26 NFS and AutoFS This chapter covers the following major topics: x KEES KK KKK SSS Understand NFS concepts and benefits Understand NFS versions, security, daemons, commands, related files and startup scripts How NFS client and server interact with each other Configure NFS server and client Display exported and mounted NFS resources Unmount and unexport a resource Monitor NFS activities Understand AutoFS Features and benefits How AutoFS works AutoFS configuration file Configure AutoFS maps - master, special, direct and indirect Mount user home directories The Network File System (NFS) service is based on the client/server architecture whereby users en onesystem access files, directories and file systems (let us collectively calll them resources} residing on a remote system as if they exist locally on their system. The remote system that makes its resources available to be accessed over the network is called an VFS server, and the process of making them accessible is referred to ‘as exporting. The resources exported by the NFS server can be accessed by one or more systems. These systems are called NFS clients, and the process of making the resources accessible on clients is referred to as mounting. Resources may be kept mounted until either they are unmounted manually or the system is rebooted. The other method unmounts them automatically after a pre-determined time is elapsed. Understanding Network File System (NFS) ‘A system can funetion as both an NFS server and an NFS client at the same time. When a directory or fle system resource is exported, the entire directory structure beneath it becomes available for mounting on the client. A sub-directory or the parent directory of an exported resource cannot be re-exported if it exists in the same file system. Similarly, a resource mounted by an NFS client cannot be exported further by the client. A single exported file resource is mounted on a directory mount point NFS is built on top of Remote Procedure Call(RPC) and eXternal Data Representation (XDR) to allow a server and client to communicate. They provide a common “language” that both the server and client understand. This is standardized based on the fact that the NFS server and client may be running two completely different operating systems on different hardware platforms. RPC uses program numbers defined in the /ete/ipe file. The following data is extracted from the rpe file. It shows official service names in the first column, followed by program numbers and associated alias names in subsequent columns:cat leteirpe pormappes 100000 pormap supe spcbind said 100001 raat map perfmeter rsat_sve nuwaed 100002 ruses at 100003. prog spa 100004 ppg ‘momtd 100005. momnt stowmount ypbind 100007 fealld 100008 ral shutonen ypparenrda 100009 yppasswe ietetd 100010. ethers squotad 100011 rquotaprog quota quota wd 100012 ay, tocar 100020 lockmgr 100021 Benefits Some benefits associated with using NFS are listed below: Y Supports heterogeneous operating system platforms including all Linux and UNIX versions out there, as well as Microsoft Windows. Y Several client systems can access a single exported resource wultaneously. ¥ Enables sharing common application binaries and read-only information such as the man pages. instead of loading them cn each single system. This results in reduced overall disk storage cost and administration overhead Y Gives users access to uniform data.Y Useful when many users exist on many systems with their home directories located on every single host. In such a situation, create user home directories on a single system under /home for example, and export some, Now, whichever system a user logs on to, his home directory becomes available there, This way the user will need to maintain only one home directory, and not a lot. NFS Statelessness NFS is state/ess by design, meaning that the server does not Keep track of what a client system is doing on a shared resource. Ifthe client is crashed and rebooted, it wil reestablish a connection to the server. You do not have to do anything on the NFS server. Similarly, ifthe NFS server is crashed and rebooted, the NFS client will continue accessing the resource after the server is back up to normal. The only exception is that the client is unable to access the server for the period of time the server was down or unavailable. In this case 100, there is nothing that needs to be done on the NFS server. NFS Versions RHEL 5 comes with version 4 of NFS protocol (NFS v4), which is an /nfemet Engineenng Task Force (|ETF) standard protocol that provides enhanced security, scalability, encrypted transfers, better cross-platform interoperability, works better through firewalls and on the Internet, and is more efficient than NFS v3. NFS v4 maintains all other features and benefits of NFS v3 including support for TCP and files of sizes up to 128GB (64-bit), NFS v4 uses usernames and groupnames rather than UIDs and GIDs when sharing files. NFS v3 is still the default protocol for NFS in RHEL 5: however, NFS v4 can be used instead to take advantage of the benefits listed above.NFS Security NFS security is paramount in v4 to ensure that NFS operates securely in a WAN environment. In older