Installing and Configuring Sun Cluster HA for NFS

This chapter describes the steps to install and configure Sun Cluster HA for Network File System (NFS) on your Sun Cluster nodes.

This chapter contains the following sections.

• Overview of the Installation and Configuration Process for Sun Cluster HA for NFS

• Planning the Sun Cluster HA for NFS Installation and Configuration

• Installing Sun Cluster HA for NFS Packages

• Registering and Configuring Sun Cluster HA for NFS

• Securing Sun Cluster HA for NFS With Kerberos V5

• Tuning the Sun Cluster HA for NFS Fault Monitor

• Upgrading the SUNW.nfs Resource Type

You must configure Sun Cluster HA for NFS as a failover data service. See Chapter 1, Planning for Sun Cluster Data Services, in Sun Cluster Data Services Planning and Administration Guide for Solaris OS and the Sun Cluster Concepts Guide for Solaris OS document for general information about data services, resource groups, resources, and other related topics.

You can use SunPlex^TM Manager to install and configure this data service. See the SunPlex Manager online help for details.

Use the worksheets in Configuration Worksheets in Sun Cluster Data Services Planning and Administration Guide for Solaris OS to plan your resources and resource groups before you install and configure Sun Cluster HA for NFS.

The NFS mount points that are placed under the control of the data service must be the same on all of the nodes that can master the disk device group that contains those file systems.

Sun Cluster HA for NFS requires that all NFS client mounts be “hard” mounts.

No Sun Cluster node may be an NFS client of a file system that is exported by Sun Cluster HA for NFS and is being mastered on a node in the same cluster. Such cross-mounting of Sun Cluster HA for NFS is prohibited. Use the cluster file system to share files among cluster nodes.

Starting with Solaris 9, if Solaris Resource Manager is used to manage system resources allocated to NFS on a cluster, all Sun Cluster HA for NFS resources which can fail over to a common cluster node must have the same Solaris Resource Manager project ID. This project ID is set with the Resource_project_name resource property.

If you use VERITAS Volume Manager (available for use in SPARC based clusters only), you can avoid “stale file handle” errors on the client during NFS failover. Ensure that the vxio driver has identical pseudo-device major numbers on all of the cluster nodes. You can find this number in the /etc/name_to_major file after you complete the installation.

Overview of the Installation and Configuration Process for Sun Cluster HA for NFS

The following table lists the sections that describe the installation and configuration tasks.

Planning the Sun Cluster HA for NFS Installation and Configuration

This section contains the information that you need to plan the installation and configuration of your Sun Cluster HA for NFS.

Service Management Facility Restrictions

Starting with Solaris 10, the following Service Management Facility (SMF) services are related to NFS.

• /network/nfs/cbd

• /network/nfs/mapid

• /network/nfs/server

• /network/nfs/rquota

• /network/nfs/client

• /network/nfs/status

• /network/nfs/nlockmgr

The Sun Cluster HA for NFS data service sets the property application/auto_enable to FALSE and the property startd/duration to transient for three of these services.

• /network/nfs/server

• /network/nfs/status

• /network/nfs/nlockmgr

These property settings have the following consequences for these services.

• When services that depend on these services are enabled, these services are not automatically enabled.

• In the event of any failure, SMF does not restart the daemons that are associated with these services.

• In the event of any failure, SMF does not restart these services.

Loopback File System Restrictions

Do not use the loopback file system (LOFS) if both conditions in the following list are met:

• Sun Cluster HA for NFS is configured on a highly available local file system.

• The automountd daemon is running.

If both of these conditions are met, LOFS must be disabled to avoid switchover problems or other failures. If only one of these conditions is met, it is safe to enable LOFS.

If you require both LOFS and the automountd daemon to be enabled, exclude from the automounter map all files that are part of the highly available local file system that is exported by Sun Cluster HA for NFS.

Installing Sun Cluster HA for NFS Packages

If you did not install the Sun Cluster HA for NFS packages during your initial Sun Cluster installation, perform this procedure to install the packages. Perform this procedure on each cluster node where you are installing the Sun Cluster HA for NFS packages. To complete this procedure, you need the Sun Cluster Agents CD.

If you are installing more than one data service simultaneously, perform the procedure in Installing the Software in Sun Cluster Software Installation Guide for Solaris OS.

Install the Sun Cluster HA for NFS packages by using one of the following installation tools:

• The Web Start program

• The scinstall utility

If you are using Solaris 10, install these packages only in the global zone. To ensure that these packages are not propagated to any local zones that are created after you install the packages, use the scinstall utility to install these packages. Do not use the Web Start program.

How to Install Sun Cluster HA for NFS Packages Using the Web Start Program

You can run the Web Start program with a command-line interface (CLI) or with a graphical user interface (GUI). The content and sequence of instructions in the CLI and the GUI are similar. For more information about the Web Start program, see the installer(1M) man page.

