After getting a reasonably configured NFS4 setup working on my Scientific Linux server, I spent a majority of my evening trying to do the same with my Centos 5 box, with fruitless results. Most attempts to mount that server returns the following message:
[root@sl01 log]# mount -t nfs4 192.168.15.200:/opt/company_data /mnt mount.nfs4: Operation not permitted
As nearest as I can tell, I was able to setup the ports correctly in /etc/sysconfig/nfs
[root@centos sysconfig]# grep -v # nfs RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662
As well as my /etc/services file:
# Local services rquotad 875/tcp lockd 32803/tcp lockd 32769/tcp mountd 892/tcp statd 662/tcp rquotad 875/udp lockd 32803/udp lockd 32769/udp mountd 892/udp statd 662/udp [root@centos sy
rpcinfo -p seems fine (although I understand that is not relevent with nfs4)
[root@centos sysconfig]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 662 status 100024 1 tcp 662 status 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 tcp 875 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd
And services are running:
[root@centos sysconfig]# service nfs status rpc.mountd (pid 6321) is running... nfsd (pid 6318 6317 6316 6315 6314 6313 6312 6311) is running... rpc.rquotad (pid 6306) is running... [root@centos sysconfig]# service nfslock status rpc.statd (pid 6248) is running... [root@centos sysconfig]# service portmap status portmap (pid 6210) is running...
And firewall is open both ways:
[root@centos sysconfig]# iptables -n -L | grep -E '(2049|111|32759|32803|662|875|892)' ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:875 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:662 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:875 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875
I am about to mount via NFS3, so that part I know works.
Is there a known problem with NFS4 on Centos (or Red Hat) 5? Or am I missing something someplace?
- Rilindo
On Mon, May 30, 2011 at 9:31 PM, RILINDO FOSTER rilindo@me.com wrote:
After getting a reasonably configured NFS4 setup working on my Scientific Linux server, I spent a majority of my evening trying to do the same with my Centos 5 box, with fruitless results. Most attempts to mount that server returns the following message:
[root@sl01 log]# mount -t nfs4 192.168.15.200:/opt/company_data /mnt mount.nfs4: Operation not permitted
As nearest as I can tell, I was able to setup the ports correctly in /etc/sysconfig/nfs
[root@centos sysconfig]# grep -v # nfs RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662
[root@centos sysconfig]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 662 status 100024 1 tcp 662 status 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 tcp 875 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd
And services are running:
[root@centos sysconfig]# service nfs status rpc.mountd (pid 6321) is running... nfsd (pid 6318 6317 6316 6315 6314 6313 6312 6311) is running... rpc.rquotad (pid 6306) is running... [root@centos sysconfig]# service nfslock status rpc.statd (pid 6248) is running... [root@centos sysconfig]# service portmap status portmap (pid 6210) is running...
And firewall is open both ways:
[root@centos sysconfig]# iptables -n -L | grep -E '(2049|111|32759|32803|662|875|892)' ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:875 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:662 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:875 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875
I am about to mount via NFS3, so that part I know works.
Is there a known problem with NFS4 on Centos (or Red Hat) 5? Or am I missing something someplace?
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?)