versions, authentication was performed at the NFS client side. In contrast, an exchange of information takes place in v4 between the client and server for identification, authentication and authorization. Identification establishes identity of systems and users that will be accessing the shares, authentication confirms the identity and authorization controls what information systems and users will have access to. Exchange of information in transit between the client and server is encrypted to prevent eavesdropping and unauthorized access to private data NFS Daemons, Commands, Configuration Files and Scripts When working with NFS, several daemons, commands, configuration files and scripts are involved. The tables given below list and explain them Table 26-1 describes N=S daemons.Daemon _| Description "pormap | Servet- andl client-side daemon responsible for Forwarding incoming RPC requests o appropriate RPC dacmons. Access fo this daemon can be ‘controlled via TCP Weappers using /ere/hasts.allow and /ete/host deny files. See Chapter 30 “System and Network Security for detail, ‘pentnapd | Server- and client-side daemon that controls mappings of UIDs and GIDs ‘with their comesponding usernames and groupnames. Its configuration file ‘eto idmapd. con ‘pelockd | Server- and eliet-sde daemon that keeps an eye onthe NPS client that has requested a lock om files to make w cheatin the elien is up and running. If the Jpooted unexpectedly, this daemon removes all locks placed ex ___| the ites so that other NFS clients may use them. — ‘pemoutd | Server-side daemon that responds to client requests © mount a TeSoUe and provide stais of exported and mounted resources. Access to this ‘daemon can be controled via TCP Wrappers using /ot/hosts.allow and ‘etc/hosis. deny files, See Chapter 30 "System and Network Security” for | deraits ‘penfidl | Server-side daemon that responds o cient requests to access files perguoted | Server-side daemon tha rovides satisties om disk quota to clients ‘pestotd | Server= and client-side daemon that works with rpc fackd to provide eras and recovery serces, Table 26-1 NFS Daemons Table 26-2 describes N=S commands.al Deseription Srsrite camaid OF Gar Sues Ul wie Ape See jee eoned reece Had ade var nf a le so-wbice cis by couuing te narté nt ab Ale and Glass hice Sans lave dase rsuces une by coating te bard ne ratab Se Centar counand Hat anus erecuce panied u ke casa’ Law ‘acmnnab fle. aud see's sa ibgf Ymca le Wa he rpc mowed deauon. ako eps uote wsguces ed m te ce as le sscmind feo leeds a ah le lowed oy emcing scnipnding suny Soc ds lean sane’ Nard era le via ke Savers comand Ge dake Taher NiScew Gener a sapateed wih BPC a a ide GE Os SGT Nw PPC ET, Table 26-2 NFS Commands Table 26-3 describes N=S configuration and functional files.File Description etceaporte Server-side fle that contains a lit of resourses to he expand ‘Aaviisnfietab | Server-side fle that contains a list of exported resources whether ‘or not they are remotely mounted, This file is updated when & resource is exported or unexported, and is maintained by the | rpemountd daemon, warvibrapvirmiab | Server-side fle that contains a list oF expo have been mounted by clients. This file is updated when a sd resources, whi resource is remotely mounted or unmounted, and is maintained by the rpemountd daemon, ftcftad ‘Clientside file that contains alist of resources t be mounted at system reboots of manually with dhe mous? command. ftcintab ‘Client-side file that contains «list of mounted resources, The mount and namount commands update this file ftciysconfiginfs | Server- and client-side configuration file used by NFS startup scripts Table 26-3 NFS Configuration and Functional Files Table 26-4 describes N: startup and shutdown scripts. Scripts Description ‘forcing | Serverside script that warts Gun levels 3 ad up) a ops an levels 2 and below) the rend. spe.rguotad, rp: idmope and rpc monatd daemons. Sources the ote eysconfig fe ie foe |_soniguration information. ‘rove diinidinfsock | Server- and eliont-side script hat sta eon Tevels 3 and up) and stops (run levels 2 and below) the spelockd and rpeatatdl daemons Sources the cie/sseonfi nf file for configuration information, frorcdinitdipromap | Server: and eiut-side script that stats (run level 3 ancl yp) and stops (run levels 2 and below) the portmap dace, Table 26-4 NFS Startup and Shutdown ScriptsHow NFS Works? The following outlines the process of exporting and mounting a resource: ¥ The contents of /etc/exports file are evaluated for any syntax problems and access issues. ¥ Each resource listed in this file is exported and an entry is added to the /varllibinfs/etab file on the server. The showmount command looks into this fle to display exported resource information. ¥ The client issues the mountcommand on the NFS client to request the NFS serverto provide file handle for the requested resource. ¥ The request goes to the /e.mounte daemon on the NFS server through the portmap daemon that runs on both the server and the client ¥ The spc.mounte daemon consults TCP Wrappers and performs an access check to validate if the client is authorized to mount the resource. « ‘The pc.mounta daemon sends a file handle for the