Steps

1. On the cluster node where you are installing the Sun Cluster HA for NFS packages, become superuser.

2. (Optional) If you intend to run the Web Start program with a GUI, ensure that your DISPLAY environment variable is set.

3. Insert the Sun Cluster Agents CD into the CD-ROM drive.

   If the Volume Management daemon vold(1M) is running and configured to manage CD-ROM devices, it automatically mounts the CD-ROM on the /cdrom/cdrom0 directory.

4. Change to the Sun Cluster HA for NFS component directory of the CD-ROM.

   The Web Start program for the Sun Cluster HA for NFS data service resides in this directory.

   # cd /cdrom/cdrom0/components/SunCluster_HA_NFS_3.1

5. Start the Web Start program.

   # ./installer

6. When you are prompted, select the type of installation.

   • To install only the C locale, select Typical.

   • To install other locales, select Custom.

7. Follow the instructions on the screen to install the Sun Cluster HA for NFS packages on the node.

   After the installation is finished, the Web Start program provides an installation summary. This summary enables you to view logs that the Web Start program created during the installation. These logs are located in the /var/sadm/install/logs directory.

8. Exit the Web Start program.

9. Remove the Sun Cluster Agents CD from the CD-ROM drive.

   1. To ensure that the CD-ROM is not being used, change to a directory that does not reside on the CD-ROM.

   2. Eject the CD-ROM.

      # eject cdrom

Next Steps

Go to Registering and Configuring Sun Cluster HA for NFS.

How to Install Sun Cluster HA for NFS Packages Using the scinstall Utility

Perform this procedure on all of the cluster members that can master Sun Cluster HA for NFS.

Before You Begin

Ensure that you have the Sun Cluster Agents CD.

Steps

1. Load the Sun Cluster Agents CD into the CD-ROM drive.

2. Run the scinstall utility with no options.

   This step starts the scinstall utility in interactive mode.

3. Select the menu option, Add Support for New Data Service to This Cluster Node.

   The scinstall utility prompts you for additional information.

4. Provide the path to the Sun Cluster Agents CD.

   The utility refers to the CD as the “data services cd.”

5. Specify the data service to install.

   The scinstall utility lists the data service that you selected and asks you to confirm your choice.

6. Exit the scinstall utility.

7. Unload the CD from the drive.

Next Steps

Go to Registering and Configuring Sun Cluster HA for NFS.

Registering and Configuring Sun Cluster HA for NFS

This procedure describes how to use the scrgadm(1M) command to register and configure Sun Cluster HA for NFS.

Other options also enable you to register and configure the data service. See Tools for Data Service Resource Administration in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for details about these options.

Before you register and configure Sun Cluster HA for NFS, run the following command to verify that the Sun Cluster HA for NFS package, SUNWscnfs, is installed on the cluster.

# pkginfo -l SUNWscnfs

If the package has not been installed, see Installing Sun Cluster HA for NFS Packages for instructions on how to install the package.

Setting Sun Cluster HA for NFS Extension Properties

The sections that follow contain instructions for registering and configuring resources. For information about the Sun Cluster HA for NFS extension properties, see Appendix A, Sun Cluster HA for NFS Extension Properties. The Tunable entry indicates when you can update a property.

To set an extension property of a resource, include the following option in the scrgadm(1M) command that creates or modifies the resource:

-x property=value 

-x property

Identifies the extension property that you are setting

value

Specifies the value to which you are setting the extension property

You can also use the procedures in Chapter 2, Administering Data Service Resources, in Sun Cluster Data Services Planning and Administration Guide for Solaris OS to configure resources after the resources are created.

How to Register and Configure Sun Cluster HA for NFS

Steps

1. Become superuser on a cluster member.

2. Verify that all of the cluster nodes are online.

   # scstat -n

3. Create the Pathprefix directory.

   Create a Pathprefix directory on the HA file system (global file system or failover file system). Sun Cluster HA for NFS resources will use this directory to maintain administrative information.

   You can specify any directory for this purpose. However, you must manually create a Pathprefix directory for each resource group that you create.

   # mkdir -p Pathprefix-directory

4. Create a failover resource group to contain the NFS resources.

   # scrgadm -a -g resource-group -y Pathprefix=Pathprefix-directory [-h nodelist]

   -a

   Specifies that you are adding a new configuration.

   -g resource-group

   Specifies the failover resource group.

   -y Pathprefix=Pathprefix-directory

   Specifies a directory that resources in this resource group will use to maintain administrative information. This is the directory that you created in Step 3.

