FedFsNfsDomainRoot0.9

From Linux NFS

(Difference between revisions)
Jump to: navigation, search
(Explicit sec= setting on domain root is required due to mountd bug)
 
(13 intermediate revisions not shown)
Line 13: Line 13:
== Introduction ==
== Introduction ==
-
A FedFS domain root directory is the top-level directory of a FedFS domain.  It is what is visible when a FedFS-enabled client mounts the top of a FedFS domain name space.  Typically the client mounts the directory at /nfs4/<fedfs-domain-name> .
+
A [[FedFsGlossary#Domain_Root_Directory|FedFS domain root directory]] is the top-level directory of a FedFS domain.  It is what is visible when a FedFS-enabled client mounts the top of a [[FedFsGlossary#FedFS_Domain|FedFS domain]] namespace.  Typically a FedFS-enabled NFS client mounts the directory at /nfs4/''fedfs-domain-name'' .
-
A FedFS domain root usually contains nothing but junctions that refer clients to more interesting NFS servers that hold actual data.  The domain root is simply a starting point for accessing the rest of a domain's name space.
+
A FedFS domain root usually contains nothing but junctions that refer clients to file servers that hold more interesting content, like user directories.  The domain root is simply a starting point for accessing the rest of a domain's name space.
-
This article describes an easy way to set up a FedFS domain root on a recent vintage Linux NFS server.
+
This article describes an easy way to set up a FedFS domain root on a Linux NFS server.
== Select one or more NFS servers to host the domain root export ==
== Select one or more NFS servers to host the domain root export ==
Line 23: Line 23:
The domain root directory typically sees little traffic, particularly since an individual domain root directory contains little data.  However, clients depend on the domain root directory being available to access all other files in a FedFS domain.  A server with high availability is recommended for this role.
The domain root directory typically sees little traffic, particularly since an individual domain root directory contains little data.  However, clients depend on the domain root directory being available to access all other files in a FedFS domain.  A server with high availability is recommended for this role.
-
The NFS server you choose for this role can host more than one domain root directory.
+
The NFS server you choose for this role can host the domain root directory for more than one FedFS domain.  It can export other filesystems as well.
-
Several servers can play host to the same domain root export, as long as there is a mechanism for keeping the content of the domain root export precisely in sync across all the NFS servers.  The DNS SRV format which is used by clients to find FedFS domain root directories can list one or more servers as a FedFS domain's root directory server.
+
Several servers can play host to the same domain root export, as long as there is a mechanism for keeping the content of the domain root export precisely in sync across all the NFS servers (for example, try rsync with the --xattrs option to sync junctions).  The DNS SRV format which is used by clients to find FedFS domain root directories can list one or more servers as a FedFS domain's root directory server.
Once you have chosen an NFS server, set it up as a FedFS enabled NFS server.
Once you have chosen an NFS server, set it up as a FedFS enabled NFS server.
Line 31: Line 31:
== Create the domain root export and directories ==
== Create the domain root export and directories ==
-
FedFS-enabled clients use a well-known export pathname when contacting the NFS server that exports a FedFS domain root.  That pathname is "/.domainroot/<fedfs-domain-name>".
+
FedFS-enabled clients use a well-known export pathname when contacting the NFS server that exports a FedFS domain root.  That pathname is /.domainroot/''fedfs-domain-name'' .
The easiest method for creating a domain root export is to create a directory called "/.domainroot" readable by everyone.  Log into the NFS server that will host the domain root export and use the following commands:
The easiest method for creating a domain root export is to create a directory called "/.domainroot" readable by everyone.  Log into the NFS server that will host the domain root export and use the following commands:
Line 38: Line 38:
   $ sudo chmod 755 /.domainroot
   $ sudo chmod 755 /.domainroot
-
While this directory does not typically contain much data, you may also wish to create a new local file system on the NFS server and mount it on /.domainroot.  This is entirely optional.
+
While this directory does not typically contain much data, it is slightly more secure to create a new local file system on the NFS server and mount it on /.domainroot.  This is entirely optional, however.
FedFS domain root directories are created under this directory.  For example, if you want to create the domain root directory for the "example.net" FedFS domain, use the following command:
FedFS domain root directories are created under this directory.  For example, if you want to create the domain root directory for the "example.net" FedFS domain, use the following command:
Line 47: Line 47:
You can create more than one domain root directory here.
You can create more than one domain root directory here.
-
We describe how to create junctions to other NFS exports in your FedFS domain, or add other content, in another article.
+
Read about how to add content to your FedFS domain root directory in [[FedFsNfsServer0.9|Setting up junction resolution support on your Linux NFS Server]] and [[FedFsNfsRefGuide0.9|Managing junctions with the nfsref command]].
== Export the domain root directory ==
== Export the domain root directory ==
-
Now make the domain root export visible to clients by editing the server's /etc/exports file.  Add the following line to /etc/exports:
+
Now make the domain root export and its subdirectories visible to clients by editing the server's /etc/exports file.  Add the following line to /etc/exports:
-
   /.domainroot    *(ro,insecure)
+
   /.domainroot    *(ro,sec=sys,insecure)
-
This makes the export readable by all NFS clients.  (No clients should be allowed to write these directories, particularly because there is no mechanism in the NFS protocol that can create a junction.  They must be created locally on the NFS server.) Of course, you can restrict access to it or add other export options here as needed. Junctions below this export automatically inherit the options you set here.  Have a look at '''exports(8)''' for an explanation of what these export options mean.
+
NFS clients should not be allowed to write these directories, particularly because there is no mechanism in the NFS protocol that can create a junction.  Junctions must be created locally on the NFS server.  Of course, you can restrict access to it or add other export options here as needed.
 +
 