requested resource to the client, 4 The client mounts the resource if the correct mountcommand syntax is used. To automate the mount process, an entry for the resource can be added to the /etefstab fle, which ensures that the resource will get automatically mounted when the client reboots. ¥ The mountcommand tells the jac. mountd daemon on the NFS server that the resource has been mounted successfully. Upon receiving a confirmation, the daemon adds an entry to the /varfibyntsimtab file. The showmcuntcommand uses this file to display remotely mounted NFS resources. When the resource is unmcunted on the client, the umountcommand sends a request to the 7c. mountd daemon to remove the entry from this file Y The mountcommand also adds an entry to the /etc/mtab file for the mounted resource on the client. Themountand dfconmands reference this file to display information about mounted resources. The mount and umount commands update this fle whenever they are executed successfully. Y Any file access request by the client on the mounted resource is now going to be handled by the server's spc nfsddaemon. ¥ The mpe.lockdland spc. statd daemons are involved when the client requests the server to place a lock on afile. SELinux Requirements for NFS. IF SELinux is enforced, you need to disable its protection for NFS service to ensure smooth functionality. Use the setseboo! commard as demonstrated below, or the SELinux Configurator system-config-selinux as explained in Chapter 50 “System and Network Security’. Specify only those Booleans that need to be disabled, leave others intact. # setsebool -P nfs_export_all_ro=1 nfs_export_all_rw=1 nfsd_disable_trans=1\ use_nfs_home_dirs: Use the getseboo/command to verify: jtsebool nfs export_all_ro nfs_export_all_rw nfad_disabl fs expott_all 10 —> on is_export_al rw > oa fed dieabie trans > on sue_afs_honie_dizs —> oa fans use nfs_home dirsConfiguring NFS This section discusses procedures on configuring NFS server and client. Configuring an NFS Server Let us look at the stes-by-step procedure for configuring *hel02 as an NFS server and export several resources, Prior to seting up an NFS environment, ensure that UIDs and GIDs are consistent across all systems that will be conigured and used as NFS servers and clients. 1, Make sure that the following NFS software packages are installed: # xpm aa | grep ‘portmap|afs’ poctmsp-40-65.2.21 nfbuis1.0 9-33.25, syseanconfigofie 1.3 23-18 Drtne portmap package is not needed for NFS vs 2. Ensure NFS supports included in the kernel by running the /smod command: #lsmod | grep nfs fst 2asias 5 exports 38849 1 fed bei (90057 1 fed fs oel 6072s autlepegss —BIS89 IL nfsd sme 198025 8 nfd laced nfs acl aoth_mpeges3. Edit etc/exports ie and insert the following entries one per line. Create this file fit does not already exist. #4 fetclesports iurshare'man shelO3(casyne) rhsl04(o, sync) ‘ome * geutcerify-comew.syac) sargpt “(ewe ne root squash) lusrfocatbin *Grw.ync.no_r00t_squash) The first line entry will export /usr/share/man directory to shel03 and rhe/04 servers in read-only mode. The syne option instructs /vc.nsfe/to reply to client requests only after the changes have been committed. The second line entry will export /hometo all systems in the geticertif. com domain in read-write mode. The third and fourth line entries will exeort the specified directories in read-write mode 10 any server tha: will attempt to mount them. The no_root_squash option will allow the sootuser to be able to access the shares on the client, Refer to Table 26-5 for details on these and additional options, 4, Esl ete/sysconfig/nfs ile and define static ports for NFS daemons, otherwise the daemons will use random ports whch might become an issue with the firewall. If the firewall is going to be shut off permanently, skip this and the next three steps,#1 [etesyscomfigints # TOP pat rpciocka should listen oo. LockD_T¢PPORT-6001 UDP part spclockd should tien on LOCKD_UDPPORT-6001 Port spestatd shoud tisten on STATD_2ORT=$002 Port emountd should listen on MOUNTD_PORT=6003 = Pore sqoisé should listen en RQUOTAD_PORT=6004 5. Edit /ete/services le and define the ports applications or services. it. Ensure that the ports are not already in use by other 24 letoservices tok coovtep tock co0rudy state 0024p somed 003-9 quota 00sep 6. Configure TCP Wrappers files /etc/hosts.allowor /etc/hosts.deny appropriately for portmap and rpe.mountol access control. Consult Chapter 30 “System and Network Security’ for details. 7. Allow NFS traffic on ports 111 (portmapper}, 6001, 6002, 6003 and 6004 to pass through the firewall, or simply stop and disable the firewall if itis not used. Consult Chapter 30 “System and Network Security’ on how to perform these tasks. 