   [-h nodelist]

   Specifies an optional, comma-separated list of physical node names or IDs that identify potential masters. The order here determines the order in which the Resource Group Manager (RGM) considers primary nodes during failover.

5. Verify that you have added all of your logical hostname resources to the name service database.

   To avoid any failures because of name service lookups, verify that all IP addresses to hostname mappings that are used by Sun Cluster HA for NFS are present in the server's and client's /etc/inet/hosts file. This requirement also applies to any IPMP test IP addresses of logical host names that are used by Sun Cluster HA for NFS.

6. Configure name service mapping in the /etc/nsswitch.conf file on the cluster nodes to first check the local files before trying to access NIS or NIS+ for rpc lookups.

   This configuration prevents timing-related errors for rpc lookups during periods of public network or name service unavailability.

7. Modify the hosts entry in /etc/nsswitch.conf so that upon resolving a name locally the host does not first contact NIS/DNS, but instead immediately returns a successful status.

   This modification enables HA-NFS to fail over correctly in the presence of public network failures.

   # hosts: cluster files [SUCCESS=return] nis # rpc: files nis

8. (Optional) Customize the nfsd or lockd startup options.

   1. To customize nfsd options, on each cluster node open the /etc/init.d/nfs.server file, find the command line starting with /usr/lib/nfs/nfsd, and add any additional arguments desired.

   2. To customize lockd startup options, on each cluster node open the /etc/init.d/nfs.client file, find the command line starting with/usr/lib/nfs/lockd, and add any command line arguments desired.

      Starting with Solaris 9, you can set the lockd grace period with the LOCKD_GRACE_PERIOD parameter in the /etc/default/nfs file. However, if the grace period is set in a command line argument in the /etc/init.d/nfs.client file, this will override the value set in LOCKD_GRACE_PERIOD.

   ---

   Note –

   The command lines must remain limited to a single line. Breaking the command line into multiple lines is not supported. The additional arguments must be valid options documented in man pages nfsd(1M) and lockd(1M).

   ---

9. Add the desired logical hostname resources into the failover resource group.

   You must set up a logical hostname resource with this step. The logical hostname that you use with Sun Cluster HA for NFS cannot be a SharedAddress resource type.

   # scrgadm -a -L -g resource-group -l logical-hostname, … [-n netiflist]

   -a

   Specifies that you are adding a new configuration.

   -L -g resource-group

   Specifies the resource group that is to hold the logical hostname resources.

   -l logical-hostname, …

   Specifies the logical hostname resource to be added.

   -n netiflist

   Specifies an optional, comma-separated list that identifies the IP Networking Multipathing groups that are on each node. Each element in netiflist must be in the form of netif@node. netif can be given as an IP Networking Multipathing group name, such as sc_ipmp0. The node can be identified by the node name or node ID, such as sc_ipmp0@1 or sc_ipmp@phys-schost-1.

   ---

   Note –

   Sun Cluster does not currently support using the adapter name for netif.

   ---

10. From any cluster node, create the SUNW.nfs subdirectory.

    Create a subdirectory called SUNW.nfs below the directory that the Pathprefix property identifies in Step 4.

    # mkdir Pathprefix-directory/SUNW.nfs

11. Create a dfstab.resource file in the SUNW.nfs directory that you created in Step 10, and set up share options.

    1. Create the Pathprefix/SUNW.nfs/dfstab.resource file.

       This file contains a set of share commands with the shared path names. The shared paths should be subdirectories on a cluster file system.

       ---

       Note –

       Choose a resource name suffix to identify the NFS resource that you plan to create (in Step 13). A good resource name refers to the task that this resource is expected to perform. For example, a name such as user-nfs-home is a good candidate for an NFS resource that shares user home directories.

       ---

    2. Set up the share options for each path that you have created to be shared.

       The format of this file is exactly the same as the format that is used in the /etc/dfs/dfstab file.

       # share -F nfs [-o specific_options] [-d “description”] pathname

       -F nfs

       Identifies the file system type as nfs.

       -o specific_options

       Grants read-write access to all of the clients. See the share(1M) man page for a list of options. Set the rw option for Sun Cluster.

       -d description

       Describes the file system to add.

       pathname

       Identifies the file system to share.

    When you set up your share options, consider the following points.

    • When constructing share options, do not use the root option, and do not mix the ro and rw options.

    • Do not grant access to the hostnames on the cluster interconnect.

      Grant read and write access to all of the cluster nodes and logical hosts to enable the Sun Cluster HA for NFS monitoring to do a thorough job. However, you can restrict write access to the file system or make the file system entirely read-only. If you do so, Sun Cluster HA for NFS fault monitoring can still perform monitoring without having write access.

    • If you specify a client list in the share command, include all of the physical hostnames and logical hostnames that are associated with the cluster, as well as the hostnames for all of the clients on all of the public networks to which the cluster is connected.

