold more interesting content, like user directories. The domain root is simply a starting point for accessing the rest of a domain's name space. | ||
- | This article describes an easy way to set up a FedFS domain root on a | + | This article describes an easy way to set up a FedFS domain root on a Linux NFS server. |
== Select one or more NFS servers to host the domain root export == | == Select one or more NFS servers to host the domain root export == | ||
Line 38: | Line 38: | ||
# chmod 755 /.domainroot-example.net | # chmod 755 /.domainroot-example.net | ||
- | Read about how to add content to your FedFS domain root directory in [[ | + | Read about how to add content to your FedFS domain root directory in [[FedFsNfsServer0.8|Setting up junction resolution support on your Linux NFS Server]] and [[FedFsNfsRefGuide0.8|Managing referrals with the nfsref command]]. |
== Export the domain root directory == | == Export the domain root directory == | ||
Line 44: | Line 44: | ||
A separate line in /etc/exports must be added for each FedFS domain root directory. Continuing the above example for the example.net domain, prepare to export it by adding this line to /etc/exports: | A separate line in /etc/exports must be added for each FedFS domain root directory. Continuing the above example for the example.net domain, prepare to export it by adding this line to /etc/exports: | ||
- | /.domainroot-example.net *(ro,insecure) | + | /.domainroot-example.net *(ro,sec=sys,insecure) |
- | This makes the export readable by all NFS clients. NFS clients should not be allowed to write these directories, particularly because there is no mechanism in the NFS protocol that can create a junction. | + | This makes the export readable by all NFS clients. NFS clients should not be allowed to write these directories, particularly because there is no mechanism in the NFS protocol that can create a junction. Junctions must be created locally on the NFS server. Of course, you can restrict access to it or add other export options here as needed. See the '''exports(5)''' man page for more information. |
If there is already an NFS service running on this host, update the kernel exports list with the following command: | If there is already an NFS service running on this host, update the kernel exports list with the following command: |
Latest revision as of 16:36, 21 March 2013
Contents |
Project: fedfs-utils
[ Project Home | News | Downloads | Docs | Mailing Lists | Source Control | Issues ]
Introduction
A FedFS domain root directory is the top-level directory of a FedFS domain. It is what is visible when a FedFS-enabled client mounts the top of a FedFS domain namespace. Typically a FedFS-enabled NFS client mounts the directory at /nfs4/fedfs-domain-name .
A FedFS domain root usually contains nothing but junctions that refer clients to file servers that hold more interesting content, like user directories. The domain root is simply a starting point for accessing the rest of a domain's name space.
This article describes an easy way to set up a FedFS domain root on a Linux NFS server.
Select one or more NFS servers to host the domain root export
The domain root directory typically sees little traffic, particularly since an individual domain root directory contains little data. However, clients depend on the domain root directory being available to access all other files in a FedFS domain. A server with high availability is recommended for this role.
The NFS server you choose for this role can host the domain root directory for more than one FedFS domain. It can export other filesystems as well.
Several servers can play host to the same domain root export, as long as there is a mechanism for keeping the content of the domain root export precisely in sync across all the NFS servers (for example, try rsync with the --xattrs option to sync junctions). The DNS SRV format which is used by clients to find FedFS domain root directories can list one or more servers as a FedFS domain's root directory server.
Once you have chosen an NFS server, set it up as a FedFS enabled NFS server.
Create the domain root export and directories
FedFS-enabled clients use a well-known export pathname when contacting the NFS server that exports a FedFS domain root. That pathname is /.domainroot-fedfs-domain-name .
Create a physical directory on your domain root fileserver for each domain root you export. For example, if you want to create the domain root directory for the "example.net" FedFS domain, use the following commands:
# mkdir /.domainroot-example.net # chmod 755 /.domainroot-example.net
Read about how to add content to your FedFS domain root directory in Setting up junction resolution support on your Linux NFS Server and Managing referrals with the nfsref command.
Export the domain root directory
A separate line in /etc/exports must be added for each FedFS domain root directory. Continuing the above example for the example.net domain, prepare to export it by adding this line to /etc/exports:
/.domainroot-example.net *(ro,sec=sys,insecure)
This makes the export readable by all NFS clients. NFS clients should not be allowed to write these directories, particularly because there is no mechanism in the NFS protocol that can create a junction. Junctions must be created locally on the NFS server. Of course, you can restrict access to it or add other export options here as needed. See the exports(5) man page for more information.
If there is already an NFS service running on this host, update the kernel exports list with the following command:
# exportfs -rv
Otherwise, if there is no NFS service running yet, start one:
# systemctl enable nfs-server.service # systemctl start nfs-server.service