Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
nfs recommendation [solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Tue May 04, 2010 3:23 pm    Post subject: nfs recommendation [solved] Reply with quote

hello.
currently, I'm using nfs4 to share a folder on my server with my laptop, but that folder has symlinks which don't behave well with nfs4.
so I need to change the nfs protocol, I want need a recommendation for an protocol that supports symlinks, read (only) data from the server, can be limited to specific addresses per folder, bind to specific user and can be binded to a static port.
I've thought of using smb but I'm not sure if it can be binded on addresses per share.

can smb do that? if not, is there a nfs implementation that supports what I want?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein


Last edited by DaggyStyle on Sat May 08, 2010 11:45 am; edited 1 time in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 46381
Location: 56N 3W

PostPosted: Tue May 04, 2010 7:05 pm    Post subject: Reply with quote

DaggyStyle,

Does sshfs do what you need ?
Its a way of mounting a remote filesystem over ssh for a single user.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Tue May 04, 2010 8:30 pm    Post subject: Reply with quote

NeddySeagoon wrote:
DaggyStyle,

Does sshfs do what you need ?
Its a way of mounting a remote filesystem over ssh for a single user.

might be, will check it out, btw, does it interferes with other ssh connection?
is it possible it is overshoot for my needs?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Tue May 04, 2010 9:04 pm    Post subject: Reply with quote

Hard links work okay with NFSv4. Is that a possibility for you?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
alunduil
Retired Dev
Retired Dev


Joined: 13 Mar 2005
Posts: 96
Location: San Antonio, TX, USA

PostPosted: Tue May 04, 2010 9:07 pm    Post subject: Reply with quote

What about AFS? I've been meaning to get around to using it but haven't had the time.

Regards,

Alunduil
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16043

PostPosted: Wed May 05, 2010 2:06 am    Post subject: Reply with quote

In what way do the symlinks behave badly under NFSv4?
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Wed May 05, 2010 4:59 am    Post subject: Reply with quote

John R. Graham wrote:
Hard links work okay with NFSv4. Is that a possibility for you?

- John


even when it point to another partition? I'll need to refresh my knowledge on symlink vs hardlink

alunduil wrote:
What about AFS? I've been meaning to get around to using it but haven't had the time.

Regards,

Alunduil


androw fs?

Hu wrote:
In what way do the symlinks behave badly under NFSv4?


they point on the location on the client's computer rather then on the server computer
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 10459
Location: Somewhere over Atlanta, Georgia

PostPosted: Wed May 05, 2010 10:57 am    Post subject: Reply with quote

DaggyStyle wrote:
John R. Graham wrote:
Hard links work okay with NFSv4. Is that a possibility for you?

- John

even when it point to another partition? I'll need to refresh my knowledge on symlink vs hardlink
No; hard links work only within a single filesystem. However, you can mount portions of other filesystems within your NFS shared directory. See "mount -o bind".

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Wed May 05, 2010 5:24 pm    Post subject: Reply with quote

DaggyStyle wrote:
alunduil wrote:
What about AFS? I've been meaning to get around to using it but haven't had the time.

Regards,

Alunduil


androw fs?


"andrew fs" - Don't know who the heck "andrew" was, maybe Andrew Carnegie, since it was orignally done at CMU. We use AFS extensively at work. It works well, but there are definitely non-Posix things about it - to ordinary users the most obvious is file permissions.