I can try to play around with the idmapd.conf and set the fsid=0 option. What bugs me, though, is that neither option is enabled on the SL6/RHES6 server and I am able to mount via nfs4:
[root@centos sysconfig]# nfsstat Server rpc stats: calls badcalls badauth badclnt xdrcall 154 0 0 0 0
Server nfs v3: null getattr setattr lookup access readlink 28 36% 27 35% 0 0% 0 0% 0 0% 0 0% read write create mkdir symlink mknod 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% remove rmdir rename link readdir readdirplus 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% fsstat fsinfo pathconf commit 3 3% 16 20% 3 3% 0 0%
Server nfs v4: null compound 32 45% 38 54%
Server nfs v4 operations: op0-unused op1-unused op2-future access close commit 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% create delegpurge delegreturn getattr getfh link 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% lock lockt locku lookup lookup_root nverify 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% open openattr open_conf open_dgrd putfh putpubfh 0 0% 0 0% 0 0% 0 0% 0 0% 0 0% putrootfh read readdir readlink remove rename 35 92% 0 0% 0 0% 0 0% 0 0% 0 0% renew restorefh savefh secinfo setattr setcltid 1 2% 0 0% 0 0% 0 0% 0 0% 1 2% setcltidconf verify write rellockowner 1 2% 0 0% 0 0% 0 0%
Client rpc stats: calls retrans authrefrsh 38 0 0
Client nfs v4: null read write commit open open_conf 0 0% 0 0% 0 0% 0 0% 1 2% 1 2% open_noat open_dgrd close setattr fsinfo renew 0 0% 0 0% 1 2% 1 2% 4 11% 0 0% setclntid confirm lock lockt locku access 1 2% 1 2% 0 0% 0 0% 0 0% 2 5% getattr lookup lookup_root remove rename link 7 19% 5 13% 2 5% 0 0% 0 0% 0 0% symlink create pathconf statfs readlink readdir 0 0% 0 0% 0 0% 2 5% 0 0% 2 5% server_caps delegreturn 6 16% 0
root@centos sysconfig]# cat /etc/mtab /dev/sda6 / ext3 rw 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 /dev/sda8 /home ext3 rw 0 0 /dev/sda5 /usr ext3 rw 0 0 /dev/sda3 /opt ext3 rw 0 0 /dev/sda2 /var ext3 rw 0 0 /dev/sda1 /boot ext3 rw 0 0 tmpfs /dev/shm tmpfs rw 0 0 none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0 sunrpc /var/lib/nfs/rpc_pipefs rpc_pipefs rw 0 0 nfsd /proc/fs/nfsd nfsd rw 0 0 /opt/company_data /exports/company_data none rw,bind 0 0 192.168.15.100:/opt/company_data /mnt nfs4 rw,addr=192.168.15.100 0 0
(Of course, it could be that SL6 did things a little differently with their distro's implementation of NFS4, but I doubt it).
On May 30, 2011, at 10:29 PM, Tom H wrote:
On Mon, May 30, 2011 at 9:31 PM, RILINDO FOSTER rilindo@me.com wrote:
After getting a reasonably configured NFS4 setup working on my Scientific Linux server, I spent a majority of my evening trying to do the same with my Centos 5 box, with fruitless results. Most attempts to mount that server returns the following message:
[root@sl01 log]# mount -t nfs4 192.168.15.200:/opt/company_data /mnt mount.nfs4: Operation not permitted
As nearest as I can tell, I was able to setup the ports correctly in /etc/sysconfig/nfs
[root@centos sysconfig]# grep -v # nfs RQUOTAD_PORT=875 LOCKD_TCPPORT=32803 LOCKD_UDPPORT=32769 MOUNTD_PORT=892 STATD_PORT=662
[root@centos sysconfig]# rpcinfo -p program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100024 1 udp 662 status 100024 1 tcp 662 status 100011 1 udp 875 rquotad 100011 2 udp 875 rquotad 100011 1 tcp 875 rquotad 100011 2 tcp 875 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100003 4 udp 2049 nfs 100021 1 udp 32769 nlockmgr 100021 3 udp 32769 nlockmgr 100021 4 udp 32769 nlockmgr 100021 1 tcp 32803 nlockmgr 100021 3 tcp 32803 nlockmgr 100021 4 tcp 32803 nlockmgr 100003 2 tcp 2049 nfs 100003 3 tcp 2049 nfs 100003 4 tcp 2049 nfs 100005 1 udp 892 mountd 100005 1 tcp 892 mountd 100005 2 udp 892 mountd 100005 2 tcp 892 mountd 100005 3 udp 892 mountd 100005 3 tcp 892 mountd
And services are running:
[root@centos sysconfig]# service nfs status rpc.mountd (pid 6321) is running... nfsd (pid 6318 6317 6316 6315 6314 6313 6312 6311) is running... rpc.rquotad (pid 6306) is running... [root@centos sysconfig]# service nfslock status rpc.statd (pid 6248) is running... [root@centos sysconfig]# service portmap status portmap (pid 6210) is running...
And firewall is open both ways:
[root@centos sysconfig]# iptables -n -L | grep -E '(2049|111|32759|32803|662|875|892)' ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:875 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:662 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:32803 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:662 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:892 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:875 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:875
I am about to mount via NFS3, so that part I know works.