 +
With mountd from nfs-utils 1.2.7 or later, junctions below this export automatically inherit the export options set for /.domainroot.  Have a look at '''exports(8)''' for an explanation of what these export options mean.
If there is already an NFS service running on this host, update the kernel exports list with the following command:
If there is already an NFS service running on this host, update the kernel exports list with the following command:
Line 65: Line 67:
   $ sudo systemctl enable nfs-server.service
   $ sudo systemctl enable nfs-server.service
   $ sudo systemctl start nfs-server.service
   $ sudo systemctl start nfs-server.service
 +
 +
== Backwards compatibility ==
 +
 +
The standard export path for FedFS domain root directories is specified in RFC 6641.  Preliminary versions of this document specified a different and incompatible export path for domain root directories.  If your domain must support legacy FedFS clients (for example, clients still using fedfs-utils-0.8) you may want to provide both types of domain root directories.
 +
 +
See [[FedFsNfsDomainRoot0.8|Setting up a FedFS domain root server]] in the fedfs-utils-0.8 Installation Guide for more details.

Latest revision as of 16:42, 21 March 2013

Contents

Project: fedfs-utils

[ Project Home | News | Downloads | Docs | Mailing Lists | Source Control | Issues ]


Introduction

A FedFS domain root directory is the top-level directory of a FedFS domain. It is what is visible when a FedFS-enabled client mounts the top of a FedFS domain namespace. Typically a FedFS-enabled NFS client mounts the directory at /nfs4/fedfs-domain-name .

A FedFS domain root usually contains nothing but junctions that refer clients to file servers that hold more interesting content, like user directories. The domain root is simply a starting point for accessing the rest of a domain's name space.

This article describes an easy way to set up a FedFS domain root on a Linux NFS server.

Select one or more NFS servers to host the domain root export

The domain root directory typically sees little traffic, particularly since an individual domain root directory contains little data. However, clients depend on the domain root directory being available to access all other files in a FedFS domain. A server with high availability is recommended for this role.

The NFS server you choose for this role can host the domain root directory for more than one FedFS domain. It can export other filesystems as well.

Several servers can play host to the same domain root export, as long as there is a mechanism for keeping the content of the domain root export precisely in sync across all the NFS servers (for example, try rsync with the --xattrs option to sync junctions). The DNS SRV format which is used by clients to find FedFS domain root directories can list one or more servers as a FedFS domain's root directory server.

Once you have chosen an NFS server, set it up as a FedFS enabled NFS server.

Create the domain root export and directories

FedFS-enabled clients use a well-known export pathname when contacting the NFS server that exports a FedFS domain root. That pathname is /.domainroot/fedfs-domain-name .

The easiest method for creating a domain root export is to create a directory called "/.domainroot" readable by everyone. Log into the NFS server that will host the domain root export and use the following commands:

 $ sudo mkdir /.domainroot
 $ sudo chmod 755 /.domainroot

While this directory does not typically contain much data, it is slightly more secure to create a new local file system on the NFS server and mount it on /.domainroot. This is entirely optional, however.

FedFS domain root directories are created under this directory. For example, if you want to create the domain root directory for the "example.net" FedFS domain, use the following command:

 $ sudo mkdir -p /.domainroot/example.net
 $ sudo chmod 755 /.domainroot/example.net

You can create more than one domain root directory here.

Read about how to add content to your FedFS domain root directory in Setting up junction resolution support on your Linux NFS Server and Managing junctions with the nfsref command.

Export the domain root directory

Now make the domain root export and its subdirectories visible to clients by editing the server's /etc/exports file. Add the following line to /etc/exports:

 /.domainroot    *(ro,sec=sys,insecure)

NFS clients should not be allowed to write these directories, particularly because there is no mechanism in the NFS protocol that can create a junction. Junctions must be created locally on the NFS server. Of course, you can restrict access to it or add other export options here as needed.

With mountd from nfs-utils 1.2.7 or later, junctions below this export automatically inherit the export options set for /.domainroot. Have a look at exports(8) for an explanation of what these export options mean.

If there is already an NFS service running on this host, update the kernel exports list with the following command:

 $ sudo exportfs -rv

Otherwise, if there is no NFS service running, start one:

 $ sudo systemctl enable nfs-server.service
 $ sudo systemctl start nfs-server.service

Backwards compatibility

The standard export path for FedFS domain root directories is specified in RFC 6641. Preliminary versions of this document specified a different and incompatible export path for domain root directories. If your domain must support legacy FedFS clients (for example, clients still using fedfs-utils-0.8) you may want to provide both types of domain root directories.

See Setting up a FedFS domain root server in the fedfs-utils-0.8 Installation Guide for more details.

Personal tools