Tuesday, October 29, 2013

Solaris 10 (NFS Server/Client) Configuration

NFS Server Side

Solaris-1 - 192.168.100.166 - Server
Solaris-2 - 192.168.100.234 - Client

#svcs -a | grep -i nfs
svc:/network/rpc/bind:default           (required)
svc:/network/nfs/status:default         (required)
svc:/network/nfs/nlockmgr:default       (required)
svc:/network/nfs/server:default         (required)
svc:/network/nfs/mapid:default          (NFSv4, required)

svc:/network/nfs/rquota:default         (optional)
svc:/network/rpc/gss:default            (NFSv4, optional)
/usr/lib/nfs/nfslogd                    (NFSv2, NFSv3, optional)

Check NFS Server with dependency
#svcs -l nfs/server

Check required services status
#svcs -v svc:/network/rpc/bind:default svc:/network/nfs/status:default svc:/network/nfs/nlockmgr:default svc:/network/nfs/server:default svc:/network/nfs/mapid:default

Check optional services status
#svcs -v svc:/network/nfs/rquota:default svc:/network/rpc/gss:default 

If the service is stopped, you can start with
#svcadm enable -r svc:/network/nfs/server:default 

If the service cannot started, you got to verify with
#svcs -xv svc:/network/nfs/server:default 

#rpcinfo -p
    
vi  /etc/ipf/ipf.conf
nfsd
pass in quick proto tcp from any to any port = 2049 keep state
pass in quick proto udp from any to any port = 2049 keep state

sunrpc
pass in quick proto tcp from any to any port = 111 keep state
pass in quick proto udp from any to any port = 111 keep state

lockd
pass in quick proto tcp from any to any port = 4045 keep state
pass in quick proto udp from any to any port = 4045 keep state


#/usr/bin/egrep -v '^$|^#' /etc/dfs/dfstab

#share -F nfs -o nosuid,rw=@192.168.100.0/24,anon=60001 -d "Common Shared directories" /tempnfssun1  (60001=nobody)
#share -F nfs -o rw=solaris-2:@192.168.100.234,root=@192.168.100.234,ro,nosub /tempnfssun1
#share -F nfs -o ro=solaris3,rw=solaris-2,root=solaris-2  /tempnfssun1
#share -F nfs -o ro=solaris-2  /tempnfssun2
#share -F nfs -o ro=client1:client2,rw=client3:client4,root=client4 /tempshare (client=hostname)
#share -F nfs -o ro=@192.168.100.0/24 /usr/share/man

Share command Examples

#share -F nfs -o ro,rw=solaris-2:solaris-3    /shared_nfs_folder
Read-Only access to all
Read-Write access to solaris-2 & solaris-3

share -F nfs -o rw=solaris-2:solaris-3,root=solaris-2     /shared_nfs_folder
Read-Write access to solaris-2 and solaris-3
Root access granted to the root account on solaris-2

share -F nfs -o ro,anon=0  /shared_nfs_folder
anon=0 gives all machines full root access to this share, but with 'ro' it's read-only

share -F nfs -o nosub,ro     /shared_nfs_folder
allow mounting at at top-level directory structure only

share -F nfs -o rw=.mmx.com   /shared_nfs_folder
Sharing with all clients that are part of a DNS mmx.com

share -F nfs -o rw=@192.168.100.0/24  /shared_nfs_folder
Sharing only to 192.168.100.0 subnet

share -F nfs -o rw=solaris-2:-solaris-3:@192.168.100.0/24  /shared_nfs_folder
Sharing read write access to solaris-2
Solaris-3 will deny if the host in 192.168.100.0/24 network

#/usr/sbin/unshare /usr/share/man

On the server, you can use 'unshareall' to stop sharing all exported filesystems and verify with 'dfshares':
#/usr/sbin/unshareall
#/usr/sbin/dfshares
#/usr/sbin/share
#/usr/bin/cat /etc/dfs/sharetab
#shareall -F nfs

NFS Client Side

svc:/network/rpc/bind:default           (required)
svc:/network/nfs/status:default         (required)
svc:/network/nfs/nlockmgr:default       (required)
svc:/network/nfs/client:default         (required)
svc:/network/nfs/cbd:default            (NFSv4, required)
svc:/network/nfs/mapid:default          (NFSv4, required)

Check require services are running
#svcs -v svc:/network/nfs/client:default svc:/network/nfs/status:default svc:/network/nfs/nlockmgr:default svc:/network/rpc/bind:default

Check which share folders are available from NFS Server
#/usr/sbin/dfshares 192.168.100.166
#showmount -e solaris-1

#/usr/bin/mkdir /home2
#/usr/bin/ls -ld /home2        
        drwxr-xr-x   2 root     root           2 Feb 20 03:12 /home2/

#/usr/sbin/mount -F nfs -o rw,bg,intr 192.168.100.166:/export/home /home2
#/usr/bin/ls -ld /home2                           
        drwxr-xr-x   4 root     root         512 Dec 21 02:21 /home2/

#/usr/sbin/df -h /home2
        Filesystem             size   used  avail capacity  Mounted on
        10.0.23.191:/export/home
                               7.9G   4.4G   3.4G    57%    /home2

#/usr/sbin/mount | /usr/bin/grep /home2
        /home2 on 10.0.23.191:/export/home remote/read/write/setuid/devices/rstchown/bg/intr/xattr/dev=8740001 on Sun Feb 20 03:26:37 2011

vi  /usr/bin/cat /etc/vfstab

192.168.100.166:/export/home        -       /home2  nfs     -       yes     rw,bg,intr

Note 4: Because NFSv4 does not use the MOUNT protocol, 'nosub' only
impacts client side mounting using NFSv2 and NFSv3.  Since Solaris 10
attempts use of NFSv4 by default, falling back to v2 or v3 as necessary,
to illustrate 'nosub' I deliberately set option 'vers=3' in the mount command

#mount -F nfs -o rw,intr,vers=3 10.0.23.191:/usr/sfw /opt/sfw
#mount -F nfs -o ro,vers=4 solaris-2:/tempnfssun1 /tempnfssun1 && echo $?

#df -k | grep solaris-1

#mount -o bg,intr,ro  solaris-1:/tempnfssun1    /tempnfssun1

Mount Command options
bg = Retry in background later if mount fails
intr  = Allow keyboard interrupt on hard mount
ro = Do not allow write access to users, regardless of Unix file permissions
hard = keep trying until server responds (default) or the retry value is reached
soft = Give error message of server doesn't respond
retry n = Number of times to retry the mount (default = 10000)
nosuid = Setuid execution not allowed
sec=dh = Secure NFS, requiring the use of passwords based on public key encryption using the
Diffie-Helman encrytion technique.
vers = NFS versions (2,3,4)

To multiple machines Failover Mount

#mount -o ro solaris-1:/tempnfssun1,solaris-3:/tempnfssun1   /tempnfssun1
#mount -o ro solaris-2,solaris-1:/tempnfssun1  /tempnfssun1

#umount  /tempnfssun1
#umount  -f  /tempnfssun1
#umountall -r (To umount all remote filesystems)

No comments:

Quote of the Day