Table of Contents
Network debug
Network stats
Statistics on ethernet adapter, crc error count must be 0
[root@tsm01 ~]# ethtool -S ens1f0 NIC statistics: rx_packets: 242322916 tx_packets: 263012523 rx_bytes: 351060937283 tx_bytes: 377174314358 rx_pkts_nic: 242322916 tx_pkts_nic: 263012523 rx_bytes_nic: 352030228947 tx_bytes_nic: 378238836900 lsc_int: 3 tx_busy: 0 non_eop_descs: 0 rx_errors: 0 tx_errors: 0 rx_dropped: 0 tx_dropped: 0 multicast: 36186 broadcast: 239320 rx_no_buffer_count: 0 collisions: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0
NFS v4 on linux
Setup for server NFS V4
[root@lnx01 ~]# yum install nfs-utils [root@lnx01 ~]# firewall-cmd --zone=public --add-service=nfs --permanent [root@lnx01 ~]# systemctl reload firewalld [root@lnx01 ~]# cat /etc/exports /data 190.168.1.0/24(rw,no_subtree_check,no_root_squash) [root@lnx01 ~]# systemctl start rpcbind nfs-server [root@lnx01 ~]# systemctl enable rpcbind nfs-server
When the NFS service starts, he do a exportfs command which validate the content of /etc/exports, and put it into /var/lib/nfs/etab
# cat /var/lib/nfs/etab /data 190.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,secure,no_root_squash,no_all_squash)
Setup for server NFS V4 Spectrum Scale
[root@gpfs01 ~]# mmnfs config list ... Idmapd Configuration ========================== LOCAL-REALMS: localdomain DOMAIN: localdomain ==========================
On the client NFSv4
[root@lnx01 ~]# yum install nfs-utils [root@lnx02 ~]# systemctl start rpcbind [root@lnx02 ~]# systemctl enable rpcbind [root@lnx02 ~]# mount -t nfs -o vers=4 lnx01:/data /mnt [root@lnx02 ~]# cat /etc/fstab ..... lnx01:/data /mnt nfs vers=4,proto=tcp,soft 0 0
Note
For NFSv3 you need additionnal steps
Setting Up The Client With NFSv4, all of the shares are located under one main export. Therefore, the client only needs a single mount point. We now need to create the mount point for our connection. For this Trail, we'll use the name of the NFS server as the mount point name.
The client mount configuration is set in the /etc/fstab file. Although all of the exports on the server are located under “/exports”, the configuration needs to specify the root connection of “nfs1:/” and not “nfs1:/exports”. Using the “/” (root) mount instructs the client to connect to the root share which was earlier configured on the server with the “fsid=0” option. Note that we are using the “sec=krb5p” option, to mount using Kerberos credentials.
[DIRxSRVx10:root@client ~]# mkdir /mnt/nfs1 [DIRxSRVx10:root@client ~]# vi /etc/fstab nfs1:/ /mnt/nfs1 nfs4 sec=krb5p,auto,rw,nodev,sync,_netdev,proto=tcp,retry=10,rsize=32768,wsize=32768,hard,intr 0 0
Now that the connection is configured on the client, the mount can be established with the following command.
[DIRxSRVx10:root@client ~]# mount /mnt/nfs1
The share can also be mounted on the command-line. Note that we are providing the “-o sec=krb5p” option, to mount using Kerberos credentials.
[DIRxSRVx10:root@client ~]# mount -t nfs4 nfs1:/ /mnt/nfs1 -o sec=krb5p,async,auto,exec,_netdev,nodev,rw,retry=5,rsize=32768,wsize=32768,proto=tcp,hard,intr A listing of the mounted share shows whether the connection was successful. [DIRxSRVx10:root@client ~]# mount -l nfs1:/ on /mnt/nfs1 type nfs4 (rw,addr=10.0.0.2)
https://computingforgeeks.com/configure-nfsv3-and-nfsv4-on-centos-7/
NFSv4 idmapping
In NFSv4 the concept is user@domainname, if there is no centralized usermapping, then the user will be mapped to the default user nobody or whatever user has been configured in /etc/idmapd.conf.
# cat /etc/idmapd.conf [General] Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = mydomain.com [Mapping] Nobody-User = nfsnobody Nobody-Group = nfsnobody [Translation] Method = nsswitch
Or map local user with NFS server
[Translation] Method = static [Static] test@nfsserver.example.com = testmf test@192.168.0.1 = testmf test@nfsserver = testmf
Clean the idmapd cache
# nfsidmap -v -c nfsidmap: '.id_resolver' cleared
List cache user mapping
# nfsidmap -l 2 .id_resolver keys found gid:root@mydomain.com uid:root@mydomain.com
Or # grep id_resolv /proc/keys
NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares. If the domains of the client server and parent server do not match then the permissions are mapped to nobody:nobody.
By default, RHEL6.3 and newer NFS clients and servers disable idmapping when utilizing the AUTH_SYS/UNIX authentication flavor by enabling the following boolean statements:
NFS client server
# echo 'Y' > /sys/module/nfs/parameters/nfs4_disable_idmapping
Persistent (redhat)
# cat /etc/sysconfig/nfs NEED_IDMAPD=yes
Or
# cat /etc/modprobe.d/nfsd.conf options nfsd nfs4_disable_idmapping=Y
NFS parent server
# echo 'Y' > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Debugging/verbosity can be enabled by editing /etc/sysconfig/nfs:
# vi /etc/sysconfig/nfs RPCIDMAPDARGS="-vvv"
On recent kernels, only the server uses rpc.idmapd (documented in man rpc.idmapd). When using idmap, the user names are transmitted in user@domain format. Unless a domain name is configured in /etc/idmapd.conf, idmapd uses the system's DNS domain name. For idmap to map the users correctly, the domain name needs to be same on the client and on the server.
# UID/GID mapping for local users
idmap config * : backend = tdb idmap config * : range = 3000-7999
https://serverfault.com/questions/535809/nfsv4-with-idmap
https://serverfault.com/questions/915119/nfsv4-mapping-uid-and-gid-on-debian-stretch
