AIX 5L Configuring TCP/IP (Unit 12) – Configuring NFS

NFS – Network File Systems (How to share data on a network)

Unit Objectives
———————–
Configure an NFS server
Configure an NFS client
Invoke a manual and predefined mount
Stop and start NFS

Prerequisite Conditions for Implementing NFS
——————————————————————
Install and configure TCP/IP
Install NFS
Decide which systems on the network will be NFS servers and/or NFS clients
Decide which directories will be made available to which hosts
Plan for special NFS security problems

Implementation Methods
————————————
NFS can be implemented using any of the following:
– SMIT configuration
– Command line
– Flat file configuration
– Combination of SMIT and flat file configuration
Only root can configure NFS

Configuring the Server
———————————–
Identify what to export
Start portmap and server daemons
Add NFS to system startup

Identify What to Export
———————————-
# smit mknfsexp (/etc/exports)
Add a Directory to Exports Lists

Note: When you give access to a directory by exporting it through NFS, then any directory and file below that directory is accessible.

The /etc/exports File
———————————-
# cat /etc/exports
/usr/games (by default all host can do a mount with read,write access)
/usr/man -ro (read-only)
/home/files -access=sys1,anon=-1 (only sys1 can do a mount, root can do anything)
/budgets -root=sys2:sys3, access=sys2:sys3:sys4, rw=sys2:sys3 (read mostly option – sys4 read-only, sys2,sys3 read-write, root access for sys2 and sys3

exportfs Command
—————————-
# exportfs (displays the /etc/xtab file contents)
# exportsfs -a (Reads /etc/exports, creates the /etc/xtab file the daemon reads)
/etc/rc.nfs (automatically runs exportfs at startup)

/etc/rc.nfs
—————-
# pg /etc/rc.nfs
See file

Starts the NFS daemons.

/etc/inittab
—————–
# mkitab “rcnfs:2:wait:/etc/rc.nfs > /dev/console 2>&1” # Start NFS Daemons at boot

Activating an NFS Server (at startup)
—————————————————–
System Powered On
cfgmgr – ODM /etc/objrepos/Config_Rules (/etc/rc.net…………)
runt-time init – /etc/inittab (rctcpip/etc/rc.tcpip, renfs/etc/rc.nfs)

Client Configuration Steps
—————————————-
Client Tasks to configure the system as an NFS Client are:
– Use the mkdir command to establish the local mount points
– Start the NFS client daemons
– Mount the desired directories

Create Local Mount Points
—————————————-
# mkdir dirname (ex. mkdir /home/mntpt)

Start NFS Client Daemons
—————————————–
# smit mknfs (could use startsrc command)

Start NFS
Enter field values
Start NFS now, on system restart of both

Manual Remote Mount
———————————–
# mount sys3:/home/files /home/mntpt
Client sys1 – /home/mntpt (NFS Client Mount Point)
Server sys3 – /home/files (NFS Server Exported Directory)

Manual cacheFS Mount (Client Side Only Function)
—————————————————————————
Server (Back File System)
Client (Cached File System)

Create the local cache
Mount the back file in the cache

cfsadmin Command
——————————–
# mkdir cachefs
# cfsadmin -c -o
(-c means create, -o paramenters or option follow)
Example:# cfsadmin -c /cachefs

# mount -V cachefs -o backfstype=nfs,cachedir=\/ remhost\
Example:
# mount -V cachefrs -o backfstype=nfs,\cachedir=/cachefs/cachedir sysY:/home/cachedir\/cachefs/cachedir (change this location, see note below)

Note: Make sure that the cachedir is not in the same mountpoint or else it will be stored back on the NFS server defeating the purpose of the cache on the client.

Why Do Manual Mounts?
—————————————
For occasional or unplanned mounts
For security or tight control of NFS file systems
For system administration purposes
If server is not available at system startup, mounts can be done manually when the server becomes available

Note: May want to have a script to do mounts after system startup to avoid stalling the startup procedure.

Predefined Mounts
—————————-
Predefined NFS mounts are:
– Mounts that are usually required for proper operation of a client
– Automatic at system startup
– Defined in /etc/filesystems
Multiple mounts can be invoked simultaneously

Creating Predefined Mounts
—————————————–
# smit mknfsmnt (could edit /etc/filesystems too)
Add a File System for Mounting
3 Required entries
PATHNAME of mount point
PATHNAME of remote directory
HOST where remote directory resides
Optional entries
see the smit screen

The /etc/filesystems File
————————————-
# cat /etc/filesystems

/home/fred/jobs:
dev = “/u/judy/jobs”
mount = true (mount at system restart)
vfs = nfs
nodename = sys2
option=soft, bg (soft=stop trying mount after so many re-tries, hard=continue to try mounting so production applications don’t fail, bg=background)

/home/mntpt:
….