8. Execute the following to make NFS processes autostart at system reboots: # chkconfig portmap on# chkconfig nfslock on # chkconfig nfs on 9. ‘Start (or restart) the portmap process, and check its status: # service portmap start Staring portnay 10K] # service portmap status porsnap (pid 4348) & running 10. Start NFS file locking service ifit is not already running, and check its status "1 # service afslock start Staring NFS stté: Tox) service nifslock status rpestatd (pid 5663) is runing. Start NES server processes if they are not already running, and check their status’ service nfs start Staring NFS services: Stating NFS. quotas: Staring NFS doemow Stating NFS mount: BARR service nfs status spemourid (pid 6715) is runing. fst (pid 6712 6711 6710 6709 6708 6707 6706 6705) is running.the processes are alieady running, simply execute the following: + exportts -avr exporting rhl03-usrshare'man exporting thell4ussharetman exporting * geitcetity.com/home exporting “JusrTocalbin exporting *varopt The ~avr options instruct the command to export all resources listed in the /ete/exportsfile, display details and update /varlibinfe/etab file. 12. Run the socinfo command to verify that all the daemons identified in Table 26-1 are running:# rpeinfo -p program vers proto patt 400003 2 tqp LIL portmspper 30000) 2 udp 111 pormapper ooo) 1 udp 61 status 0002! 1 tepid sams 2000EL 1 udp 6004 squotad 00011 2 dp 6004 rquotad 300003 2 udp 2019 fe 400003 3 ndp 2089 nfs 00003 4 dp 2019 ute 200021 1 udp 6001 alockmes 400021 3 udp 6001 niockmar 200021 4 udp 6001. stocker 00021 1 tep 6001 nloskmar oonet 3 rep 6001 ntockmer ooo2t 4 tep. 6001 camer 40000: 2 sep 2049 fe 300003 3 ep 2019 fs 400003 4 tep 2049 nfs 400005 1 udp. 6003. mountd 000051 tqp 6003. mound 0000; > udp 6003. enomed 100003 2 tep 6003. mounta 400005 3 ndp 6003. mound 100005 3 tep 6003. mountd Note that you can run the expartts command with -i option and specify a resource to be exported temporarily without adding an entry for it to the /efcvexports file. This way the resource will remain exported until itis either manually unexported or the server is rebooted. For example, to export /usn’share/man with the options mentioned above, run the exportts command as follows:# exports —o ro,sync ~i rhel03:/usr/share/man rhel04:/usr/share/man ‘Common options that can be used when exporting resource are described in Table 26-5, Ontion | Description * Represents all posible watcher Ine examples above,” means that any lent ean mount the experted resource and *gatitcor com (or gviter:com) means hat any client system on te geitetfy.com domain can moun the resource: You can specify one or more hostaames IP Addreet, deena mene or netwed adeesnes, 068 contin ee ila lsh a qh et war cates og we (eule-no all squash) | and oll squash doesn “enongid=GD Geta [Assigns the GID to anonymous groups snomiUID (du [Assigns the UID to anoeymous ters me [Expents only ifthe specified directory i ile sytem ‘_sguath ae _foee_ aqua | root equa prevents roo sers.on an NFS cle fmm (esauteroot sguast) ting roor access on amounted NFS nesurce by napping root taa special, unprileged wer called nfohods with UID 5534. 0, rot sequen lows rot acces, ris ecommnended to-me the defi fo prevent imavthorzed root acess om clients, Gatley [pete los ic modifications andi Gealonls) prevent dona i ‘Secure allows aese on ports ower than 1028 and issue Allows sess on ports beyond 1024 (efasi-secure) ‘seeus_locks imsseute_osks Gleasinno subtree heck) ‘335 auyme tate) | Changer ave writcn wo Unk hale Altra comanand complete ‘wdelay delays data Writes wo the rseurce and no wae (ites dat ght aay ‘wislay no welay ete)Table 26-5 exports Options Configuring an NFS Server Using NFS Configurator To configure an NFS sever using the Red Hat NFS Configurator, follow the steps below: 1. Execute system-config-nfsin an X terminal window or choose (GNOME) System / ( ‘System > NFS. The NFS Configurator screen will open up as shown in Figure 26-1. The Add loutton allows you to export a new resource and Server Settings (Figure 26-2) allows youto define any specific ports that you wish to use for NFS server daemons instead of the pre-defined ports. Goce ed Ele Help x Server Settings Help Directory Hosts Permissions Figure 26-1 NFS Configurator — Main Screen“Te operate with certain frewal setups te NFS ‘daemon processes need to use specific networking por. Leave these fields empty if you don't need to force specific ports to be used mpclocka (rer): [32764 rc locka (uory: [32764 pemeounta (TCP): [32766 roc stata (roP): [32765] [d¢cancet | [Pox Figure 26-2 NFS Configurator — NFS Server Settings 2. There are three tabs — Basic, General Options and User Access — on the main screen. The Basic tab is ‘where you input a resource name to be exported, hostname or IP address of the server, domain or network to be exported to (or an * for all hosts) and permissions. The General Options and User Access tabs allow you to modify some of he options listed in Table 26-5. In the Basic tab specify a resource name such as /usi/share/manto be exported to he/03 and rhe/04. Leave options in the other two tabs to their defaut values, Click OK when done. The system uses the exports command with =r option to export the resource. See Figure 26-3.EET Tae Basic | General Options Directory: [/usr/share/mar| Host(s): _[rhel03 rheiog Basic Permissions. © Read-only © Read / Write | ¥€ cancel ox Figure 26-3 NFS Configurator — Add NFS Share Configuring an NFS Client Here is the procedure tc configure an NFS client successfully: 1, Execute the following on the NFS server to determine available exported resources:# showmount —€ Expat fst for rhel02: wasopt iusrtocatbin > faome * gesteerty.com tsrshace'man the03 rhlO4 Alternatively, use the exports command or a caton the /varfibinfs/etab fle: # exportis vursaceman theo vwrshace man thet ‘ome * getcertfy.com vsrlocalbin wavept world (usrshareiman thel03(c,syne.wdeay: hide mocrossmay,secureoot_squash,n0_all squash, no_subtree_check,secure_locks acl, mapping-identity anonuid=65554,anongid=65534) iurshare'man theDd(ta sync wea, hide nocrossmimt secureroot_squash.ne_all squash, no_subee_check, secure_1ovks ac, mapping=idenityanonuid=65534,anongid=05534) fase“ geitcerty.comcw syne, wdelay-bide,nocroezainteecurecoot_squash.no_all_ squash no_subuee_check, secure_1ocks ac, mapping=identityanomuid=65534 anongid=63534) fuirlocalbin “(swavas.rdelay,bide nccressmnt.secur,no root squash zo_all_aquash, no_subtice_check,secure_locks ac mapping identity anonui~65534,anongié~65534) ‘aiopt_*eu.syne,wéelay.hide,noctossmant.secute.ao_soot_squash.no_all_squash, sno_aubuse_check,secure_locks.acl, mapping identity anonuid=65534,anongid-65534) 2. Execute the following on the client to determine available resources from the server /he/02:# showmount ~e rhel02 Expat fst for rhel02: ‘arent iusrtocatbin > faome * gestertty.com lusrshare man thel03 shel04 3. Execute the following on the client to make portmap and NFS file locking daemons autostart at system reboots: # chkconfig portmap on # chkconfig nfslock on 4, Start (or restart) the portmap and NFS file locking processes on the client: # service portmap start Staring portap: fox] # service afslock start Staring NFS stté: Lox) 5. Edit /etc/fstab and add the following entries for the resources. This is done to ensure the NFS resources get automatically mounted when this client is rebooted. rel02usrshare/men uidiareiman nfs rome oo rel02"home — nk regme oo rel02 sae opt ‘eaopt mb rwisme oo ‘ie /usylocaltia —srlocalbin ru. grme oo6. Create required mount points with the mkaircommand if they do not already exist. 7. Execute the mourtcommand with ‘at nfs" options to mount all the remote resources: # mount —at nfs. Alternatively, you can manually mount the resources in one of three ways. Repeat the first command below for each resource and specify correct options with -o switch, run the second command that will obtain additional required information from the /etc‘istab file or execute the third command that will mount all configu’ed NFS resources as listed in the etc/fstab file: # mount + af mount /nsr’s rosyne rhel02:/usr/share/man /usr/share/mam cman service netfs start outing other flesystems [ox } a mount point should be empty when an atemptis made to mount a resource on it, ctervive, the contents of the mount point will hide. As well, the mount point must not be in use or the mount atterrpt will fal ‘Common options that can be used when mounting a resource are described in Table 26-6.ion (tranne) | fe be etouls) Td (Geta) Getsinsinn) —_| vere ‘etn (etl) “yen eae? | “pine deal dealer) (Geta) ria) ‘ise (ta) Description ‘Changs ate wt tr OR wT DoF SERN SOME ee ston to fou secesly ropert propery Ha foreground ‘sous fan fo wey” mame che vero (Refer neds ort itera h optin sloo ed Wah og Gakgron mown anes a ied and reed for “ey™ smmcr mie backend out mpeg th ye ct roots or hanging the ia. ‘Width oon the shut es andseties www Seu sa either ceed einer ae” oon sno Iikeserer gor down, proses tained oats ae wl server somes bck up Use "sf to aon hs sitnden, Wit hs oon ifs bent tempo mous 2 our ove” tes unacensfuls on eor mea ep layed Une“ Gert) yo mat tb eC aly rye roqcst Use “ie” er the opps MPS verse ed “This wey ty cin ae areca oes AT the fice tao ines oat the equ doco mat seed Sar ppetenens 6 eK tea Sear cre eee soda td ant comin ty, eth ron 2 mines ith fal 10600 mies ik ‘Space ac toner arson ree fi, “nent aes cn entropion th man ei wine we moat emp mt ai is any ees Sis ofeach ead eae eon cle te. Soe (rete) alos le mocicatom an 1 en cab) | preven ding ei ecb er cea we chece oe roam lated onthe NFS mourn revere Wit he ae [legesethe omer othe program ns on Ifthe program as ‘or eeenp ened ih ot pigeon fvbounest “nos pevets wes em ing ad progr ogc a ogee ines ot th al ube onthe ‘ca ated apn fo ean” ten When ae of “evan amps fe mae 6” cmt hp a ro teenage het gtntsentees ey, ‘Sls of ac we eit fom cleo serverTable 26-6 mount Command Options for NFS Managing NFS. Managing NFS involves exporting, mounting, viewing, unmounting and unexporting resources. Some of these tasks have been covered in the previous section; others are discussed below. Viewing Exported and Mounted Resources To verify the functionalty of both the server and the client, cd’ into a resource mount point and run the if command. If both commands run successfully, it means the resource is exported and mounted, and that there are no issues. Several commands such as showmount, exports, dfand mountare available that allow you to view what resources are exported by the server, available to a particular client for mounting and mounted on a client, Let us look at some examples. To view exported resources, execute any of the following on the NFS server: # exports # showmount—2 # cat varfibinfs/etab To view what resources are currently mounted by which NFS client, execute any of the