    • If you use net groups in the share command (rather than names of individual hosts), add all of those cluster hostnames to the appropriate net group.

    The share -o rw command grants write access to all of the clients, including the hostnames that the Sun Cluster software uses. This command enables Sun Cluster HA for NFS fault monitoring to operate most efficiently. See the following man pages for details.

    • dfstab(4)

    • share(1M)

    • share_nfs(1M)

12. Register the NFS resource type.

    # scrgadm -a -t resource-type

    -a -t resource-type

    Adds the specified resource type. For Sun Cluster HA for NFS, the resource type is SUNW.nfs.

13. Create the NFS resource in the failover resource group.

    # scrgadm -a -j resource -g resource-group -t resource-type

    -a

    Specifies that you are adding a configuration.

    -j resource

    Specifies the name of the resource to add, which you defined in Step 11. This name can be your choice but must be unique within the cluster.

    -g resource-group

    Specifies the name of a previously created resource group to which this resource is to be added.

    -t resource-type

    Specifies the name of the resource type to which this resource belongs. This name must be the name of a registered resource type.

14. Run the scswitch(1M) command to perform the following tasks.

    • Enable the resource and the resource fault monitor.

    • Manage the resource group.

    • Switch the resource group into the ONLINE state.

    # scswitch -Z -g resource-group

Example 1 Setting Up and Configuring Sun Cluster HA for NFS

The following example shows how to set up and configure Sun Cluster HA for NFS.

1. To create a logical host resource group and specify the path to the administrative files used by NFS (Pathprefix), the following command is run.

   # scrgadm -a -g resource-group-1 -y Pathprefix=/global/nfs

2. To add logical hostname resources into the logical host resource group, the following command is run.

   # scrgadm -a -L -g resource-group-1 -l schost-1

3. To make the directory structure contain the Sun Cluster HA for NFS configuration files, the following command is run.

   # mkdir -p /global/nfs/SUNW.nfs

4. To create the dfstab.resource file under the nfs/SUNW.nfs directory and set share options, the following command is run.

   # share -F nfs -o rw=engineering -d “home dirs” nfs/SUNW.nfs

5. To register the NFS resource type, the following command is run.

   # scrgadm -a -t SUNW.nfs

6. To create the NFS resource in the resource group, the following command is run.

   # scrgadm -a -j r-nfs -g resource-group-1 -t SUNW.nfs

7. To enable the resources and their monitors, manage the resource group, and switch the resource group into online state, the following command is run.

   # scswitch -Z -g resource-group-1

How to Change Share Options on an NFS File System

If you use the rw, rw=, ro, or ro= options to the share -o command, NFS fault monitoring works best if you grant access to all of the physical hosts or netgroups that are associated with all of the Sun Cluster servers.

If you use netgroups in the share(1M) command, add all of the Sun Cluster hostnames to the appropriate netgroup. Ideally, grant both read access and write access to all of the Sun Cluster hostnames to enable the NFS fault probes to do a complete job.

Before you change share options, read the share_nfs(1M) man page to understand which combinations of options are legal.

You can also modify shared paths and options dynamically without bringing offline the Sun Cluster HA for NFS resource. See How to Dynamically Update Shared Paths on an NFS File System.

To modify the share options on an NFS file system while the Sun Cluster HA for NFS resource is offline, perform the following steps.

Steps

1. Become superuser on a cluster node.

2. Turn off fault monitoring on the NFS resource.

   # scswitch -n -M -j resource

   -M

   Disables the resource fault monitor

3. Test the new share options.

   1. Before you edit the dfstab.resource file with new share options, execute the new share command to verify the validity of your combination of options.

      # share -F nfs [-o specific_options] [-d “description”] pathname

      -F nfs

      Identifies the file system type as NFS.

      -o specific_options

      Specifies an option. You might use rw, which grants read-write access to all of the clients.

      -d description

      Describes the file system to add.

      pathname

      Identifies the file system to share.

   2. If the new share command fails, immediately execute another share command with the old options. When the new command executes successfully, proceed to Step 4.

4. Edit the dfstab.resource file with the new share options.

   1. To remove a path from the dfstab.resource file, perform the following steps in order.

      1. Execute the unshare(1M) command.

         # unshare -F nfs [-o specific_options] pathname

         -F nfs

         Identifies the file system type as NFS.

         -o specific_options

         Specifies the options that are specific to NFS file systems.

         pathname

         Identifies the file system that is made unavailable.

      2. From the dfstab.resource file, delete the share command for the path that you want to remove.

         # vi dfstab.resource

   2. To add a path or change an existing path in the dfstab.resource file, verify that the mount point is valid, then edit the dfstab.resource file.