Is there a known problem with NFS4 on Centos (or Red Hat) 5? Or am I missing something someplace?
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?) _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, May 30, 2011 at 10:53 PM, RILINDO FOSTER rilindo@me.com wrote:
On May 30, 2011, at 10:29 PM, Tom H wrote:
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?)
I can try to play around with the idmapd.conf and set the fsid=0 option. What bugs me, though, is that neither option is enabled on the SL6/RHES6 server and I am able to mount via nfs4:
I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6.
It is actually commented out in SL6.
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
On Mon, May 30, 2011 at 10:53 PM, RILINDO FOSTER rilindo@me.com wrote:
On May 30, 2011, at 10:29 PM, Tom H wrote:
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?)
I can try to play around with the idmapd.conf and set the fsid=0 option. What bugs me, though, is that neither option is enabled on the SL6/RHES6 server and I am able to mount via nfs4:
I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Thu, 2011-06-02 at 14:01 -0400, RILINDO FOSTER wrote:
It is actually commented out in SL6.
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
On Mon, May 30, 2011 at 10:53 PM, RILINDO FOSTER rilindo@me.com wrote:
On May 30, 2011, at 10:29 PM, Tom H wrote:
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?)
Can you please show your /etc/exports? I remember that in Fedora some changes were made which probably included in RHEL6 as well that made fsid superfluous. Here is mine in case it helps you: /export gss/krb5(fsid=0,sync,insecure,no_subtree_check,no_root_squash) /export/home1 gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash) /export/home2 gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash)
Louis
Here you go. Nothing too fancy:
[root@centos ~]# cat /etc/exports /home *(ro,sync) /opt/company_data *(rw,sync)
On Jun 2, 2011, at 2:07 PM, Louis Lagendijk wrote:
On Thu, 2011-06-02 at 14:01 -0400, RILINDO FOSTER wrote:
It is actually commented out in SL6.
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
On Mon, May 30, 2011 at 10:53 PM, RILINDO FOSTER rilindo@me.com wrote:
On May 30, 2011, at 10:29 PM, Tom H wrote:
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?)
Can you please show your /etc/exports? I remember that in Fedora some changes were made which probably included in RHEL6 as well that made fsid superfluous. Here is mine in case it helps you: /export gss/krb5(fsid=0,sync,insecure,no_subtree_check,no_root_squash) /export/home1 gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash) /export/home2 gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash)
Louis
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Okay, it took a few minutes, but I figure it out. Seems that Scientific Linux eems to regress a bit in this area.
With Centos, you need to bind like so:
/home/share /exports/share none bind 0 0 /home/vhosts /exports/vhosts none bind 0 0
And then specify the options (including fsid0):
in /etc/exports
/exports *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/vhosts *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/share *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) [root@centos home]#
In order for clients to mount via NFS4 (with all the usual stuff about specifying in the ports in /etc/sysconfig/nfs) in thisfmat :
mount -t nfs4 192.168.15.200:/ /mnt
Which is apparently the correct way of mount via NFS
HOWEVER, in Scientific Linux, you can get way with a) not binding the directories and b) go back to this format:
/home/exports *(ro,sync) /opt *(ro,sync)
And still be able to mount:
mount -t nfs4 192.168.15.100:/opt /mnt
I have to double check the mounts to confirm that I am mount via NFS4.
Centos box (mounting SL box via NFS4):
192.168.15.100:/opt /mnt nfs4 rw,addr=192.168.15.100 0
SL Box (mounting Centos box via NFS4):
192.168.15.200:/ /mnt nfs4 rw,addr=192.168.15.200,clientaddr=192.168.15.100 0 0
Huh.
Thanks a lot for the pointers, guys. It has been interesting. :)
On Jun 2, 2011, at 8:50 PM, RILINDO FOSTER wrote:
Here you go. Nothing too fancy:
[root@centos ~]# cat /etc/exports /home *(ro,sync) /opt/company_data *(rw,sync)
On Jun 2, 2011, at 2:07 PM, Louis Lagendijk wrote:
On Thu, 2011-06-02 at 14:01 -0400, RILINDO FOSTER wrote:
It is actually commented out in SL6.