following on the NFS server:* show mount ~a ‘All mount oints on shel02: thes0 3" use share man ‘tlO4 use hare aan sie0ltome ‘lO aerial bin shelO1 var pt eat Warrlib/afsirmtab To view mounted resources, execute any of the following on the NFS client: mount -+ | grep nfs 24f-t nfs ile geen iKblocks Used Available Unt Mouted on hel" use share'man 1257472 ‘05500 403s? ‘useshare/aan steiO2" home 20400 a2 172968 export acme te22usrlocal bin 3006164 1665784 1530360 wustocal bn ‘teller 9p i7es856 naisr2 530752 secon Scat /etinitab | grep nfs Unmounting a Resource Follow the steps below fo unmount a remote resource on an NFS client: 1, Make certain no users are accessing the resource (/usr/share/man for example). Ifa non-critical process is using the resource or a user is sitting in it, ist their PIDs and usernames using the fusercommand with -¥ option # fuser -on /asrshareiman turshaceiman: — 67972(e00%)2. Kill any processes using the resource or wait until the processes are terminated. To kill all processes holding up the resource, use -k option with the fusercommand: 2 fuser -ck /asrishare/man fusrsbereuan: 67972 3. Run the following fo unmount the resource: # umount /usr/share/man 4. Ecit /ete/fstab and remove the associated entry if you wish to delete it for good, Unexporting a Resource After ensuring with the showmount command that the resource to be unexported is not mounted by any clients, do the following on the NFS server to unexportit # exportfs -u /ust/share/man Prryou unexport amounted resource, the nexttime a user on that cient requests access to the resource, NFS will return “NFS stale file handle" error message. To unexport all resources listed in /variibinfs/etab file, use the exportfs command with ~au options:# exportfs -au Monitoring NFS Activities Monitoring NFS activities typically involves capturing and displaying NFS statistics between a client and server. A tool called fsstat may be used for this purpose. This command supports options such as -c, -s and —1to capture client, servar and RPC activities, respectively. With -m option, it displays all activities on mounted resources Here is a sample output of this command when run without any options: Safest Serve rp at calle adele badauth badeint acral moo) 0 sever nf 13 ull geaty stiaty lookup access renin W204 373% 00% 21% 45% 0% fea wite erate mkdir yin mii 00% 00% 00% 00% 00% 0 0% remove mide remamue == ink reatGir_—readcnplur om co% oO 00% 00% 10% Understanding AutoFS In previous sections, you learned about NFS and how to mount an NFS exported resource on a client. This isthe standard mount method. In this section, you are going to look at the AutoFS (Auto File System) service that offers another method of mounting a resource AUtOFS is the NFS client-side service, which automatically mounts an NFS resource on an as-needed basis. When an activity occurs in the mount point with a command such as /s or co, the associated NFS resource gets mounted. When the resource is no longer accessed for a pre-defined period of time, it automatically gets unmounted. Features and Benefits There are several features and benefits associated with the AutoFS mount method as compared to the standard NFS mount method, and are described below: Y — AutoFS requires that NFS resources be defined in text configuration files called maps, which are ‘typically located n the /ete directory. These maps may be managed centrally via NIS or LDAP. In contrast, the standard NFS mount information is defined in the /ate/tstab file for each NFS resource that needs to be mounted automatically at system reboots. Additionally, the /eferfstab fle must be maintained separately on each NFS client system. Y — AutoFS does not require root privileges to mount available NFS resources. In comparison, with the standard NF'S mount method, only roofcan mount them, Y With AutoFS, the \FS client boot process never hangs if the NFS server is down or inaccessible. With the standard NFS mount, when a client system boots up and an NFS server listed in the /efofstabfile is unavailable, the client may hang until either the mount request times out or the NFS server becomes available.Y With AutoFS, 2 resource is unmounted automatically fits not accessed for ten minutes by default. With the standard NFS mount method, a resource stays mounted unt itis manually unmounted or the client system shuts down. Y AutoFS supports wildcard characters and environment variables, whereas, the standard NFS mount method does not Y~— Aspeciai map is available with AutoFS that mounts all available NFS resources from a reachable NFS server when a user requests access to a resource on that server without explicitly defining each one of them. The standard mount method does not have any such features available. How AutoFS Works? AutoF'S service consists of a daemon called automount that mounts configured resources automatically when accessed. This daemon is invoked at system boot up. It reads the AutoFS master map and creates initial mount point entries in the /etc/mtab file; however, the resources are not actually mounted at this time. When a user activity occurs under one of the initial mount points, the daemon contacts the /pe.mountd daemon on the NFS server