   ---

   Note –

   The format of this file is exactly the same as the format that is used in the /etc/dfs/dfstab file. Each line consists of a share command.

   ---

5. Enable fault monitoring on the NFS resource.

   # scswitch -e -M -j resource

How to Dynamically Update Shared Paths on an NFS File System

You can dynamically modify the shared paths on an NFS file system without bringing offline the Sun Cluster HA for NFS resource. The general procedure consists of modifying the dfstab.resource file for Sun Cluster HA for NFS and then manually running the appropriate command, either the share command or the unshare command. The command is immediately effective, and Sun Cluster HA for NFS handles making these paths highly available.

Ensure that the paths that are shared are always available to Sun Cluster HA for NFS during failover so that local paths (on non-HA file systems) are not used.

If paths on a file system that is managed by HAStoragePlus are shared, the HAStoragePlus resource must be in the same resource group as the Sun Cluster HA for NFS resource, and the dependency between them must be set correctly.

Steps

1. Use the scstat -g command to find out the node on which the Sun Cluster HA for NFS resource is online.

2. On this node run the /usr/sbin/share command to see the list of paths currently shared. Determine the changes you want to make to this list.

3. To add a new shared path, perform the following steps.

   1. Add the share command to the dfstab.resource file.

      Sun Cluster HA for NFS shares the new path the next time it checks the file. The frequency of these checks is controlled by the Thorough_Probe_Interval property (by default 120 seconds).

   2. Run the share command manually to make the newly added shared path effective immediately. Running the command manually is recommended because the user can be certain that the shared paths are available to potential clients. Sun Cluster HA for NFS detects that the newly added path is already shared and does not complain.

4. To unshare a path, perform the following steps.

   1. Run the dfmounts(1M) command to ensure that no clients are currently using the path.

      Although a path can be unshared even if clients are using it, these clients would get a stale file error handle and would need special care (forced umount, or even reboot) to recover.

   2. Remove the shared path from the dfstab.resource file.

   3. Run the unshare command manually.

5. To modify options for an existing shared path, perform the following steps.

   1. Modify the dfstab.resource file as needed.

   2. Run the appropriate command (share or unshare) manually.

How to Tune Sun Cluster HA for NFS Method Timeouts

The time that Sun Cluster HA for NFS methods require to finish depends on the number of paths that the resources share through the dfstab.resource file. The default timeout for these methods is 300 seconds.

As a general guideline, allocate 10 seconds toward the method timeouts for each path that is shared. Default timeouts are designed to handle 30 shared paths.

• If the number of shared paths is less than 30, do not reduce the timeout.

• If the number of shared paths exceeds 30, multiply the number of paths by 10 to compute the recommended timeout. For example, if the dfstab.resource file contains 50 shared paths, the recommended timeout is 500 seconds.

Update the following method timeouts if the number of shared paths is greater than 30.

• Prenet_start_timeout

• Postnet_stop_timeout

• Start_timeout

• Stop_timeout

• Validate_timeout

• Update_timeout

• Monitor_Start_timeout

• Monitor_Stop_timeout

• Monitor_Check_timeout

To change method timeouts, use the scrgadm -c option, as in the following example.

% scrgadm -c -j resource -y Prenet_start_timeout=500

How to Configure SUNW.HAStoragePlus Resource Type

The SUNW.HAStoragePlus resource type was introduced in Sun Cluster 3.0 5/02. This new resource type performs the same functions as SUNW.HAStorage, and synchronizes actions between HA storage and Sun Cluster HA for NFS. SUNW.HAStoragePlus also has an additional feature to make a local file system highly available. Sun Cluster HA for NFS is both failover and disk-intensive, and therefore, you should set up the SUNW.HAStoragePlus resource type.

See the SUNW.HAStoragePlus(5) man page and Relationship Between Resource Groups and Disk Device Groups in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for background information. See Synchronizing the Startups Between Resource Groups and Disk Device Groups in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for the procedure. (If you are using a Sun Cluster 3.0 version prior to 5/02, you must set up SUNW.HAStorage instead of SUNW.HAStoragePlus. See Synchronizing the Startups Between Resource Groups and Disk Device Groups in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for the procedure.)

Securing Sun Cluster HA for NFS With Kerberos V5

You can secure Sun Cluster HA for NFS with Kerberos V5 by configuring the Kerberos client. This configuration includes adding a Kerberos principal for NFS over the logical hostnames on all cluster nodes.

To configure the Kerberos client, perform the following procedures.

• Prepare the nodes. See How to Prepare the Nodes.

• Create Kerberos principals. See How to Create Kerberos Principals.

• Enable the secured NFS. See Enabling Secure NFS.

How to Prepare the Nodes

Steps

1. Configure the KDC (Key Distribution Center) server which will be used by the Cluster nodes.

   Refer to Solaris Kerberos/SEAM (Sun Enterprise Authentication Mechanism) documentation for details.

