[Linux-cluster] nfs4 kerberos
Ian Hayes
cthulhucalling at gmail.com
Wed Apr 6 23:14:27 UTC 2011
I've done some work on clustering NFSv4 using Kerberos at a previous job....
I probably did this completely wrong, but I did get it working. The big
gotcha that I had was that all cluster members need the same keytab for the
NFS service. I also had to have the active node change its hostname to match
the keytab before it started up NFS. There are the usual NFS4 specific stuff
you need to do like /etc/exports and building the pseudo filesystem. I did a
few bind mounts to get everything under the pseudo-fs. Obviously I'm
assuming that you have NFS4 working on a single-node environment and
therefore know what to do to get that working (ie, keytabs for the clients).
The cluster I had built was hosting NFS4 and Samba, with a shared GFS
filesystem on an iSCSI backend. It ran pretty decent for secondhand test
equipment. I was actually able to benchmark the GFS performance while I
tuned the GFS with a little script that wrote out randomly sized files.
I did some extensive build documentation of how to build a Kerberized NFS4
cluster, but I doubt my old employer would be willing to release them. But
like Henry Jones, Sr., I wrote them down so I wouldn't have to remember
them.
On Wed, Apr 6, 2011 at 3:42 PM, Daniel R. Gore <danielgore at yaktech.com>wrote:
> I am trying to get Kerberos authenticated high available NFS service
> running. I have looked at the cookbook, but it does not cover this.
>
> Any ideas?
>
> Thank you
>
> Dan
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20110406/befd067b/attachment.htm>
More information about the Linux-cluster
mailing list