This is an old revision of the document!
Table of Contents
Network debug
Network stats
Statistics on ethernet adapter, crc error count must be 0
[root@tsm01 ~]# ethtool -S ens1f0 NIC statistics: rx_packets: 242322916 tx_packets: 263012523 rx_bytes: 351060937283 tx_bytes: 377174314358 rx_pkts_nic: 242322916 tx_pkts_nic: 263012523 rx_bytes_nic: 352030228947 tx_bytes_nic: 378238836900 lsc_int: 3 tx_busy: 0 non_eop_descs: 0 rx_errors: 0 tx_errors: 0 rx_dropped: 0 tx_dropped: 0 multicast: 36186 broadcast: 239320 rx_no_buffer_count: 0 collisions: 0 rx_over_errors: 0 rx_crc_errors: 0 rx_frame_errors: 0
NFS v4 on linux
Setup for server NFS V4
[root@lnx01 ~]# yum install nfs-utils [root@lnx01 ~]# firewall-cmd --zone=public --add-service=nfs --permanent [root@lnx01 ~]# systemctl reload firewalld [root@lnx01 ~]# cat /etc/exports /data 190.168.1.0/24(rw,no_subtree_check,no_root_squash) [root@lnx01 ~]# systemctl start rpcbind nfs-server [root@lnx01 ~]# systemctl enable rpcbind nfs-server
When the NFS service starts, he do a exportfs command which validate the content of /etc/exports, and put it into /var/lib/nfs/etab
# cat /var/lib/nfs/etab /data 190.168.1.0/24(rw,sync,wdelay,hide,nocrossmnt,secure,no_root_squash,no_all_squash,no_subtree_check,secure_locks,acl,no_pnfs,anonuid=65534,anongid=65534,sec=sys,secure,no_root_squash,no_all_squash)
Setup for server NFS V4 Spectrum Scale
[root@gpfs01 ~]# mmnfs config list ... Idmapd Configuration ========================== LOCAL-REALMS: localdomain DOMAIN: localdomain ==========================
On the client NFSv4
[root@lnx01 ~]# yum install nfs-utils [root@lnx02 ~]# systemctl start rpcbind [root@lnx02 ~]# systemctl enable rpcbind [root@lnx02 ~]# mount -t nfs -o vers=4 lnx01:/data /mnt [root@lnx02 ~]# cat /etc/fstab ..... lnx01:/data /mnt nfs vers=4,proto=tcp,soft 0 0
Note
For NFSv3 you need additionnal steps
https://computingforgeeks.com/configure-nfsv3-and-nfsv4-on-centos-7/
NFSv4 idmapping
In NFSv4 the concept is user@domainname, if there is no centralized usermapping, then the user will be mapped to the default user nobody or whatever user has been configured in /etc/idmapd.conf.
# cat /etc/idmapd.conf [General] Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = mydomain.com [Mapping] Nobody-User = nfsnobody Nobody-Group = nfsnobody [Translation] Method = nsswitch
Or map local user with NFS server
[Translation] Method = static [Static] test@nfsserver.example.com = testmf test@192.168.0.1 = testmf test@nfsserver = testmf
Clean the idmapd cache
# nfsidmap -v -c nfsidmap: '.id_resolver' cleared
List cache user mapping
# nfsidmap -l 2 .id_resolver keys found gid:root@mydomain.com uid:root@mydomain.com
Or # grep id_resolv /proc/keys
NFSv4 utilizes ID mapping to ensure permissions are set properly on exported shares. If the domains of the client server and parent server do not match then the permissions are mapped to nobody:nobody.
By default, RHEL6.3 and newer NFS clients and servers disable idmapping when utilizing the AUTH_SYS/UNIX authentication flavor by enabling the following boolean statements:
NFS client server
# echo 'Y' > /sys/module/nfs/parameters/nfs4_disable_idmapping
Persistent (redhat)
# cat /etc/sysconfig/nfs NEED_IDMAPD=yes
Or
# cat /etc/modprobe.d/nfsd.conf options nfsd nfs4_disable_idmapping=Y
NFS parent server
# echo 'Y' > /sys/module/nfsd/parameters/nfs4_disable_idmapping
Debugging/verbosity can be enabled by editing /etc/sysconfig/nfs:
# vi /etc/sysconfig/nfs RPCIDMAPDARGS="-vvv"
On recent kernels, only the server uses rpc.idmapd (documented in man rpc.idmapd). When using idmap, the user names are transmitted in user@domain format. Unless a domain name is configured in /etc/idmapd.conf, idmapd uses the system's DNS domain name. For idmap to map the users correctly, the domain name needs to be same on the client and on the server.
# UID/GID mapping for local users
idmap config * : backend = tdb idmap config * : range = 3000-7999