2. Set up the time synchronization.

   The KDC server must be time synchronized with the cluster nodes as well as any clients which will be using the Sun Cluster HA for NFS services from the cluster. The NTP (Network Time Protocol) method performs time corrections with greater granularity than other methods, and therefore the time synchronization is more reliable. In order to benefit from this greater reliability, use NTP for the time synchronization.

3. Verify the DNS client configuration.

   The DNS client configuration must be complete and working on all cluster nodes as well as on any NFS clients which will be using secure NFS services from the cluster. Use resolv.conf(4) to verify the DNS client configuration.

   The DNS domain name must be made known to the Kerberos configuration by keeping a mapping in the domain_realm section of krb5.conf(4) file.

   The following example shows a mapping of DNS domain name mydept.company.com to Kerberos realm ACME.COM.

   [domain_realm]
   .mydept.company.com = ACME.COM

4. Ensure that the Master KDC server is up when the Kerberos client software is configured on the cluster nodes.

5. Ensure that the same configuration file and the same service key table file are available to all cluster nodes.

   The /etc/krb5/krb5.conf file must be configured the same on all the cluster nodes. In addition, the default Kerberos keytab file (service key table), /etc/krb5/krb5.keytab, must be configured the same on all the cluster nodes. This can be achieved either by copying the files to all cluster nodes or by keeping a single copy of each file on a global file system and installing symbolic links to /etc/krb5/krb5.conf and /etc/krb5/krb5.keytab on all cluster nodes.

   You can also use a failover file system to make files available to all cluster nodes. However, a file a failover file system is visible on only one node at a time. Therefore, if Sun Cluster HA for NFS is being used in different resource groups, potentially mastered on different nodes, the files are not visible to all cluster nodes. In addition, this configuration complicates Kerberos client administrative tasks.

6. Ensure that all Kerberos-related entries in the file /etc/nfssec.conf are uncommented.

   On all cluster nodes, as well as on any NFS clients that are configured to use secure NFS services from the cluster, all Kerberos-related entries in the file /etc/nfssec.conf must be uncommented. See nfssec.conf(4).

How to Create Kerberos Principals

The following steps create the required Kerberos principals and keytab entries in the KDC database. For each cluster node, the keytab entries for which service principals are created depend on the version of Solaris that is running on the cluster node.

• With Solaris 8, both the “root” and the “host” entries must be created.

• With Solaris 9, only the “host” entry must be created.

The principal for the “nfs” service over the logical hostname is created on one node only and then added manually to the default Kerberos keytab file on each cluster node. The Kerberos configuration file krb5.conf and the keytab file krb5.keytab must be stored as individual copies on each cluster node and must not be shared on a global file system.

Steps

1. On each cluster node, log in to the KDC server as the administrator and create the host principal for each cluster node.

   Note that, with Solaris 8, you must create both host and root principals for each cluster node.

   Principals must be created using the fully qualified domain names.

   Add these entries to the default keytab file on each node. These steps can be greatly simplified with the use of cluster console utilities (see cconsole(1M)) .

   The following example creates the root and host entries. Perform this step on all cluster nodes, substituting the physical hostname of each cluster node for the hostname in the example.

   # kadmin -p username/admin Enter Password: kadmin: addprinc -randkey host/phys-red-1.mydept.company.com Principal "host/phys-red-1.mydept.company.com@ACME.COM" created.

   kadmin: addprinc -randkey root/phys-red-1.mydept.company.com Principal "root/phys-red-1.mydept.company.com@ACME.COM" created.

   kadmin: ktadd host/phys-red-1.mydept.company.com Entry for principal host/phys-red-1.mydept.company.com with kvno 2, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab.

   kadmin: ktadd root/phys-red-1.mydept.company.com Entry for principal root/phys-red-1.mydept.company.com with kvno 2, encryption type DES-CBC-CRC added to keytab WRFILE:/etc/krb5/krb5.keytab.

   kadmin: quit #

2. On one cluster node, create the principal for the Sun Cluster HA for NFS service for the logical hostnames which provide Sun Cluster HA for NFS service.

   Principals must be created using the fully qualified domain names. Perform this step on only one cluster node.

   # kadmin -p username/admin Enter Password: kadmin: addprinc -randkey nfs/relo-red-1.mydept.company.com Principal "nfs/relo-red-1.mydept.company.com@ACME.COM" created.

   kadmin: ktadd -k /var/tmp/keytab.hanfs nfs/relo-red-1.mydept.company.com Entry for principal nfs/relo-red-1.mydept.company.com with kvno 3, encryption type DES-CBC-CRC added to keytab WRFILE:/var/tmp/keytab.hanfs.

   kadmin: quit #

   In the above example, relo-red-1 is the logical hostname used with Sun Cluster HA for NFS.

