NFS/Kerberos: Difference between revisions
(→ZFS) |
(→ZFS) |
||
Line 29: | Line 29: | ||
To move/rename a user directory: |
To move/rename a user directory: |
||
zfs rename users/$USER_OLD users/$USER_NEW |
zfs rename users/$USER_OLD users/$USER_NEW |
||
== NFS (server-side) == |
|||
To export over NFS using host-based access-control: |
|||
zfs set sharenfs="sec=sys,rw=$ACCESS_LIST,nosuid" users |
|||
where ACCESS_LIST may be as a colon-separated list of any of the following: |
|||
* hostname (e.g. glucose-fructose.csclub.uwaterloo.ca) |
|||
* netgroup (e.g. in LDAP) |
|||
* domain name suffix (e.g. .csclub.uwaterloo.ca) |
|||
* network (e.g. @129.97.134.0/24) |
|||
A minus sign (-) may prefix one of the above to indicate that access is to be denied. 'man share_nfs' has full details. |
|||
== NFS (client-side) == |
|||
You should install the autofs package. Then edit /etc/auto.master and append the following: |
|||
/users /etc/auto.users |
|||
Create /etc/auto.users with content: |
|||
* -fstype=nfs4,soft,intr,nosuid,nodev disk:/users/& |
|||
== Quota == |
== Quota == |
Revision as of 19:28, 9 March 2008
Our user-data is stored in /export/users on artificial-flavours in a RAID 1 software array running on two 400 GB SATA disks. We export /users via NFSv3 and NFSv4. All of our systems NFSv3 mount /users.
We are now planning to run Solaris 10 as the disk server's operating system, with ZFS as the file system, and exporting via NFSv4. See Solaris 10 for current information.
We have also explored additional methods for replicating user-data, including AFS, Coda, and DRBD, but have found all to be unusable or problematic.
NFS
NFSv3 has been in long standing use by the CSC as well as almost everyone else on the planet. NFSv4 mounts of /users are currently in the works to CSCF. Unfortunately NFS has a number of problems. Clients become desperately unhappy when disconnected from the NFS server. Also previous to NFSv4 there was no way to client side cache, resulting in poor performance with large files.
On November 8, 2007, we experienced a major NFS failure. An analysis of the logs indicated that the fault was likely caused by NFSv4-specific code. As a result, we have returned to mounting with NFSv3.
There is a patch and utility to get/set NFSv4 ACL's here.
ZFS
We plan to use ZFS in mirror mode.
Overview
Each user directory is stored in a separate zfs file system.
To create a user directory:
zfs create users/$USER
To delete a user directory:
zfs destroy users/$USER
To move/rename a user directory:
zfs rename users/$USER_OLD users/$USER_NEW
NFS (server-side)
To export over NFS using host-based access-control:
zfs set sharenfs="sec=sys,rw=$ACCESS_LIST,nosuid" users
where ACCESS_LIST may be as a colon-separated list of any of the following:
- hostname (e.g. glucose-fructose.csclub.uwaterloo.ca)
- netgroup (e.g. in LDAP)
- domain name suffix (e.g. .csclub.uwaterloo.ca)
- network (e.g. @129.97.134.0/24)
A minus sign (-) may prefix one of the above to indicate that access is to be denied. 'man share_nfs' has full details.
NFS (client-side)
You should install the autofs package. Then edit /etc/auto.master and append the following:
/users /etc/auto.users
Create /etc/auto.users with content:
* -fstype=nfs4,soft,intr,nosuid,nodev disk:/users/&
Quota
To query quota:
zfs get quota users/$USER
To set quota:
zfs set quota=$SIZE users/$USER
where $SIZE could be 2.5G, 100M, etc...
To set no quota:
zfs set quota=none users/$USER
Snapshots
Snapshots can be accessed from /users/$USER/.zfs/snapshot/.
To create a snapshot:
zfs create users/$USER@$SNAPSHOT
To delete a snapshot:
zfs destroy users/$USER@$SNAPSHOT
To rename a snapshot:
zfs rename users/$USER@$SNAPSHOT_OLD users/$USER@$SNAPSHOT_NEW
To list snapshots:
zfs list -t snapshot -r users