[CentOS] Netinstall & NFS using local server.

Wed Jan 5 20:10:13 UTC 2011
Lisandro Grullon <lgrullon at CityTech.Cuny.Edu>

ok, playing around with netstat I figure all the ports that need to be open in iptables for this thing to work, I figure having the firewall down was too big of a risk so why not figuring out the ports and opening them in iptables and sharing the knowledge with you guys. The following ports are to be open:

111 tcp/udp
32803 tcp/udp
32769 udp
892 tcp/udp
875 tcp/udp
2049 tcp/udp

If I only mentioned tcp or udp after the port it means either or both, if you see one/two it means both protocols must be enable. Also make sure you tweaked around you /etc/sysconfig/nfs file, I noticed that by default you need to have some of the stuff from there un-comment for it to work, I will post my file so you can use it as a skeleton to change yours. If you have any questions let me know and I will try to help you out.

My nfs config bellow ( this only applies to Centos 5.5), I didn't test in another release.

[root at zeus /]# cat /etc/sysconfig/nfs
#
# Define which protocol versions mountd
# will advertise. The values are "no" or "yes"
# with yes being the default
#MOUNTD_NFS_V1="no"
#MOUNTD_NFS_V2="no"
#MOUNTD_NFS_V3="no"
#
#
# Path to remote quota server. See rquotad(8)
#RQUOTAD="/usr/sbin/rpc.rquotad"
# Port rquotad should listen on.
RQUOTAD_PORT=875
# Optinal options passed to rquotad
#RPCRQUOTADOPTS=""
#
# Optional arguments passed to in-kernel lockd
#LOCKDARG=
# TCP port rpc.lockd should listen on.
LOCKD_TCPPORT=32803
# UDP port rpc.lockd should listen on.
LOCKD_UDPPORT=32769
#
#
# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"
# Turn off v4 protocol support
#RPCNFSDARGS="-N 4"
# Number of nfs server processes to be started.
# The default is 8.
#RPCNFSDCOUNT=8
# Stop the nfsd module from being pre-loaded
#NFSD_MODULE="noload"
#
#
# Optional arguments passed to rpc.mountd. See rpc.mountd(8)
#RPCMOUNTDOPTS=""
# Port rpc.mountd should listen on.
MOUNTD_PORT=892
#
#
# Optional arguments passed to rpc.statd. See rpc.statd(8)
#STATDARG=""
# Port rpc.statd should listen on.
#STATD_PORT=662
# Outgoing port statd should used. The default is port
# is random
STATD_OUTGOING_PORT=2020
# Specify callout program
#STATD_HA_CALLOUT="/usr/local/bin/foo"
#
#
# Optional arguments passed to rpc.idmapd. See rpc.idmapd(8)
#RPCIDMAPDARGS=""
#
# Set to turn on Secure NFS mounts.
#SECURE_NFS="yes"
# Optional arguments passed to rpc.gssd. See rpc.gssd(8)
#RPCGSSDARGS="-vvv"
# Optional arguments passed to rpc.svcgssd. See rpc.svcgssd(8)
#RPCSVCGSSDARGS="-vvv"
# Don't load security modules in to the kernel
#SECURE_NFS_MODS="noload"
#
# Don't load sunrpc module.
#RPCMTAB="noload"
#

Best of luck! and thank you for the clues.



>>> "Lisandro Grullon"  01/05/11 12:31 PM >>>
ok, I got things working flawlessly. Call me stupid for not checking the sha1sum of the DVD ISO of the first mirror. When I checked the ISO sha1sum it didn't check the posted figure under the centos.org, so I thought something may be wrong witht hat DVD ISO. I re downloaded the ISO and its all working flawlessly now, off course I won't go into the details of the firewall issues and the actual NFS configuration, I will create a video to help people out doing this install via NFS. Anyone recomended a good screen capture application to do this task, after I create it I will posted in youtube for all to see it. Thank you all and don't forget to check all your sha1sum or md5 keys from DVD or CD ISO, it looks like we can't trust the actual mirrors. Thank you again.

NFS install is mega fast in a 1Gbps network. My hard drive is the slow horse now.

>>> Rajagopal Swaminathan  01/05/11 12:16 PM >>>
Greetings,

On 1/5/11, Lisandro Grullon  wrote:
> I am learning Centos from the ground up,
> I need to learn how to install this via NFS.
> I am aware that FTp and HTTP and options available, but what is the point of
> having NFS during the install if it doesn't work.

Now, Let us distinguish between first install in any setup and future
installs/re-installs

Now the first install part. This is the long way. at least. full
install preferred. once and highly recommended -- helps later in
troubleshooting network scenario quickly through the first machine.
Let us call this Machine FirstFullCentos for this example.

