[Linux-cluster] file system ownership/permissions on HA nfs and IPA client.

[Daniel R. Gore]

My systems are build on Redhat Server 6.1.
I set up a pair of nodes with common (FC) storage as HA servers.  I have
an IPA server and have made the nodes IPA clients to the IPA server.  I
am serving an xfs file systems through HA nfs from an IP resource
associated to a common service name (fserv) from the HA service.

It all appears to work fine, except I cannot get the correct file
ownership/permissions when I connect through the NFS service name.  In
other words, when I mount "fserv:/export_home /home" from a IPA client
system, file ownership is "nobody;nobody".  If I look to see what node
is serving the file system and check permission where it is mounted, the
file ownership and permissions are correct.

Obviously, the NFS service provided from the HA systems has no ability
to reference LDAP from IPA even though both nodes are clients.

Permissions and ownership are a basic requirement that I need to meet.
Preferably, I would like to serve NFS4 kerberized access.  At this point
I am at a loss as how to do this.  Does anyone have a good solution?

One possible way might be to uses DRDB to mirror a file system on each
node and server nfs direct from one node at a time with fail-over to the
other node.  Then setup autofs on the clients to decide which node to
use.  I imagine I would need to have both nodes mount the
same /var/lib/nfs directory to ensure nfs recovery.

Looking for ideas!

In the long run, it would be best if you could setup a pseudo OS for the
NFS service that would have it's own kerberos certificates and LDAP
access that both (all) nodes have access to.  That way the service would
have correct ownership/permissions. 

Thanks.

Dan 


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.