3. Securely copy the keytab database /var/tmp/keytab.hanfs specified in Step 2 to the rest of the cluster nodes.

   Do not use insecure copying methods such as regular ftp or rcp, and so forth. For additional security, you can use the cluster private interconnect to copy the database.

   The following example copies the database.

   # scp /var/tmp/keytab.hanfs clusternode2-priv:/var/tmp/keytab.hanfs # scp /var/tmp/keytab.hanfs clusternode3-priv:/var/tmp/keytab.hanfs

4. On all cluster nodes, add the keytab entry for the “nfs” service over logical hostname to the local keytab database.

   The following example uses the ktutil(1M) command to add the entry. Remove the temporary keytab file /var/tmp/keytab.hanfs on all cluster nodes after it has been added to the default keytab database /etc/krb5/krb5.keytab.

   # ktutil ktutil: rkt /etc/krb5/krb5.keytab ktutil: rkt /var/tmp/keytab.hanfs ktutil: wkt /etc/krb5/krb5.keytab ktutil: quit# # rm /var/tmp/keytab.hanfs

5. Verify the Kerberos client configuration.

   List the default keytab entries on each cluster node and make sure that the key version number (KVNO) for the “nfs” service principal is the same on all cluster nodes.

   # klist -k Keytab name: FILE:/etc/krb5/krb5.keytab KVNO Principal ---- --------------------------------- 2 host/phys-red-1.mydept.company.com@ACME.COM 2 root/phys-red-1.mydept.company.com@ACME.COM 3 nfs/relo-red-1.mydept.company.com@ACME.COM

   On all cluster nodes, the principal for the “nfs” service over the logical host must have the same KVNO number. In the above example, the principal for the “nfs” service over the logical host is nfs/relo-red-1.mydept.company.com@ACME.COM, and the KVNO is 3.

6. (Solaris 9 only) The user credentials database gsscred must be up-to-date for all users who access secure NFS services from the cluster.

   Build the user credential database by running the following command on all cluster nodes.

   # gsscred -m kerberos_v5 -a

   See gsscred(1M) man pages for details.

   Note that the above approach builds the user credentials database only once. Some other mechanism must be employed, for example, cron(1M), to keep the local copy of this database up-to-date with changes in the user population.

   This step is not necessary for Solaris release 10.

Enabling Secure NFS

Use the -o sec=option option of the share(1M) command in the dfstab.resource-name entry to share your file systems securely. See nfssec(5) man pages for details of specific option settings. If the Sun Cluster HA for NFS resource is already configured and running, see How to Change Share Options on an NFS File System for information about updating the entries in the dfstab.resource-name file. Note that the sec=dh option is not supported on Sun Cluster configurations.

Tuning the Sun Cluster HA for NFS Fault Monitor

The Sun Cluster HA for NFS fault monitor is contained in a resource whose resource type is SUNW.nfs.

For general information about the operation of fault monitors, see Tuning Fault Monitors for Sun Cluster Data Services in Sun Cluster Data Services Planning and Administration Guide for Solaris OS.

Fault Monitor Startup

The NFS resource MONITOR_START method starts the NFS system fault monitor. This start method first checks if the NFS system fault monitor (nfs_daemons_probe) is already running under the process monitor daemon (rpc.pmfd). If the NFS system fault monitor is not running, the start method starts the nfs_daemons_probe process under the control of the process monitor. The start method then starts the resource fault monitor (nfs_probe), also under the control of the process monitor.

Fault Monitor Stop

The NFS resource MONITOR_STOP method stops the resource fault monitor. If no other NFS resource fault monitor is running on the local node, the stop method stops the NFS system fault monitor.

Operations of Sun Cluster HA for NFS Fault Monitor During a Probe

This section describes the operations of the following fault monitoring processes:

• NFS system fault monitoring

• NFS resource fault monitoring

• Monitoring of file sharing

NFS System Fault Monitoring Process

The NFS system fault monitor probe monitors the NFS daemons (nfsd, mountd, statd, and lockd) and the RPC portmapper service daemon (rpcbind) on the local node. The probe checks for the presence of the process and its response to a null rpc call. This monitor uses the following NFS extension properties:

• Rpcbind_nullrpc_timeout

• Rpcbind_nullrpc_reboot

• Statd_nullrpc_timeout

• Lockd_nullrpc_timeout

• Mountd_nullrpc_timeout

• Mountd_nullrpc_restart

• Nfsd_nullrpc_timeout

• Nfsd_nullrpc_restart

See Setting Sun Cluster HA for NFS Extension Properties.