DaggyStyle wrote:
Hu wrote:
In what way do the symlinks behave badly under NFSv4?


they point on the location on the client's computer rather then on the server computer


I'm serving /home over NFSv4 at home, and do this with no problems. I have both "/local" and "/home". There is local user space for each user available at /local, and nfs is mounted over /home. In addition there are several box-local accounts - some different on each client, some the same. The server has these accounts in /etc/passwd, but no space allocated in the exported space. At this point, a picture might be better:
Code:

directly on the client:
/local/dale   (directory structure here)
      /mythtv (directory structure here)
/home/dale    ->/local/dale
     /mythtv  ->/local/mythtv

On the server:
/exports/home/dale   (directory structure here)
             /mythtv ->/local/mythtv


The upshot of all of this is that my clients can mount /home from the server for each regular user. But space for the mythtv user does not exist on the server, but is separate and configured to each specific client. Furthermore, since there is some user space for each client under /local, and because there's a symlink to /local hidden under the /home mount point, if the NFS server is not up users can still work. In addition certain thing like the firefox profiles and cache are symlinked out of nfs and into the local space. (If you think the sqlite problem was bad on ext3, imagine it over nfs.)

The upshot is that I've got symlinks pointing out of NFSv4 into local space and it works happily. So it's not that it won't work, but there may be additional gotchas.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16043

PostPosted: Thu May 06, 2010 3:10 am    Post subject: Reply with quote

DaggyStyle wrote:
Hu wrote:
In what way do the symlinks behave badly under NFSv4?
they point on the location on the client's computer rather then on the server computer
That is exactly what is supposed to happen.
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Thu May 06, 2010 6:25 am    Post subject: Reply with quote

John R. Graham wrote:
DaggyStyle wrote:
John R. Graham wrote:
Hard links work okay with NFSv4. Is that a possibility for you?

- John

even when it point to another partition? I'll need to refresh my knowledge on symlink vs hardlink
No; hard links work only within a single filesystem. However, you can mount portions of other filesystems within your NFS shared directory. See "mount -o bind".

- John


I've tried that, the content if the two folder I've binded on the server appear empty on the client, here is the fstab:
Code:

/dev/sdb1               /               reiserfs        noatime         0 1
/dev/mapper/Mainframe-portageTree       /usr/portageTree ext2           noatime         0 0
/dev/mapper/Mainframe-portageBin        /usr/portageBin reiserfs        noatime         0 0
/usr/portageBin/distfiles               /usr/portage/distfiles none     rw,bind         0 0
/usr/portageBin/packages                /usr/portage/packages none      rw,bind         0 0
/usr/portage                            /export/portage none            ro,bind         0 0

also, when I try to see the content of distfiles and packages as normal user I can see the content, but when trying to access the content of one folder within packages, I get permission denied.

Hu wrote:
DaggyStyle wrote:
Hu wrote:
In what way do the symlinks behave badly under NFSv4?
they point on the location on the client's computer rather then on the server computer
That is exactly what is supposed to happen.


thats true but that isn't what I've wanted and thought it will do.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Thu May 06, 2010 3:22 pm    Post subject: Reply with quote

So let me get this straight...

You had symlinks in an exported directory that were going outside of that mount point on the server, and of course on the client they wound up pointing to missing places on the client filesystem. That is to be expected.

Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)

Do you have "root squash" enabled? It's generally a good idea to keep root squashed, but I believe that within idmapd you could map root to another user - say portage?
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Thu May 06, 2010 8:57 pm    Post subject: Reply with quote

depontius wrote:
So let me get this straight...

You had symlinks in an exported directory that were going outside of that mount point on the server, and of course on the client they wound up pointing to missing places on the client filesystem. That is to be expected.

yes.
depontius wrote:
Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)

think so
depontius wrote:
Do you have "root squash" enabled? It's generally a good idea to keep root squashed, but I believe that within idmapd you could map root to another user - say portage?
huh?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Fri May 07, 2010 12:03 am    Post subject: Reply with quote

DaggyStyle wrote:

depontius wrote:
Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)

think so
depontius wrote:
Do you have "root squash" enabled? It's generally a good idea to keep root squashed, but I believe that within idmapd you could map root to another user - say portage?
huh?


Basically, root can't be trusted across a network. Trusting root across a network essentially means that root on one machine is root on any machine, meaning that you have to trust anything and everything that gets plugged into your network. That situation is probably acceptable for a home lan or an isolated lab network, but not much more.