Options Attributes
—————————
Option Default Function
————– ———– ——————————————————————————————
bg Mount attempted in background if first attempt fails
fg Yes All mount attempts done in foreground
soft Repeated RPC calls eventually timeout
hard Yes RPC calls try indefinitely until server responds
intr Allows KB interrupts to halt hard attempts
retry=# 1000 Set the number of times to try the mount
retrans=# 3 Number of times to repeat an RPC request before returning timeout error on soft mounts
timeo 7 Varies RPC timeout period in tenths of second
ro Mounts read-only
rw Yes Mounts read-write
ver= 3 Choose NFS protocol version 2 or 3
proto= TCP Choose transport protocol (TCP or UDP less overhead)
biod=n 4 Sets maximum number of threads

Predefined Mounts Invoked from Command Line
———————————————————————-
# mount /home/mntpt
/etc/filesystems
/home/mntpt:
dev = “/home/files”
nodename = sys3
vfs = nfs
mount = false

# mount -t budget (mounts all that have type “budget”)
/etc/filesystems
/report:
dev=”/home/finance”
nodename = sys2
vfs = nfs
type = budget
mount = false

/status:
dev = “/home/monthly”
nodename = sys4
vfs = nfs
type = budget
mount = false

Activating an NFS Client
—————————————-
1. System Powered On
ODM /etc/objrepos/Config_Rules /etc/rc.net
2. cfgmgr
3. runt-time init
/etc/inittab
/rctcpip /etc/rc.tcpip (portmap inetd)
rcnfs /etc.rc.nfs (start daemons biod, rpc.statd, rpc.lockd)
4. System Ready for login

Using SRC to Manage NFS Daemons
——————————————————-
SRC – System Resource Controller
Daemons and their subsystems
File Path Subsystem Name Group Name
—————————— ————————— ——————-
/usr/sbin/nfsd nfsd nfs
/usr/sbin/biod biod nfs
/usr/sbin/rpc.lockd rpc.lockd nfs
/usr/sbin/rpc.statd rpc.statd nfs
/usr/sbin/rpc.mountd rpc.mountd nfs
/usr/sbin/portmap portmap portmap (must have this daemon running)

lssrc -g nfs (display status of all NFS daemons)
stopsrc -g nfs (stop all NFS daemons)
startsrc -g nfs (start all NFS daemons on server)
Note: Because all NFS daemons don’t run on the client, it is better to start them individually.

Stopping and Starting NFS
——————————————
# mknfs (same command issued by smit)
Adds rcnfs entry to /etc/inittab
/etc/rc.nfs will be executed at next system restart
starts portmap

# rmnfs (same command issued by smit)
rcnfs entry is removed from /etc/inittab
stops all running nfs daemons

Unmounting Remote Mounts
——————————————
Note: Can use unmount or umount.
# umount allr (unmount all network mounts)
# umount /home/mntpt
# umount -n sys3 (unmount all mounts from NFS server sys3)
# umount -t budget (unmount all mounts with type “budget”)
# smit umount

Note: The File system must not be in use: (Make sure you are not in the file system
fuser /home/mntpt (displays all the processes that are using the file system)

Note: Be careful when killing process ids. You may end up with corrupted databases or files. Try to stop the applications or users normally first.

Unit Summary
———————
The TCP/IP portmap daemon must be active before NFS is started
NFS can be configured using SMIT, editing files, or a combination of both methods
The NFS server file /etc/exports makes file systems or directories available to NFS clients
NFS client mount point directories must exist before a remote mount can be executed
NFS can be stopped and stared using the rmnfs and mknfs commands

Exercise 11 – Configuring NFS
———————————————
Client sys2
Setup a user on both users (matching UID numbers)
smitty user

Add a User
User NAME: team2
Primary Group: system
Group SET: system
execute

Change Password
User Name: team2
Password: team2

grep team2 /etc/passwd
team2:!:206:0::/home/team2:/usr/bin/ksh (UID is 206)

Note: You want to make sure that when we create this user on the server that it also has a UID of 206.

Server sys3
smitty user

Add a User
User NAME: team2
Primary Group: system
Group SET: system
execute

Change Password
User Name: team2
Password: team2

grep team2 /etc/passwd
team2:!:206:0::/home/team2:/usr/bin/ksh (UID is 206)

Note: Make sure that this user on the server has a UID of 206.