and actually mounts the requested resource. If the resource remains idle for a certain time period, automountunmounts it ky itself. AutoFS uses RPC and i's daemon is stateless and multi-threaded, AutoFS Configuration File ‘The default configuration fle for AutoFS is /ete/sysconfig/autofs. This file is consulted when the AutoFS service is started or restarted. An excerpt from this fle is shown below:# cat (etc'sysconfig/autofs MASTER MAP_NAME="auto.master! ‘TIMEOUT-s00 NEGATIVE TIMEOUT-60 BROWSE_MODE="yes ‘ADPEND_CPTIONS="yes" LOGGING="none ‘cPTONs—* Several variables can be set in the file to modify the default behavior. Some of them are shown above and described in Table 26-7. Option Description MASTER MAP_NAME_ | Defines he master map name wo be wed, Delius TIMEOUT NEGATIVE TIMEOUT | Specifies, in scconds, a timeout value for BROWSE MODE ‘APPEND_OPTIONS, LOGGING ‘OPTIONS, pe afer which iis 600. led mount ‘Specifies, in seconds, the maximum ile a resoutce is automatically unmounted, De attempts, Default is 60, Defines if maps are 1 be made browseable or otherwise fines additional options to OPTIONS. Specifics a logging level. By default, tis turned off debs Other options are verbose a | Defines any global options Table 26-7 AutoFS Options Managing AutoFS Start and Stop ‘The automountdaemon can be started, restarted, reloaded and stopped manually. It can also be configured toautostart at specific run levels. To start AutoFS service service antofs start Stating astmount oK y To restart AutoFS service: 2 service sutofs restart Stopping aomount: Stating autrount aR To force AutoFS to re-read its configuration: service sutofs reload Reloading cps To stop AutoFS: # service autofs stop Stopping sznenount: [OK y To enable AutoFS to auiostart at each system reboot: # chkconfig autofs on To check the status of AutoFS:* service sutofs status ‘tomoust (pid 9050) is runing. The AutoFS Maps As you know, AutoFS mounts NFS resources on-demand only. For this, it needs to know the resources to be mounted, source NFS server names and any mount options to be used. All this information is defined in AutoF'S map files, There are four types of AutoFS maps: master, special, direct and indirect. The following sub-sections examine each one of them. Defining the Master Map The /ete/auto.master file is the default master map, which contains special, direct and indirect map information, and is defined in the /ete/sysconfig/autofs file with the MASTER MAP NAME directive. A sample /etc/auto.masteriile is shown below that displays how the three map entries look like: cat etc‘anto.master et — z stodirect, The first entry is for @ szecial map directing AutoFS to use ~hosts special map whenever a user attempts to access anything under “etThe second entry is for a direct map telling AutoFS to look for information in /etc/auto.cirectfile. The last entry is for an irdirect map notifying AutoFS to refer te the /ete/auto.misc file for further information. The umbrella mount point /nisc will precede all mount point entries listed in the /efc/auto.miscille. Defining the Special Map ‘The ~hosts special map allows all resources exported by all accessible NFS servers to get mounted under the inet directory without explicitly mounting each one of them. The /etc/auto.net file is executed to obtain a list of accessible servers anc available exported resources. Accessing inet! will cause AuloFS to automatically mount all resources available to the client from that NFS server. By default, an entry ‘inet -hosts” exists in the /etcfauto.master file for this type of map, and is enabled. Do an /!on /net to see wtich NFS servers are accessible: #M inet deseoxrn 2 root root 0 Jan 28.1035 rhel02 The output indicates that NFS server shel0Zis accessible and have resources available for mounting. ca/into Mnetivel02 for further information. The -hosts map is not recommended in an environment where there are many NFS servers exporting many resources as AutoFS mounts all available resources whether they are needed or not. Defining a Direct Map A.direct map is used to mount resources automatically on any number of unrelated mount points. Some keypoints to note when working with direct maps are: SARK Direct mounted resources are always visible to users, Local and direct mounted resources can co-exist under one parent directory. Each direct map entry adds an entry to the /etc/mtab file. Accessing a directory containing many direct mount points mounts all resources. Let us use a direct map on a client to mount the four resources from NFS server shel02, 1. Edit etc/auto.masterand add the following if it does not already exist: /etciaute.direct Each direct map entry consists of three fields: the first field is always /-, which identifies the entry as a direct map entry, the second field is optional and specifies any mount options (not shown) and the third field points to the direct map file where actual NFS server resource and mount point information is located, 2. Create /ete/auto.cirectfile with the following entries: srshere/man “rane ‘asm arwesyac ‘acopt aawesjne iss focat ban -awesyne shel02 use share man e2nome thel02 va opt thel02 ast tocabin 3. Execute the following to force automountdaemon