Because of that, "root squash" means turning root into an anonymous user - essentially "nobody", though that can be configured. It also happens to be the default for nfs - local root can't do squat to an nfs-mounted filesystem. The "Nobody-User" and "Nobody-Group" are what root normally becomes, and they're specified in /etc/idmapd.conf. It's also possible to turn off root-squash, though I'm not sure how fine-grained that can be done.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Fri May 07, 2010 6:02 am    Post subject: Reply with quote

depontius wrote:
DaggyStyle wrote:

depontius wrote:
Then you changed it to bind-mounts on the server, and as a normal user on the client everything looks good, but it still doesn't really work? (basically as root?)

think so
depontius wrote:
Do you have "root squash" enabled? It's generally a good idea to keep root squashed, but I believe that within idmapd you could map root to another user - say portage?
huh?


Basically, root can't be trusted across a network. Trusting root across a network essentially means that root on one machine is root on any machine, meaning that you have to trust anything and everything that gets plugged into your network. That situation is probably acceptable for a home lan or an isolated lab network, but not much more.

Because of that, "root squash" means turning root into an anonymous user - essentially "nobody", though that can be configured. It also happens to be the default for nfs - local root can't do squat to an nfs-mounted filesystem. The "Nobody-User" and "Nobody-Group" are what root normally becomes, and they're specified in /etc/idmapd.conf. It's also possible to turn off root-squash, though I'm not sure how fine-grained that can be done.

but that is not what I want, all I want it to share portage with the laptop.
because the tree is on a 1k block ext2 partition and the packages+distfiles are on a reiserfs partition.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3450

PostPosted: Fri May 07, 2010 2:00 pm    Post subject: Reply with quote

DaggyStyle wrote:

but that is not what I want, all I want it to share portage with the laptop.
because the tree is on a 1k block ext2 partition and the packages+distfiles are on a reiserfs partition.


It doesn't seem to me that you should be having any problem, then. From what I can tell here, the portage tree is universal-read, so even if root gets squashed into nobody, it should still be able to read the stuff. I may be able to do a rough cut of this on my home system, to check it out for you. I have:
/raid1-1/backup
/etc
/home/dale
/lost+found
/mail

/exports/home

#grep exports /etc/fstab
/raid1-1/home /exports/home none bind 0 0
To come up with something analogous to your situation, I think I just need to bind-mount /usr/portage to /raid1-1/home and see what it looks like from the client side, both as user and as root. Unlike your setup, my whole /usr/portage is on one filesystem, but I think we can demonstrate the basic principle by bind-mounting it into /raid1-1/home. That will need to wait until I'm home tonight or this weekend.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Fri May 07, 2010 3:07 pm    Post subject: Reply with quote

depontius wrote:
DaggyStyle wrote:

but that is not what I want, all I want it to share portage with the laptop.
because the tree is on a 1k block ext2 partition and the packages+distfiles are on a reiserfs partition.


It doesn't seem to me that you should be having any problem, then. From what I can tell here, the portage tree is universal-read, so even if root gets squashed into nobody, it should still be able to read the stuff. I may be able to do a rough cut of this on my home system, to check it out for you. I have:
/raid1-1/backup
/etc
/home/dale
/lost+found
/mail

/exports/home

#grep exports /etc/fstab
/raid1-1/home /exports/home none bind 0 0
To come up with something analogous to your situation, I think I just need to bind-mount /usr/portage to /raid1-1/home and see what it looks like from the client side, both as user and as root. Unlike your setup, my whole /usr/portage is on one filesystem, but I think we can demonstrate the basic principle by bind-mounting it into /raid1-1/home. That will need to wait until I'm home tonight or this weekend.

notice that it is anough to reload exportfs, restart nfs and enter /export/home
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5589

PostPosted: Sat May 08, 2010 11:47 am    Post subject: Reply with quote

with the help of the guys at #gentoo in freenode, I've added the missing folders to export and modified the config and viola! all is working :)
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum