4.8.9. HOWTO Configure NFS¶
This chapter describes multiple configurations of NFS including:
All implementations are based on pupmod-simp-nfs
and pupmod-simp-simp
.
4.8.9.1. Exporting Non-Home Directories¶
Goal: Export /srv/nfs_share
on the server, mount as /mnt/nfs
on the
client.
4.8.9.1.1. default.yaml¶
nfs::server: "your.server.fqdn"
nfs::server::client_ips: "%{alias('client_nets')}"
nfs::simp_iptables: true
nfs::simp_krb5: false
4.8.9.1.2. Server¶
In site/manifests/nfs_server.pp
:
class site::nfs_server {
include '::nfs'
file { '/srv/nfs_share':
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0644'
}
nfs::server::export { 'nfs4_root':
client => ['*'],
export_path => '/srv/nfs_share',
sec => ['sys'],
}
File['/srv/nfs_share'] -> Nfs::Server::Export['nfs4_root']
}
In hosts/<your_server_fqdn>.yaml
:
nfs::is_server: true
classes:
- 'site::nfs_server'
4.8.9.1.3. Client¶
In site/manifests/nfs_client.pp
:
class site::nfs_client {
include '::nfs'
file { '/mnt/nfs':
ensure => 'directory',
mode => '755',
owner => 'root',
group => 'root'
}
mount { "/mnt/nfs":
ensure => 'mounted',
fstype => 'nfs4',
device => '<your_server_fqdn>:/srv/nfs_share',
options => 'sec=sys'
}
File['/mnt/nfs'] -> Mount['/mnt/nfs']
}
In hosts/<your_client_fqdn>.yaml
:
nfs::is_server: false
classes:
- 'site::nfs_client'
4.8.9.2. Exporting home directories¶
Goal: Export home directories for LDAP users.
Utilize three stock classes from pupmod-simp-simp
:
simp::export_home
: Configures an NFS server to share centralized home directories using NFSv4simp::home_client
: Configures an NFS client to point at the server created bysimp::export_home
.simp::create_home_dirs
: Optional hourly cron that binds to a LDAP server,ldap::uri
by default, and creates a NFS home directory for all users in the LDAP server. Also expires any home directories for users that no longer exist in LDAP.
Note
The NFS deamon may take time to reload after module application. If your users do not have home directories immediately after application or it takes a while to log in, don’t panic!
Note
Any users logged onto a host at the time of module application will not have their home directories re-mounted until they log out and log back in.
4.8.9.2.1. default.yaml¶
nfs::server: "your.server.fqdn"
nfs::server::client_ips: "%{alias('client_nets')}"
nfs::simp_iptables: true
nfs::simp_krb5: false
4.8.9.2.2. Server¶
nfs::is_server: true
simp::nfs::export_home::create_home_dirs: true
classes:
- 'simp::nfs::export_home'
- 'simp::nfs::home_client'
4.8.9.2.3. Client¶
nfs::is_server: false
classes:
- 'simp::nfs::home_client'
4.8.9.3. Enabling Stunnel¶
If you wish to encrypt your NFS data using stunnel, set the following in
default.yaml
:
nfs::use_stunnel : true
4.8.9.4. Enabling krb5¶
Warning
This functionality is incomplete. See ticket SIMP-1400 in our JIRA Bug Tracking . Until that ticket is resolved, it is HIGHLY recommended you continue to use stunnel for encrypted nfs traffic.
4.8.9.4.1. default.yaml¶
classes:
- 'krb5::keytab'
nfs::server: "your.server.fqdn"
nfs::server::client_ips: "%{alias('client_nets')}"
nfs::simp_iptables: true
nfs::secure_nfs: true
simp_krb5: true
krb5::kdc::auto_keytabs::global_services:
- 'nfs'
4.8.9.4.2. Server¶
nfs::is_server: true
simp::nfs::export_home::create_home_dirs: true
classes:
- 'simp::nfs::export_home'
- 'simp::nfs::home_client'
- 'krb5::kdc'
4.8.9.4.3. Client¶
nfs::is_server: false
classes:
- 'simp::nfs::home_client'