to reload maps:4, # service autofs reload Execute the //command on each resource and then the mountcommand to verify that the resources are mounted and available for use. 211 erlocal/bin /usr/share/man ‘var/opt ‘home mount -¥ | grep nfs ‘hel02usrtocal bin on ‘usrloca’bin type nfs (w,sync.addér=192.168.0 202) el02_us/share'man on /us/share/man type nf (0sync.2dds=192,108.0.202) shelO2- ear opt on ‘ear type nfs (syns adér~192 168.0 202) lO2tome on ‘home type als (rw.syac addr=102.168.0.2 Defining an Indirect Map An poi v v v v indirect map is used to automatically mount resources under one common parent directory. Some key ints to note when working with indirect maps are Indirect mounted resources only become visible after being accessed. Local and indirect mounted resources cannot co-exist under the same parent directory. Each indirect map puts only one entry in the /ete/mtabiile. Accessing a directory containing many indirect mount points shows only the resources that are already mounted. Let us use an indirect map to mount /usi/share/man and /vat/optresources from NFS server rhel02 j Edit /etc/auto.masterand ensure that the following defaul indirect map entry is defined:2. Ecit /etc/aute. miscfile and add the following two entries to it. Each entry in this map has three fields: the first field identifies the relative pathname of a mount point directory, the second field is optional and specifies any mount options to be used and the third field identifies a resource to be mounted on the ‘mount point identfied in the first field. man soon saeo2/ use bare! ont ~rw.syne selva opt ban creme ‘el02 use local 3. Execute the following to force automountdaemon to reload maps: # service autofs reload 4, AutoFS creates man, optand bin mount point sub-directories under /mise.as soon as itis forced to re-read and reload maps. Execute the //command on each mount point and then run the mount command to verity that the resources are mounted and available for use: 211 imise/man /misclopt /misebin mount -y | grep rhel02 selO2ust/share'man on misc'man type als (cosyuc.addr=192. 168.0202) ‘helO2- ear opt on lnisoopr espe nfs (syne adér~192.188.0 202) thel02/usclocal on ‘misobin type ns (ew-sync.addr~192.168.0.202), There are several othe’ entries pre-defined in the /efc/auto.misc file for automounting CD, floppy and other removable media. Except for CD, which is configured to be automounted on /misc/ed mount point,automounting other media is disabled by default. You need to uncomment the line entries for the media that you wish to be using and then force aufomountto reload the maps. An excerpt from the fils is shown below: cat ete‘auto.mise a feypeniso0660ronosuidnodey éov/sdrom the fllow-ag entries ae samples to pique your imagination sim xo0finte fp.exampleorg.pub linux faspene? ‘hd faypenaute (ae £00 feypenene? ‘Sev £80 aypenext2 devi 820 fexpenext? dev ade Ssyperent? ‘devhdd Mounting User Home Directories AutoFS allows using two special characters in indirect maps. These special characters are & and", and are used to replace references to NFS servers and mount points. For example, with user home directories located under /tome and exported by more than one servers, the automountdaemon will zontact all available and reachable NFS servers concurrently when a user attempts to log in on an NFS client system. The daemon will mount only that user's home directory rather than the entire ‘home, The indirect mag entry for this type of substitution wil look like: crescftiax — Shome’& With this simple entry in place, there is no need to update any AutoFS configuration if NFS servers with -home exported are added or removed. Similarly, if user home directories are added or deleted, there will be noimpact on AutoFS. The above entry can be placed in a separate map file such as /ete/auto.home, in which case you will need to reflect the map name inthe auto.masterfile as follows. The timeout value determines a period of inactivity in seconds for the resource to get unmounted automatically. If this value is not set, the default of 600 seconds takes effect as defined in the /ete/sysconfigvautofs file. pone ——eteauto.home ——tntout~180 Reload the autofs maps after the changes have been completed. Summary This chapter introduced you to one of the most common system administration tasks, the Network File System. You learned and understood concepts, benefits, versions, security, daemons, commands, related files and startup sctists pertaining to Network File System. You studied how NFS server and client interact with each other, and looked at procedures for configuring them. You used commands that displayed exported and mounted NFS resources, unmounted and unexported resources, and captured and displayed NFS activity data You looked at Auto File System. You leamed concepts, features and benefits associated with it, You were presented with information that helped you understand how it worked. You looked at associated daemon, command and configuration file You studied four types of AutoFS maps, their relationship and how to set them up. You looked at related advantages and disadvantages, and how only needed user home directories could be mounted from an available NFS server.