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
On Mon, May 30, 2011 at 10:53 PM, RILINDO FOSTER rilindo@me.com wrote:
On May 30, 2011, at 10:29 PM, Tom H wrote:
Are the values of "Domain" in "/etc/idmapd.conf" the same on the client and the server?
FYI: For nfsv4, there's no need to have any ports other than 111 and 2049.
(Are you using "fsid=0" as an option?)
Can you please show your /etc/exports? I remember that in Fedora some changes were made which probably included in RHEL6 as well that made fsid superfluous. Here is mine in case it helps you: /export gss/krb5(fsid=0,sync,insecure,no_subtree_check,no_root_squash) /export/home1 gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash) /export/home2 gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash)
Louis
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RILINDO FOSTER wrote:
Okay, it took a few minutes, but I figure it out. Seems that Scientific Linux eems to regress a bit in this area.
With Centos, you need to bind like so:
/home/share /exports/share none bind 0 0 /home/vhosts /exports/vhosts none bind 0 0
And then specify the options (including fsid0):
in /etc/exports
/exports *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/vhosts *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/share *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) [root@centos home]#
In order for clients to mount via NFS4 (with all the usual stuff about specifying in the ports in /etc/sysconfig/nfs) in thisfmat :
mount -t nfs4 192.168.15.200:/ /mnt
Which is apparently the correct way of mount via NFS
HOWEVER, in Scientific Linux, you can get way with a) not binding the directories and b) go back to this format:
/home/exports *(ro,sync) /opt *(ro,sync)
And still be able to mount:
mount -t nfs4 192.168.15.100:/opt /mnt
I have to double check the mounts to confirm that I am mount via NFS4.
Centos box (mounting SL box via NFS4):
192.168.15.100:/opt /mnt nfs4 rw,addr=192.168.15.100 0
SL Box (mounting Centos box via NFS4):
192.168.15.200:/ /mnt nfs4 rw,addr=192.168.15.200,clientaddr=192.168.15.100 0 0
Huh.
Thanks a lot for the pointers, guys. It has been interesting. :)
On Jun 2, 2011, at 8:50 PM, RILINDO FOSTER wrote:
Here you go. Nothing too fancy:
[root@centos ~]# cat /etc/exports /home *(ro,sync) /opt/company_data *(rw,sync)
If I am not mistaking, difference might be between 5.x and 6.x, not distro oriented. Not binding and having DNS/hostname issues is nice and is progress.
P.S. Please do not forget not to top post. Thanks.
Ljubomir
On Jun 4, 2011, at 4:27 AM, Ljubomir Ljubojevic wrote:
RILINDO FOSTER wrote:
Okay, it took a few minutes, but I figure it out. Seems that Scientific Linux eems to regress a bit in this area. SL Box (mounting Centos box via NFS4):
192.168.15.200:/ /mnt nfs4 rw,addr=192.168.15.200,clientaddr=192.168.15.100 0 0
Huh.
Thanks a lot for the pointers, guys. It has been interesting. :)
On Jun 2, 2011, at 8:50 PM, RILINDO FOSTER wrote:
Here you go. Nothing too fancy:
[root@centos ~]# cat /etc/exports /home *(ro,sync) /opt/company_data *(rw,sync)
If I am not mistaking, difference might be between 5.x and 6.x, not distro oriented. Not binding and having DNS/hostname issues is nice and is progress.
If I understand this correctly, the steps required to mount a NFS4 export is supposed to include binding the directories, right? In that case, SL 6.x (and maybe Red Hat 6.x) is breaking convention here. Make it easier for old-school admins like me, though. :)
- Rilindo
On Fri, 2011-06-03 at 23:49 -0400, RILINDO FOSTER wrote:
Okay, it took a few minutes, but I figure it out. Seems that Scientific Linux eems to regress a bit in this area.
