NFS/Kerberos: Difference between revisions
m (corrected link to previous revision) |
m (remove extraneous ]) |
||
Line 11: | Line 11: | ||
= ZFS = |
= ZFS = |
||
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in [http://wiki.csclub.uwaterloo.ca/User-data?oldid=2331 a previous revision of this page |
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in [http://wiki.csclub.uwaterloo.ca/User-data?oldid=2331 a previous revision of this page]. |
||
The NFSv4 domain is auto-detected by default, although to be safe, you can explicitly set it in /etc/default/nfs: |
The NFSv4 domain is auto-detected by default, although to be safe, you can explicitly set it in /etc/default/nfs: |
Revision as of 19:30, 18 January 2010
Our user-data is stored in /users on ginseng in a RAID 1 mirror running on two 400 GB SATA disks. All of our systems NFS mount /users.
We have also explored additional methods for replicating user-data, including AFS, Coda, and DRBD, but have found all to be unusable or problematic.
NFS
NFSv3 has been in long standing use by the CSC as well as almost everyone else on the planet. NFSv4 mounts of /users are currently in the works to CSCF. Unfortunately NFS has a number of problems. Clients become desperately unhappy when disconnected from the NFS server. Also previous to NFSv4 there was no way to client side cache, resulting in poor performance with large files.
On November 8, 2007, we experienced a major NFS failure. An analysis of the logs indicated that the fault was likely caused by NFSv4-specific code. As a result, we have returned to mounting with NFSv3.
ZFS
On March 15, 2008, we transitioned to ZFS. This move has since been reversed; details are preserved in a previous revision of this page.
The NFSv4 domain is auto-detected by default, although to be safe, you can explicitly set it in /etc/default/nfs:
NFSMAPID_DOMAIN=csclub.uwaterloo.ca
Initial setup
This documents some important steps that needed to be done once.
You need to create an NFS Kerberos principal on caffeine:
sudo kadmin.local addprinc -randkey zfs/ginseng.csclub.uwaterloo.ca ktadd -e des-cbc-crc:normal -k /tmp/ginseng.nfs.keytab
You then need to merge that keytab (using ktutil) into /etc/krb5/krb5.keytab on ginseng.
NFS (client-side)
In order to support NFSv4 ACL's with getfacl/setfacl, you should apply the NFSv4 ACL patch. You can also compile the nfs4_getfacl/nfs4_setfacl utils.