NFS
Introduction
NFS (Network File System) is an industry standard protocol to share files
over a network. NFS versions 2, 3, and 4 are supported.
For more information on how the filesystem namespace is constructed, see
the filesystem namespace section.
Properties
|
|
Minimum supported version |
Controls which versions of NFS are supported |
Maximum supported
version |
Controls which versions of NFS are supported |
Maximum # of server threads |
Maximum number
of concurrent NFS requests. This should at least cover the number
of concurrent NFS clients that is anticipated. Allowed range is 20
to 1000 |
Grace period |
Seconds that all clients have to reclaim locks after an
appliance reboot. During this period, the NFS service only processes reclaims
of old locks. All other requests for service must wait until
the grace period is over, which by default is 90. Reducing
this value allows NFS clients to resume operation more quickly after a
server reboot, but it increases the probability that a client is not
able to recover all its locks. Allowed range is 15 to
600 |
DNS domain for NFSv4 identity |
Use DNS domain when mapping NFSv4 user and
group identities. |
Custom NFSv4 identity domain |
Override the DNS domain with this string when
mapping NFSv4 users and group identities. |
Enable NFSv4 delegation |
Enable NFSv4 delegation. Delegation
allows clients to cache files locally and make modifications without contacting the
server. This option is on by default and typically results in
better performance, but in rare circumstances can cause problems. Disabling this
setting should only be done after careful performance measurements of your particular
workload and validation that the setting has a measurable performance benefit.
This option only affects NFSv4 mounts. |
Kerberos realm |
A realm is logical network, similar
to a domain, that defines a group of systems that are under
the same master KDC. Realm names can consist of any ASCII string.
Usually, the realm name is the same as your DNS domain name,
except that the realm name is in uppercase. This convention helps differentiate
problems with the Kerberos service from problems with the DNS namespace, while
using a name that is familiar. |
Kerberos master KDC |
Each realm must include a
server that maintains the master copy of the principal database. The most
significant difference between a master KDC and a slave KDC is that
only the master KDC can handle database administration requests. For instance, changing
a password or adding a new principal must be done on the
master KDC. |
Kerberos slave KDC |
Contains duplicate copies of the principal database. Both the
master KDC server and the slave KDC server create tickets that are
used to establish authentication. |
Kerberos admin principal |
Identifies the client. By convention, a
principal name is divided into three components: the primary, the instance, and
the realm. A principal can be specified as joe, joe/admin, or joe/admin@ENG.EXAMPLE.COM. |
Kerberos
admin password |
Password for admin principal. |
|
Changing services properties is documented in the BUI and CLI sections of
Services.
Setting the NFS minimum and maximum versions to the same value will
cause the appliance to only communicate with clients using that version.
This may be useful if you find an issue with one NFS
version or the other (such as the performance characteristics of that NFS
version with your workload), and wish to force clients to only use
the version that works best.
Kerberos realms
Configuring a Kerberos realm will create certain service principals and add the
necessary keys to the system's local keytab. The NTP service must be configured
before configuring Kerberized NFS. The following service principals are created and updated
to support Kerberized NFS:
host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
If the system is configured in a cluster, principals and keys are
generated for each cluster node:
host/node1.example.com@EXAMPLE.COM
nfs/node1.example.com@EXAMPLE.COM
host/node2.example.com@EXAMPLE.COM
nfs/node2.example.com@EXAMPLE.COM
If these principals have already been created, configuring the realm will reset
the password for each of those principals. If the system is
already joined to an Active Directory domain, the system cannot be configured
as part of a Kerberos realm.
For information on setting up KDCs and Kerberized clients, see http://docs.sun.com/app/docs/doc/816-4557/setup-8?a=view. After
setting NFS properties for Kerberos, change the Security mode on the Shares
> Filesystem > Protocols screen to a mode using Kerberos.
Logs
These logs are available for the NFS service:
|
|
network-nfs-server:default |
Master NFS server log |
appliance-kit-nfsconf:default |
Log of
appliance NFS configuration events |
network-nfs-cbd:default |
Log for the NFSv4 callback daemon |
network-nfs-mapid:default |
Log for the NFSv4
mapid daemon - which maps NFSv4 user and group credentials |
network-nfs-status:default |
Log for the
NFS statd daemon - which assists crash and recovery functions for NFS
locks |
network-nfs-nlockmgr:default |
Log for the NFS lockd daemon - which supports record locking operations
for files |
|
To view service logs, refer to the Logs section from Services.
Analytics
NFS activity can be monitored in detail in the Analytics section.
This includes monitoring:
and combinations of the above.
CLI
The following table describes the mapping between CLI properties and the BUI property
descriptions above.
|
|
version_min |
Minimum supported version |
version_max |
Maximum supported version |
nfsd_servers |
Maximum # of server threads |
grace_period |
Grace
period |
mapid_dns |
DNS domain for NFSv4 identity |
mapid_domain |
Custom NFSv4 identity domain |
enable_delegation |
Enable NFSv4 delegation |
krb5_realm |
Kerberos Realm |
krb5_kdc |
Kerberos master
KDC |
krb5_kdc2 |
Kerberos slave KDC |
krb5_admin |
Kerberos admin principal |
|
Tasks
NFS Tasks
Sharing a filesystem over NFS
- Go to Configuration->Services
- Check that the NFS service is enabled and online. If
not, enable the service.
- Select or add a share in the Shares screen.
- Go to the "Protocols" section, and check that NFS sharing is
enabled. This screen also allows configuration of the NFS share mode
(read/read+write).