Reset Passwords
su – team2
team2, team2
^D

pwd
/home/team2
mkdir sys3dir
chmod 777 sys3dir (give everyone permissions)
cd sys3dir
vi file3
This is a test file created on system3.
save
chmod 664 file3
exit (back to root)

smitty nfs
Network File System (NFS)
Add a Directory to Exports List
PATHNAME //home/team2/sys3dir
MODE to export directory: read-write
HOSTS & NETGROUPS allowed client access: sys2
execute (Starts the daemons)

mknfs
The portmap Subsystem is already active.
The biod Subsystem is already active
The nfsd Subsystem is already active
The rpc.mountd Subsystem is already active
The rpc.statd Subsystem has been started
The rpc.lockd Subsystem is alread active
Completed NFS services

lssrc -g nfs (displays active NFS daemons)
lssrc -s protmap (check portmap daemon)

Client sys2
whoami
root
cd /home
mkdir mntpt
chmod 777 mntpt (open permissions)
smitty nfs
Network File System (NFS)
Configure NFS for the system
Start NFS: both (starts the daemon if not running)
lssrc -g nfs (displays active NFS deamons)
nfsd inoperative (since not the server)
rpc.mountd inoperative (since not the server)

su – team2
mount sys3:/home/team2/sys3dir /home/mntpt
mount (display currently mount file systems)

cd /home/mntpt
ls -l (file3 is shown)
cat file3
This is a test file created on system3.

Check for write or update authority
vi file2
Created by team2 on sys2.
save
ls -l (file2 and file3 shown)

Try to do somehting as root
exit
cd /home/mntpt
ls -l
cat file3
vi fileroot
This is created by root.
save
ls-ld .

su – team2
cd /home/mntpt
cdmod 700 file2
ls -l
exit

cat file2
Cannot open file2 (root has no authorization)

Server sys3
smitty nfs
Network File system (NFS)
Change/Show Atrributes of an Exported Directory
F4 select /home/team2/sys3dir
HOSTS allowed root access: sys2 (give root access)
execute

Client sys2
umount /home/mntpt
error while unmounting sys3:/home/team2/sys3dir
The requested resource is busy.

pwd
/home/mntpt (we are in the directory)
fuser /home/mntpt (display the PID for the process in the /home/mntpt directory)
/home/mntpt: 20156c (process id)

Note: Since we are in the diretory, killing the process id would log us off.

cd
pwd
/
umount /home/mntpt
mount (no NFS listed now)

mount sys3:/home/team2/sys3dir /home/mntpt (remount it)
cd /home/mntpt
ls -l
cat file2 (now root has access)
vi newrootfile
This is created by root
save
ls -l (shows that root created the file)

Read mostly demonstration
Server sys3
smitty nfs
Network File System (NFS)
Change/Show attributes of exported directory
/home/team2/sys3dir
MODE to export directory: read-mostly
HOSTNAME list, if exported read-mostly:sys4
HOSTS & NETGROUPS allowed client access: sys2, sys98r, sys4
execute

Client sys2
su – team2
cd /home/mntpt
vi file2
add new line to the file
save (Error message: The file system has read permission only.)

ls -l (owner has permissions but the the mount limits the access)

Client sys4
mount sys3:/home/team2/sys3dir /home/mntpt
mount (check mount table)
su – team2
cd /home/mntpt
ls -l (
vi file2
add a line
save (sys4 has read-write access)

Server sys3
smitty nfs
Network File Ssytem
Change/Show Attributes of export directory
HOSTNAME list… : sys4, sys2
execute

Client sys2
mount
unmount /home/mntpt (error: The requested resource is busy)
cd (get out of the directory)
set -0 vi
unmount /home/mntpt (try umount again, fails again)
^D (exit
pwd
/home/mntpt (prior shell is in the /home/mntpt directory)
cd (get out of the directory)
su – team2
unmount /home/mntpt (works this time)
mount sys3:/home/team2/sys3dir /home/mntpt
cd /home/mntpt
ls -l
vi file2
add another line
save (It was successful)
cat file2 (displays file)

Predefine the information in the /etc/filesystem
cd
/umount (recall unmount command)
mount (check mount table)
smitty nfs
Network File System (NFS)
Add a File System for Mounting
PATHNAME of mount point: /home/mntpt
PATHNAME of remote directory: /home/team2/sys3dir
Host where remote directory resides: sys3
MOUNT new. add entry to /etc/filesystems or both: both
/etc/filesystems entry will mount the directory on system RESTART: yes
execute (updated /etc/filesystems and mounted immediately)

more /etc/filesystems
/home/mntpt (at end of file)
mount (display that it is mounted already)
cd /home/mtnpt
umount allr (unmount all remote mounts, fails)
cd (get out of the mount directory)
umount allr (try again, successful)
mount (display that it is not mounted)

Leave a Reply

Your email address will not be published. Required fields are marked *

*