With Centos, you need to bind like so:
/home/share /exports/share none bind 0 0 /home/vhosts /exports/vhosts none bind 0 0
And then specify the options (including fsid0):
in /etc/exports
/exports *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/vhosts *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/share *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) [root@centos home]#
This is not right AFAIK, fsid should be specified ONLY on the export root. Search for fsid in "man expports" Louis
On Jun 4, 2011, at 7:52 AM, Louis Lagendijk wrote:
On Fri, 2011-06-03 at 23:49 -0400, RILINDO FOSTER wrote:
Okay, it took a few minutes, but I figure it out. Seems that Scientific Linux eems to regress a bit in this area.
With Centos, you need to bind like so:
/home/share /exports/share none bind 0 0 /home/vhosts /exports/vhosts none bind 0 0
And then specify the options (including fsid0):
in /etc/exports
/exports *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/vhosts *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/share *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) [root@centos home]#
This is not right AFAIK, fsid should be specified ONLY on the export root. Search for fsid in "man expports" Louis
Ah, okay. I was going based on this:
http://www.brennan.id.au/19-Network_File_System.html#nfs4
but I didn't pay close attention to where fsid is only specified once fixed.
Thanks for that correction!
- Rilindo
On Thu, Jun 2, 2011 at 2:01 PM, RILINDO FOSTER rilindo@me.com wrote:
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6.
It is actually commented out in SL6.
There you go. Comment it out on CentOS and restart idmapd - and cross your fingers.
I did that. It didn't help. :(
On Jun 2, 2011, at 6:07 PM, Tom H wrote:
On Thu, Jun 2, 2011 at 2:01 PM, RILINDO FOSTER rilindo@me.com wrote:
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6.
It is actually commented out in SL6.
There you go. Comment it out on CentOS and restart idmapd - and cross your fingers. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RILINDO FOSTER wrote:
I did that. It didn't help. :(
On Jun 2, 2011, at 6:07 PM, Tom H wrote:
On Thu, Jun 2, 2011 at 2:01 PM, RILINDO FOSTER rilindo@me.com wrote:
On Jun 2, 2011, at 11:56 AM, Tom H wrote:
I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6.
It is actually commented out in SL6.
There you go. Comment it out on CentOS and restart idmapd - and cross your fingers.
As far as I know, that needs to be there. And hostname must be recognizable via DNS by NFS server. If NFS server can not verify your fqdn (hostname + domain from /etc/idmapd.conf) server will deny your requests. NFS via ssh is one of the options.
Here are my notes on NFS4 for CentOS:
NFS4 on CentOS 5.x:
SERVER SIDE:
• Create /nfs4exports with subfolders: extra and home. • In /etc/fstab put : /extra /nfs4exports/extra bind bind 0 0 /home /nfs4exports/home bind bind 0 0
• A u /etc/exports staviti: /nfs4exports A.B.C.D/255.255.255.W(rw,fsid=0,sync,no_root_squash,no_subtree_check) /nfs4exports/extra A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash) /nfs4exports/home A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash)
• In /etc/sysconfig/nfs put: LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 RPCNFSDARGS="-N 2 -N 3" MOUNTD_PORT=892 STATD_PORT=662 # Outgoing port statd should used. The default is port # is random STATD_OUTGOING_PORT=2020 # Specify callout program
Never remove root squashing, it lowers root to nfsnobody level. There is also an all_squash option.
/etc/idmapd.conf: [General]
Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = <domaninname, mydomain.com>
[Mapping]
Nobody-User = drlove73 Nobody-Group = drlove73
[Translation] Method = nsswitch
idmapd.conf must be the same on the client
CLIENT SIDE - autofs:
/etc/auto.<servername>: /autofsmounts/<servername> /etc/auto.<servername> --timeout=10
/etc/auto.<servername>: extra -fstype=nfs4,rw,proto=tcp <server IP or fqdn>:/extra home -fstype=nfs4,rw,proto=tcp <server IP or fqdn>:/home
/etc/idmapd.conf: [General]
Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = <domaninname, mydomain.com>
[Mapping]
Nobody-User = drlove73 Nobody-Group = drlove73
[Translation] Method = nsswitch
Create /autofsmounts/vmaster
test : showmount -e <ipaddress or fqdn>
Create /vmaster and, once they show, create inside symlinks from : /autofsmounts/vmaster/extra /autofsmounts/vmaster/home
Ljubomir
-
Ljubomir Ljubojevic -
Louis Lagendijk -
RILINDO FOSTER -
Tom H