From patchwork Mon Aug 27 09:28:01 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ian Kent X-Patchwork-Id: 180159 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from acsinet14.oracle.com (acsinet14.oracle.com [141.146.126.236]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "acsinet14.oracle.com", Issuer "VeriSign Class 3 International Server CA - G3" (not verified)) by ozlabs.org (Postfix) with ESMTPS id DCCC22C00BA for ; Mon, 27 Aug 2012 19:28:27 +1000 (EST) Received: from acsinet15.oracle.com (acsinet15.oracle.com [141.146.126.227]) by acsinet14.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q7R9SMRx030874 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 27 Aug 2012 09:28:22 GMT Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by acsinet15.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q7R9SIim023041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 27 Aug 2012 09:28:19 GMT Received: from oss.oracle.com (oss-external.oracle.com [137.254.96.51]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q7R9SI6b022738 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 27 Aug 2012 09:28:18 GMT Received: from localhost ([127.0.0.1] helo=oss.oracle.com) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1T5vcI-0005oN-4P; Mon, 27 Aug 2012 02:28:18 -0700 Received: from acsinet22.oracle.com ([141.146.126.238]) by oss.oracle.com with esmtp (Exim 4.63) (envelope-from ) id 1T5vc8-0005nz-58 for fedfs-utils-devel@oss.oracle.com; Mon, 27 Aug 2012 02:28:08 -0700 Received: from rcsinet11.oracle.com (rcsinet11.oracle.com [148.87.113.123]) by acsinet22.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id q7R9S7Fc010581 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 27 Aug 2012 09:28:07 GMT Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by rcsinet11.oracle.com (Sentrion-MTA-4.2.2/Sentrion-MTA-4.2.2) with ESMTP id q7R9S53v026909 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 27 Aug 2012 09:28:05 GMT Received: from compute2.internal (compute2.nyi.mail.srv.osa [10.202.2.42]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 3581B2101C for ; Mon, 27 Aug 2012 05:28:05 -0400 (EDT) Received: from frontend1.nyi.mail.srv.osa ([10.202.2.160]) by compute2.internal (MEProxy); Mon, 27 Aug 2012 05:28:05 -0400 X-Sasl-enc: Uqb4ogeUcVCZ0ECRDPMZU6yuocJoO+PAcVNz7XcHQKZk 1346059684 Received: from perseus.themaw.net (unknown [124.171.252.171]) by mail.messagingengine.com (Postfix) with ESMTPA id 561E78E03C1 for ; Mon, 27 Aug 2012 05:28:04 -0400 (EDT) Received: from perseus.themaw.net (localhost [127.0.0.1]) by perseus.themaw.net (Postfix) with ESMTP id D3222E34B0 for ; Mon, 27 Aug 2012 17:28:01 +0800 (WST) From: Ian Kent To: fedfs-utils Developers Date: Mon, 27 Aug 2012 17:28:01 +0800 Message-ID: <20120827092801.31035.22348.stgit@perseus.themaw.net> In-Reply-To: <20120827092743.31035.9422.stgit@perseus.themaw.net> References: <20120827092743.31035.9422.stgit@perseus.themaw.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 X-Flow-Control-Info: class=Default reputation=ipRepBelow100 ip=66.111.4.25 ct-class=T2 ct-vol1=0 ct-vol2=5 ct-vol3=6 ct-risk=58 ct-spam1=75 ct-spam2=1 ct-bulk=13 rcpts=1 size=15487 X-MM-CT-Classification: not spam X-MM-CT-RefID: str=0001.0A090205.503B3DA6.0058,ss=1,re=-2.300,fgs=0 Subject: [fedfs-utils] [PATCH] FedFS - simple setup howto X-BeenThere: fedfs-utils-devel@oss.oracle.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: fedfs-utils Developers List-Id: fedfs-utils Developers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com X-Source-IP: acsinet15.oracle.com [141.146.126.227] Add a howto to setup a DNS domain fedfs.org, an (OpenLDAP) LDAP instance with context dc=fedfs,dc=org and work through the steps to setup a read-only FedFS root domain with a single referral. Signed-off-by: Ian Kent --- doc/howto/fedfs-simple-setup-howto.txt | 465 ++++++++++++++++++++++++++++++++ 1 files changed, 465 insertions(+), 0 deletions(-) create mode 100644 doc/howto/fedfs-simple-setup-howto.txt diff --git a/doc/howto/fedfs-simple-setup-howto.txt b/doc/howto/fedfs-simple-setup-howto.txt new file mode 100644 index 0000000..6454f64 --- /dev/null +++ b/doc/howto/fedfs-simple-setup-howto.txt @@ -0,0 +1,465 @@ + +Simple example of basic FedFS setup and operation +================================================= + +The examples in this test procedure assume a Fedora 18 install. + +Assume that the package fedfs-utils-server and fedfs-utils-client +are installed on perseus.fedfs.org. And that fedfs-utils-server and +a nfs-utils built with fedfs-utils-devel installed on zeus.fedfs.org +and that fedfs-utils-lib is also installed on zeus.fedfs.org. + +We want to setup perseus.fedfs.org to provide the domain root, +be able to use FedFS to mount the domain root, and to setup and +use a FedFS juntion to access an export on zeus.fedfs.org upon +access to a directory within the domain root. And lastly, setup +autofs to use the FedFS program map to mount the root of the +domain. + +#Questions still to be answered: +#1. When and where (ie. on which server) is rpc.fedfsd used in the +# procedure below. +#2. What is the procedure for setting up a junction on a third +# unrelated machine. + +Setup a forwarding DNS server for fedfs.org +=========================================== + +Some of this setup may not be necessary but it is what I use to setup +DNS instances for testsing. Also many of the files created in step 1 +should be included in a caching nameserver package. Installing the +cacheing nameserver package and making appropriate modifications to +turn the cacheing nameserver into a forwarding nameserver iis really +all that needs to be done. Of course the fedfs zone files will always +be needed. + +The example assumes the private IP address range 192.168.1 is being +used and a nameserver that is able to satisfy name resolution for +external names is at 192.168.1.1 and the hosts perseus.fedfs.org and +zeus.fedfs.org are assigned addresses 192.168.1.32 and 192.168.1.31 +respectively. + +1. Setup zeus.fedfs.org as a forwarding DNS server: + + mkdir -p /var/named/master/fedfs.org + if [ ! -d /var/named/data ]; then + mkdir /var/named/data + fi + +Create /var/named/named.root using: + dig +norec NS > /var/named/named.root + +Create /etc/named.rfc1912.zones as: + // named.rfc1912.zones: + // + // ISC BIND named zone configuration for zones recommended by + // RFC 1912 section 4.1 : localhost TLDs and address zones + // + zone "localdomain" IN { + type master; + file "localdomain.zone"; + allow-update { none; }; + }; + + zone "localhost" IN { + type master; + file "localhost.zone"; + allow-update { none; }; + }; + + zone "0.0.127.in-addr.arpa" IN { + type master; + file "named.local"; + allow-update { none; }; + }; + + zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { + type master; + file "named.ip6.local"; + allow-update { none; }; + }; + + zone "255.in-addr.arpa" IN { + type master; + file "named.broadcast"; + allow-update { none; }; + }; + + zone "0.in-addr.arpa" IN { + type master; + file "named.zero"; + allow-update { none; }; + }; + +Create /var/named/localdomain.zone as: + $TTL 86400 + @ IN SOA localhost root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + IN NS localhost + localhost IN A 127.0.0.1 + +Create /var/named/localhost.zone + $TTL 86400 + @ IN SOA @ root ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + + IN NS @ + IN A 127.0.0.1 + IN AAAA ::1 + +Create /var/named/named.local as: + $TTL 86400 + @ IN SOA localhost. root.localhost. ( + 1997022700 ; Serial + 28800 ; Refresh + 14400 ; Retry + 3600000 ; Expire + 86400 ) ; Minimum + IN NS localhost. + 1 IN PTR localhost. + +Create /var/named/named.ip6.local as: + $TTL 86400 + @ IN SOA localhost. root.localhost. ( + 1997022700 ; Serial + 28800 ; Refresh + 14400 ; Retry + 3600000 ; Expire + 86400 ) ; Minimum + IN NS localhost. + 1 IN PTR localhost. + +Create /var/named/named.broadcast as: + $TTL 86400 + @ IN SOA localhost. root.localhost. ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + IN NS localhost. + +Create /var/named/named.zero as: + $TTL 86400 + @ IN SOA localhost. root.localhost. ( + 42 ; serial (d. adams) + 3H ; refresh + 15M ; retry + 1W ; expiry + 1D ) ; minimum + IN NS localhost. + +Create /etc/named.conf as: + options { + listen-on port 53 { any; }; + listen-on-v6 port 53 { ::1; }; + directory "/var/named"; + allow-query { any; }; + forwarders { 192.168.1.1; }; + recursion yes; + }; + + logging { + channel default_debug { + file "data/named.run"; + severity dynamic; + }; + }; + + zone "." IN { + type hint; + file "named.root"; + }; + + include "/etc/named.rfc1912.zones"; + + include "/var/named/master/fedfs.org/zone.fedfs.org"; + +Create /var/named/master/fedfs.org/zone.fedfs.org as: + zone "fedfs.org" { + type master; + notify no; + file "master/fedfs.org/db.fedfs.org"; + }; + + zone "1.168.192.in-addr.arpa" { + type master; + notify no; + file "master/fedfs.org/db.192.168.1"; + }; + +Create /var/named/master/fedfs.org/db.fedfs.org as: + $TTL 3D + @ IN SOA ns.fedfs.org. hostmaster.fedfs.org. ( + 199802152 ; serial, todays date + todays serial # + 8H ; refresh, seconds + 2H ; retry, seconds + 4W ; expire, seconds + 1D ) ; minimum, seconds + ; + NS ns ; Inet Address of name server + ; + localhost A 127.0.0.1 + ns A 192.168.1.32 + zeus A 192.168.1.32 + perseus A 192.168.1.31 + + ; Assume these aren't present, they've been left to show an example + ; of the SRV record that would be used for a read-write FedFS domain + ; rather than the read-only setup we use here. + ;_nfs4._domainroot._tcp SRV 0 0 2049 perseus.fedfs.org. + ;_nfs4._write._domainroot._tcp SRV 0 0 2049 perseus.fedfs.org. + +Create /var/named/master/fedfs.org/db.192.168.1 as: + $TTL 3D + @ IN SOA ns.fedfs.org. hostmaster.fedfs.org. ( + 199802151 ; Serial, todays date + todays serial + 8H ; Refresh + 2H ; Retry + 4W ; Expire + 1D) ; Minimum TTL + NS ns.fedfs.org. + + 32 PTR ns.fedfs.org. + 32 PTR zeus.fedfs.org. + 31 PTR perseus.fedfs.org. + + service named start +or + systemctl start named.service + +2. On perseus.fedfs.org and zeus.fedfs.org configure /etc/resolve.conf: + cd /etc + cp resolve.conf resolv.conf.orig + echo "domain fedfs.org" > resolve.conf + echo "search fedfs.org" >> resolve.conf + echo "nameserver 192.168.1.32" >> resolve.conf + + +Setup an NSDB (NameSpace DataBase) +================================== + +1. Set parameters for NSDB connections: + # nsdbparams(8) is used to set NSDB connection parameters + nsdbparams update -e "dc=fedfs,dc=org" \ + -D "cn=Manager,dc=fedfs,dc=org" \ + zeus.fedfs.org + +2. Setup an OpenLDAP instance for fedfs.org: + service slapd stop +or + systemctl stop slapd.service + +Create /etc/openldap/slapd.conf as: + include /etc/openldap/schema/core.schema + include /etc/openldap/schema/cosine.schema + include /etc/openldap/schema/inetorgperson.schema + include /etc/openldap/schema/nis.schema + # Get this from the FedFS distribution + include /etc/openldap/schema/fedfs.schema + + pidfile /var/run/openldap/slapd.pid + argsfile /var/run/openldap/slapd.args + + database bdb + suffix "dc=fedfs,dc=org" + rootdn "cn=Manager,dc=fedfs,dc=org" + rootpw secret + directory /var/lib/ldap + + index objectClass eq,pres + index ou,cn,mail,surname,givenname eq,pres,sub + index uidNumber,gidNumber,loginShell eq,pres + index uid,memberUid eq,pres,sub + index nisMapName,nisMapEntry eq,pres,sub + +Create fedfs.org-naming-context.ldif as: + dn: dc=fedfs,dc=org + objectClass: domain + dc: fedfs + description: naming context + +Create an OpenLDAP instance for fedfs.org: + # Ensure that /etc/openldap/ldap.conf is setup to use fedfs.org + # by commenting out any other URI and BASE directives and then + # add definitions to the end of the configuration. + echo "URI ldap://zeus.fedfs.org/" >> /etc/openldap/ldap.conf + echo "BASE dc=fedfs,dc=org" >> /etc/openldap/ldap.conf + + # Setup OpenLDAP for fedfs.org + cd /etc/openldap + restorecon -v slapd.conf + + rm -f /var/lib/ldap/* + # supress warnings that this file does not exist + touch /var/lib/ldap/DB_CONFIG + + rm -rf slapd.d + slaptest -F slapd.d -f slapd.conf + # I think this will restore the correct ownership + # of the configuration directory tree but it may + # be necessary to chmod -R ldap.ldap slapd.d also. + restorecon -R -v slapd.d + + slapadd -l fedfs.org-naming-context.ldif + chown ldap.ldap /var/lib/ldap/* + restorecon -v /var/lib/ldap/* + + service slapd start +or + systemctl start slapd.service + +4. Add NCI (NSDB Container information) attributes