[clug] NFSv4 "Invalid argument"
George at Clug
Clug at goproject.info
Mon Oct 13 20:55:34 MDT 2014
_Maybe after a few more weeks of working on NFS I will understand
it better._
_Below I attempt to answer to some of the questions that people asked
me; _
_I am using OpenFiler v2.99 as the NFS server, so I am limited as to
personally modifying the NFS server side._
http://www.vmwarebits.com/content/install-and-configure-openfiler-esxi-shared-storage-nfs-and-iscsi
Searching from the URLs that people indicated, I found the below
comment which describes why I am researching NFS. I
have built a Debian Wheezy kvm virt-manager hypervisor server and
wanted to mount the images from an NFS share
(OpenFiler) by "mount -t nfs -v
192.168.0.12:/mnt/vg2/vol1/san12_nfs_ds1/kvm-images/images
/var/lib/libvirt/images"
http://linux.dell.com/files/whitepapers/KVM_Virtualization_in_RHEL_6_Made_Easy_Part2.pdf
"Before I specified a domain on my servers, files created on the NFS
shares had ownership nobody.nobody, regardless of
what user created it (even root). This ownership issue was affecting
the creation of VM images on the NFS share, which
was fixed after I specified a domain in /etc/idmapd.conf. My VM images
now have ownership qemu.qemu, as it should be."
"If creating an NFSv4 share in a RHEL 6 server, be sure to edit
/etc/idmapd.conf and define a domain name on the NFS
server and the KVM hosts (NFS clients) in the [General] section
towards the top of the file. The domain name, which
can be the same as your DNS domain, should be the same on all servers:
[General]
...
Domain = yourdomain.com
For this change to take effect, restart the rpcidmapd service:
# service rpcidmapd restart"
=================================================================
http://rwmj.wordpress.com/2010/11/29/nfsv4-one-step-forward-three-steps-back/
As to your question, try to adopt the following configuration. This is
the content of /etc/idmapd.conf on both the
server and the clients:
=== /etc/idmapd.conf ===
[General]
Domain = example.org
[Mapping]
Nobody-User = nobody
Nobody-Group = nobody
[Translation]
Method = nsswitch
=== cut here ===
The key is to keep the value “Domain” in sync on the server and on
the clients. It is not a domain in the DNS sense,
it is what used to be called the “realm” in Kerberos IV. Well,
actually the whole idmapd configuration should be
consistent on the server and the clients.
You don’t have to have anything fancy in your /etc/nsswitch.conf,
the usual local-only configuration (mostly “files”)
is perfectly OK.
------------------------------------------------------------
Martin is right. It works just by setting up those lines. There is one
more thing you need to change is to start
idmapd service. By default is disabled in /etc/default/nfs-common file
Set
NEED_IDMAPD=yes
==================================================================
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/5.8_Technical_Notes/nfs-utils-lib.html
Enhancement
BZ#782153
Prior to this update, it was not possible to statically map usernames
to NFSv4 file systems. This update adds the
feature and the user can configure the static mapping in the
/etc/idmapd.conf file.
=======================================================================
https://help.ubuntu.com/community/SettingUpNFSHowTo
It's important that /export and /export/users have 777
permissions as we will be accessing the NFS share from the
client without LDAP/NIS authentication. This will not apply if using
authentication (see below). Now mount the real
users directory with:
# mount --bind /home/users /export/users
To save us from retyping this after every reboot we add the
following line to /etc/fstab
/home/users /export/users none bind 0 0
There are three configuration files that relate to an NFS server:
/etc/default/nfs-kernel-server, /etc/default/nfs-
common and /etc/exports.
The only important option in /etc/default/nfs-kernel-server for
now is NEED_SVCGSSD. It is set to "no" by default,
which is fine, because we are not activating NFSv4 security this time.
In order for the ID names to be automatically mapped, both the client
and server require the /etc/idmapd.conf file to
have the same contents with the correct domain names. Furthermore,
this file should have the following lines in the
Mapping section:
[Mapping]
Nobody-User = nobody
Nobody-Group = nogroup
However, the client may have different requirements for the
Nobody-User and Nobody-Group. For example on RedHat
variants, it's nfsnobody for both. cat /etc/passwd and cat /etc/group
should show the "nobody" accounts.
This way, server and client do not need the users to share same
UID/GUID
=========================================================================
http://debian-handbook.info/browse/stable/sect.nfs-file-server.html
Example 11.23. The /etc/default/nfs-common file
# Do you want to start the idmapd daemon? It is only needed for NFSv4.
NEED_IDMAPD=
More information about the linux
mailing list