This shows you the differences between two versions of the page.
linux:arch_home_directories [2014/09/23 01:23] walter [Moving /var/lib/nfs to tempfs] |
linux:arch_home_directories [2021/05/02 21:36] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Client Config ====== | ||
- | ===== Packages ===== | ||
- | |||
- | Install Required Packages | ||
- | <code> | ||
- | pacman -S rpcbind nfs-utils nfsidmap ntp | ||
- | </code> | ||
- | |||
- | ===== Configs ===== | ||
- | |||
- | Change the lines in these files to the values defined. | ||
- | |||
- | |||
- | <file|/etc/idmapd.conf> | ||
- | Domain = acm.cs | ||
- | </file> | ||
- | <file|/etc/conf.d/nfs-common> | ||
- | NEED_IDMAPD="yes" | ||
- | </file> | ||
- | <file|/etc/fstab> | ||
- | 172.29.0.6:/nfs-dir /mount-point nfs4 rw,hard,intr 0 0 | ||
- | </file> | ||
- | <file|/etc/ntp.conf> | ||
- | # The NFS Server | ||
- | server 172.29.0.6 iburst | ||
- | |||
- | # Only allow read-only access from localhost | ||
- | restrict default ignore | ||
- | restrict 127.0.0.1 | ||
- | restrict 172.29.0.6 mask 255.255.255.255 | ||
- | </file> | ||
- | |||
- | |||
- | ===== Daemons ===== | ||
- | |||
- | Two daemons need to be started after networking in order to mount NFS directories and one to keep things working right | ||
- | * rpcbind | ||
- | * nfs-common | ||
- | * nptd | ||
- | |||
- | Start rpcbind then nfs-common, then you will be able to mount the nfs directories, add these entries to rc.conf in the daemons array after the network/net-profiles entries. | ||
- | |||
- | ====== Server Config ====== | ||
- | |||
- | Mozart is currently the NFS file server and is only accessible to members of the ACM LAN Admins group. | ||
- | |||
- | Exported directories are located in /export, this is the NFS root | ||
- | ===== Packages ===== | ||
- | |||
- | Install Required Packages | ||
- | <code> | ||
- | pacman -S rpcbind nfs-utils nfsidmap | ||
- | </code> | ||
- | |||
- | ===== Configs ===== | ||
- | |||
- | Change the lines in these files to the values defined. | ||
- | |||
- | <file|/etc/idmapd.conf> | ||
- | Domain = acm.cs | ||
- | </file> | ||
- | <file|/etc/conf.d/nfs-common> | ||
- | NEED_IDMAPD="yes" | ||
- | </file> | ||
- | The number of nfsd threads in increased from the default to improve preformance. | ||
- | <file|/etc/conf.d/nfs-server> | ||
- | # Number of servers to start up; the default is 8 servers. | ||
- | NFSD_COUNT="32" | ||
- | </file> | ||
- | Configure the NTP server to sync against the US NTP pool and make sure that clients on the LAN have access | ||
- | <file|/etc/ntp.conf> | ||
- | server 0.us.pool.ntp.org iburst | ||
- | server 1.us.pool.ntp.org iburst | ||
- | server 2.us.pool.ntp.org iburst | ||
- | server 3.us.pool.ntp.org iburst | ||
- | #This next part will make it sync the time from the internal clock if it can't get out to the internet | ||
- | #The time may be wrong, but clients on the LAN will still be sync'd with the server preventing shews with NFS served files | ||
- | server 127.127.1.0 | ||
- | fudge 127.127.1.0 stratum 10 | ||
- | |||
- | # you should not need to modify the following paths | ||
- | driftfile /var/lib/ntp/ntp.drift | ||
- | logfile /var/log/ntp.log | ||
- | |||
- | # If you want to deny all machines (including your own) | ||
- | # from accessing the NTP server, uncomment: | ||
- | restrict default nomodify nopeer notrap noquery | ||
- | |||
- | |||
- | # To deny other machines from changing the | ||
- | # configuration but allow localhost: | ||
- | #restrict default nomodify nopeer | ||
- | restrict 127.0.0.1 | ||
- | |||
- | restrict 0.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery | ||
- | restrict 1.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery | ||
- | restrict 2.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery | ||
- | restrict 3.us.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery | ||
- | |||
- | # To allow machines within your network to synchronize | ||
- | # their clocks with your server, but ensure they are | ||
- | # not allowed to configure the server or used as peers | ||
- | # to synchronize against, uncomment this line. | ||
- | # | ||
- | restrict 172.29.0.0 mask 255.255.255.0 nomodify notrap | ||
- | </file> | ||
- | |||
- | And finally this file controls the exporting of directories, and should have entries like these. | ||
- | To prevent issues with wildcards or IP ranges, each client has a separete config | ||
- | <file|/etc/exports> | ||
- | /export 172.29.0.0/24(rw,fsid=0,no_subtree_check,async,no_root_squash) | ||
- | /export/path-to-acm-home-dirs 172.29.0.2(rw,no_subtree_check,async,nohide,no_root_squash) | ||
- | /export/skel 172.29.0.2(ro,no_subtree_check,async,nohide,no_root_squash) | ||
- | </file> | ||
- | |||
- | ===== Daemons ===== | ||
- | |||
- | Three daemons need to be started after networking in order to serve NFS directories and one to keep things working right | ||
- | * rpcbind.service | ||
- | * nfs-client.target | ||
- | * nfs-server.service | ||
- | * nptd.service | ||
- | |||
- | Start rpcbind, then nfs-common, and then nfs-server, then you will be able to mount the nfs directories, add these entries to rc.conf in the daemons array after the network/net-profiles entries. | ||
- | |||
- | Enable the appropriate daemons via the systemd systemctl command | ||
- | |||
- | ===== Moving /var/lib/nfs to tempfs ===== | ||
- | |||
- | To increase server preformance and reduce the number of lockups on the NFS clients, especially since many are workstations, /var/lib/nfs, the home pf the nfsd rpcpipefs, to a tempfs directory aka to memory rather than disk. Add this daemon to the daemons line of rc.conf **BEFORE** nfs-common and nfs-server. | ||
- | |||
- | Add this line to the fstab | ||
- | <file| /etc/fstab> | ||
- | none /var/lib/nfs tmpfs defaults,mode=0755 0 0 | ||
- | </file> | ||
- | |||
- | Copy /var/lib/nfs to a separate directory called /var/lib/nfs.d then add these files to setup the systemd service. | ||
- | |||
- | <file|/etc/systemd/system/nfsvartemp.service> | ||
- | |||
- | [Unit] | ||
- | Description=NFS Tempfs Setup | ||
- | Before=nfsd.service | ||
- | |||
- | [Service] | ||
- | Type=oneshot | ||
- | ExecStart=/usr/local/sbin/nfsvartemp | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | |||
- | </file> | ||
- | |||
- | <file|/usr/local/sbin/nfsvartemp> | ||
- | #!/bin/bash | ||
- | cp -R /var/lib/nfs.d/* /var/lib/nfs | ||
- | </file> | ||
- | |||
- | Lastly | ||
- | <code> | ||
- | systemctl enable nfsvartemp.service | ||
- | </code> |