Each NFS system fault monitor probe cycle performs the following steps in a loop. The system property Cheap_probe_interval specifies the interval between probes.

1. The fault monitor probes rpcbind.

   If the process terminates unexpectedly, but a warm restart of the daemon is in progress, rpcbind continutes to probe other daemons.

   If the process terminates unexpectedly, then the fault monitor reboots the node.

   If a null rpc call to the daemon terminates unexpectedly, Rpcbind_nullrpc_reboot=True, and Failover_mode=HARD, then the fault monitor reboots the node.

2. The fault monitor probes statd first, and then lockd.

   If statd or lockd terminate unexpectedly, the system fault monitor attempts to restart both daemons.

   If a null rpc call to these daemons terminates unexpectedly, the fault monitor logs a message to syslog but does not restart statd or lockd.

3. The fault monitor probes mountd.

   If mountd terminates unexpectedly, the fault monitor attempts to restart the daemon.

   If the null rpc call to the daemon terminates unexpectedly and Mountd_nullrpc_restart=True, the fault monitor attempts to restart mountd if the cluster file system is available.

4. The fault monitor probes nfsd.

   If nfsd terminates unexpectedly, the fault monitor attempts to restart the daemon.

   If the null rpc call to the daemon terminates unexpectedly and Nfsd_nullrpc_restart=TRUE, then the fault monitor attempts to restart nfsd if the cluster file system is available.

5. If any of the above NFS daemons (except rpcbind) fail to restart during a probe cycle, the NFS system fault monitor will retry the restart in the next cycle. When all of the NFS daemons are restarted and healthy, the resource status is set to ONLINE. The monitor tracks unexpected terminations of NFS daemons in the last Retry_interval. When the total number of unexpected daemon terminations has reached Retry_count, the system fault monitor issues a scha_control giveover. If the giveover call fails, the monitor attempts to restart the failed NFS daemon.

6. At the end of each probe cycle, if all daemons are healthy, the monitor clears the history of failures.

NFS Resource Fault Monitoring Process

NFS resource fault monitoring is specific to each NFS resource. The fault monitor of each resource checks the status of each shared path to monitor the file systems that the resource exports.

Before starting the NFS resource fault monitor probes, all of the shared paths are read from the dfstab file and stored in memory. In each probe cycle, the probe performs the following steps.

1. If dfstab has been changed since the last read, the probe refreshes the memory.

   If an error occurs while reading the dfstab file, the resource status is set to FAULTED, and the monitor skips the remainder of the checks in the current probe cycle.

2. The fault monitor probes all of the shared paths in each iteration by performing stat() on the path.

   If any path is not functional, the resource status is set to FAULTED.

3. The probe checks for the presence of NFS daemons (nfsd, mountd, lockd, statd) and rpcbind.

4. If any of these daemons are down, the resource status is set to FAULTED.

5. If all shared paths are valid and NFS daemons are present, the resource status is reset to ONLINE.

Monitoring of File Sharing

The Sun Cluster HA for NFS fault monitor probe monitors the success or failure of file sharing by monitoring the following files:

• /etc/dfs/sharetab

• /etc/mnttab

• Pathprefix/SUNW.nfs/dfstab.resource

  The Pathprefix part of the file path is the value of the Pathprefix extension property for the resource group, and resource is the resource name.

If the probe detects any modification to any of these files, it shares the paths in dfstab.resource again.

Upgrading the SUNW.nfs Resource Type

Upgrade the SUNW.nfs resource type if the following conditions apply:

• You are upgrading the Sun Cluster HA for NFS data service to Sun Cluster 3.1 8/05 from an earlier version of the data service.

• You are upgrading to Solaris 10 from an earlier version of the operating system.

For general instructions that explain how to upgrade a resource type, see Upgrading a Resource Type in Sun Cluster Data Services Planning and Administration Guide for Solaris OS. The information that you require to complete the upgrade of the resource type is provided in the subsections that follow.

Information for Registering the New Resource Type Version

The release of Sun Cluster data services indicates the release in which the version of the resource type was introduced.

To determine the version of the resource type that is registered, use one command from the following list:

• scrgadm -p

• scrgadm -pv

The resource type registration (RTR) file for this resource type is /opt/SUNWscnfs/etc/SUNW.nfs.

Information for Migrating Existing Instances of the Resource Type

The information that you require to edit each instance of the resource type is as follows:

• You must perform the migration when the resource is in an unmanaged state.

• For Sun Cluster 8/05, the required value of the Type_version property is 3.1.

The following example shows a command for modifying an instance of the SUNW.nfs resource type.

Example 2 Migrating Instances of the SUNW.nfs Resource Type

# scrgadm -c -j nfs-rs -y Type_version=3.1 \

This command modifies the Type_version property of the nfs-rs resource to 3.1.