Now one needs an existing server -- say like FirstFullCentos to carry
out further installs.

Of course

> I need to find a way to
> get the installation going at least for learning purposes. If you have any
> clues give me a hand, I am not planning to have to running in my environment
> but at least i would have the concept under my belt. Thank you.
>
>>>> Nico Kadel-Garcia  01/04/11 7:25 PM >>>
> On Tue, Jan 4, 2011 at 2:43 PM, Lisandro Grullon
>  wrote:
>> Dear CentOS community,
>> I have install centos via CD, DVD and Directly off the net via http and
>> FTP.
>> Now I want to do a NFS install from a local server and a client. Both,
>> client and server are in the same vlan 10.14.10.0/255.255.255.0.
>
> *Don't*. From painful experience, the NFS is very fragile to local
> network interruptions and tends to leave unreleased mountpoints
> reported on the NFS server, which makes getting meaningful monitoring
> of the server quite awkward.

HUmmm.. did you say in NFS udp mode?

>
>> The server has a static 10.14.10.15 address and the client gets its own
>> address via DHCP. I download the DVD image from one of the mirrors and
>> placed it under /centos-media/centosdvd32/DVD/CentOS-5.5-i386-bin-DVD.iso
>> which is a dedicated partition on the server to hold all images. After
>> that
>> I exported the usual entries under /etc/exports and reloaded NFS using
>> /sbin/service nfs reload. This is what my exports file looks like:
>>
>> [root at zeus DVD]# cat /etc/exports
>> /centos-media/centosdvd64 10.14.10.0/255.255.255.0(ro,sync,all_squash)
>> /centos-media/centosdvd32/DVD 10.14.10.0/255.255.255.0(ro,sync,all_squash)
>>
>> After doing so, I also modified the entries under IPtables to allow
>> traffic
>> in 111 and 2049 at the UDP/TCP level and restarted the service as shown
>> bellow.
>
> Oh, dear. This sort of thing is requirement is why you simply run a
> light FTP or HTTP server and make it accessible that way. It's
> nominally slower, but the difference is hardly noticeable.
>
>> [root at zeus DVD]# cat /etc/sysconfig/iptables
>> # Firewall configuration written by system-config-securitylevel
>> # Manual customization of this file is not recommended.
>> *filter
>> :INPUT ACCEPT [0:0]
>> :FORWARD ACCEPT [0:0]
>> :OUTPUT ACCEPT [0:0]
>> :RH-Firewall-1-INPUT - [0:0]
>> -A INPUT -j RH-Firewall-1-INPUT
>> -A FORWARD -j RH-Firewall-1-INPUT
>> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
>> -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>> -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
>> -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
>> -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
>> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
>> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
>> -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>> -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j
>> ACCEPT
>> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>> -A RH-Firewall-1-INPUT -s 10.14.10.0/24 -m state --state NEW -p tcp
>> --dport
>> 2049 -j ACCEPT
>> -A RH-Firewall-1-INPUT -s 10.14.10.0/24 -m state --state NEW -p tcp
>> --dport
>> 111 -j ACCEPT
>> -A RH-Firewall-1-INPUT -s 10.14.10.0/24 -m state --state NEW -p udp
>> --dport
>> 2049 -j ACCEPT
>> -A RH-Firewall-1-INPUT -s 10.14.10.0/24 -m state --state NEW -p udp
>> --dport
>> 111 -j ACCEPT
>> COMMIT
>>
>> [root at zeus DVD]# /sbin/service iptables restart
>>
>> When I try loading the net-install disc from the client i get to the area
>> where I specify the Ip of the server and the NFS path in the server,
>> hitting
>> enter returns "That directory does not seem to contain CentOS installation
>> tree", I triple check the ISO and I know its there with all appropriate
>> permissions. Can someone tell me what am I missing? I have spend all day
>> trying to get NFS working in the local vlan, i know that all ports are
>> open
>> within the vlan at the routers level. Any clues?
>
> What is the actual path you are giving it? Are you looking at the top
> of the relevant NFS exported directory? And did you pout all the
> contents of the ISO image there, are are you doing somehing stranger?

Did you mount the ISO at the /centos-media/centosdvd64 mountpoint on
10.14.10.15?

Couldn't locate the output of your mount command on 10.14.10.15.

what can say, anyways HTH,

Regards,

Rajagopal
_______________________________________________
CentOS mailing list
CentOS at centos.org
http://lists.centos.org/mailman/listinfo/centos

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110105/403bc05d/attachment-0005.html>