to the + naming context LDAP entry: + nsdb-update-nci -l zeus.fedfs.org \ + -D "cn=Manager,dc=fedfs,dc=org" \ + -e "dc=fedfs,dc=org" + + +Add a FedFS junction within a domain root directory +=================================================== + +Assuming there is a file system mounted on /vm (or just a directory +we can export) on server zues.fedfs.org which we want to access +under the domain root as /vm, we will be +exporting /.domainroot-fedfs.org as the domain root. + +1. Add an entry to /etc/exports on zeus.fedfs.org: + + # Add to /etc/exports + /vm *(ro) + + # Restart the nfs service or just re-export the table + exportfs -r + +2. Add a junction to the domain root on persues.fedfs.org: + + # + # Tell nfsref the LDAP server (the NSDB) we are using to + # record file system name (FSN) and file system location + # (FSL) uuids. This assumes the LDAP connection parameters + # have been setup as in step 1 of "Setup an NSDB". + # + export FEDFS_NSDB_HOST=zeus.fedfs.org + + # + # Add the junction metadata to the directory and update + # the NSDB with uuid info of the junction. + # + mkdir -p /.domainroot-fedfs.org/vm + nfsref --type=nfs-fedfs \ + add /.domainroot-fedfs.org/vm \ + zeus.fedfs.org /vm + + +Setup fedfs domain root export (read-only case) +=============================================== + +For this we are seeking to mount the domain root exported from host +perseus.fedfs.org. + +1. Add an SRV record for the FedFS file server to DNS: + + _nfs4._domainroot._tcp SRV 0 0 2049 perseus.fedfs.org. + +2. Restart named to make in available. + + service named restart +or + systemctl restart named.service + +3. Add an entry to /etc/exports on perseus.autofs.test: + + # + # Created when we added the junction above. + # mkdir /.domainroot-fedfs.org + # + /.domainroot-fedfs.org *(ro) + +4. Restart NFS: + + service nfs restart +or + systemctl restart nfs.service + +5. Mount using the FedFS mount utility on a local directory: + + mount -v -t fedfs /nfs4/fedfs.org /mnt + mount | grep domainroot + perseus.fedfs.org:/.domainroot-fedfs.org/ on /mnt type nfs4 ... + + cd /mnt/vm + + # + # This check assumes /etc/mtab is symlinked to /proc/mounts + # as it is in Fedora. Kernel automounted file systems will + # not be present in the text based /etc/mtab and so will not + # be seen in it. Look to /proc/mounts instead in this case. + # + mount | grep ^zeus.fedfs.org.*vm + zeus.fedfs.org:/vm/ on /mnt/vm type nfs4 ... + + # Ha, move out of the directory so it can be umounted + cd + +5. Lastly cleanup: + + # + # This example includes a specific umount of the junction + # (/mnt/vm) but such kernel automounted file systems are + # umounted automatically (when they are not in use) so it + # may not be present when this step is done. + # + umount /mnt/vm + umount /mnt + +Setup autofs to automount the domain root +========================================= + +1. Add a line to /etc/auto.master to automount FedFS root domains: + + # + # Note that the autofs pseudo option "nobind" probably + # should be used. In the case here it is required because + # the FedFS client also hosts the root of the domain and + # autofs will see the mount is local and perform a bind + # mount instead of an NFS mount. That, of course, means + # file system lookups won't be with an NFS file system + # so NFS referals can't be followed. + # + # Also note that the autofs mount point name must be + # /nfs4 to be able to mount nfs4 root domains. + # + echo "/nfs4 /usr/sbin/fedfs-map-nfs4 nobind" >> /etc/auto.master + +2. Restart or reload the autofs service: + + service autofs restart +or + systemctl restart autofs.service + +3. Check that we can mount the domain root and the referal: + + # automount the root domain. + [raven@perseus ~]$ ls /nfs4/fedfs.org + top.txt vm + + # automount the referal (from a different machine). + [raven@perseus ~]$ ls /nfs4/fedfs.org/vm + lost+found test.txt + + # Check they were mounted. + [raven@perseus ~]$ mount |grep perseus|grep nfs4 + perseus.fedfs.org:/.domainroot-fedfs.org/ on /nfs4/fedfs.org type nfs4 ... + [raven@perseus ~]$ mount |grep zeus|grep nfs4 + zeus.fedfs.org:/vm/ on /nfs4/fedfs.org/vm type nfs4 ... + +