This is an old revision of the document!
Table of Contents
Network debug
Network stats
Statistics on ethernet adapter, crc error count must be 0
[root@tsm01 ~]# ethtool -S ens1f0 NIC statistics: rx_packets: 242322916 tx_packets: 263012523 rx_bytes: 351060937283 tx_bytes: 377174314358 rx_pkts_nic: 242322916 tx_pkts_nic: 263012523 rx_bytes_nic: 352030228947 tx_bytes_nic: 378238836900 lsc_int: 3 tx_busy: 0 non_eop_descs: 0 rx_errors: 0 tx_errors: 0 rx_dropped: 0 tx_dropped: 0 multicast: 36186 broadcast: 239320 rx_no_buffer_count: 0 collisions: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0
NFS v4 on linux
Setup for server NFS V4
[root@lnx01 ~]# yum install nfs-utils [root@lnx01 ~]# firewall-cmd --zone=public --add-service=nfs --permanent [root@lnx01 ~]# systemctl reload firewalld [root@lnx01 ~]# cat /etc/exports /data 190.168.1.0/24(rw,no_subtree_check,no_root_squash) [root@lnx01 ~]# systemctl start rpcbind nfs-server [root@lnx01 ~]# systemctl enable rpcbind nfs-server
When the NFS service starts, he do a exportfs command which validate the content of /etc/exports, and put it into /var/lib/nfs/etab
# cat /var/lib/nfs/etab /data 190.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,secure,no_root_squash,no_all_squash)
On the client NFSv4
[root@lnx01 ~]# yum install nfs-utils [root@lnx02 ~]# systemctl start rpcbind [root@lnx02 ~]# systemctl enable rpcbind [root@lnx02 ~]# mount -t nfs -o vers=4 lnx01:/data /mnt [root@lnx02 ~]# cat /etc/fstab ..... lnx01:/data /mnt nfs vers=4,proto=tcp,soft 0 0
Note
For NFSv3 you need additionnal steps
https://computingforgeeks.com/configure-nfsv3-and-nfsv4-on-centos-7/
NFSv4 idmapping
In NFSv4 the concept is user@domainname, if there is no centralized usermapping, then the user will be mapped to the default user nobody or whatever user has been configured in /etc/idmapd.conf.
# cat /etc/idmapd.conf [General] Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = mydomain.com [Mapping] Nobody-User = nfsnobody Nobody-Group = nfsnobody [Translation] Method = nsswitch
Clean the idmapd cache
# nfsidmap -v -c nfsidmap: '.id_resolver' cleared
List cache user mapping
# nfsidmap -l 2 .id_resolver keys found gid:root@mydomain.com uid:root@mydomain.com
Or # grep id_resolv /proc/keys
NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares. If the domains of the client server and parent server do not match then the permissions are mapped to nobody:nobody.
By default, RHEL6.3 and newer NFS clients and servers disable idmapping when utilizing the AUTH_SYS/UNIX authentication flavor by enabling the following boolean statements:
NFS client server
# echo 'Y' > /sys/module/nfs/parameters/nfs4_disable_idmapping
NFS parent server
# echo 'Y' > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Debugging/verbosity can be enabled by editing /etc/sysconfig/nfs:
# vi /etc/sysconfig/nfs RPCIDMAPDARGS="-vvv"
