Hi,
On 10/28/2015 03:08 PM, Dennis Kramer (DT) wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sorry for raising this topic from the dead, but i'm having the same
issues with NFS-GANESHA /w the wrong user/group information.
Do you maybe have a working ganesha.conf? I'm assuming I might
mis-configured something in this file. It's also nice to have some
reference config file from a working FSAL CEPH, the sample config is
very minimalistic.
I also have another issue with files that are not immediately visible
in a NFS folder after another system (using the same NFS) has created
it. There seems to be a slight delay before all system have the same
directory listing. This can be enforced by creating a *new* file in
this directory which will cause a refresh on this folder. Changing
directories also helps on affected system(s).
I've been testing ganesha with a kerberos setup as alternative to
kernel-nfs and re-exporting a ceph/ceph-fuse mountpoint (side note:
ceph-fuse and kernel-nfs do not play well, use kernel cephfs in this
case...)
The ganesha.conf I've used looks like this:
NFS_KRB5
{
PrincipalName = "nfs";
KeytabPath = /etc/krb5.keytab ;
Active_krb5 = true ;
}
NFSv4
{
# Set an alternative path for libnfsidmap configuration file
IdmapConf = /etc/idmapd.conf;
}
NFS_CORE_PARAM {
NFS_Protocols = 4;
}
EXPORT_DEFAULT {
Protocols = 4;
Transports = TCP;
SecType = "krb5p";
}
EXPORT {
Export_ID = 2;
Path = "/ceph_subdiretory_to_mount";
Pseudo = "/exported_name_of_the_subdirectory";
SecType = "krb5p";
FSAL {
Name = CEPH;
}
CLIENT {
Clients = <test client IP>;
Access_Type = RW;
}
}
On the testclient I've mounted it with
mount.nfs <test server>:/exported_name_.... /mnt -o
rw,noatime,fsc,nfsvers=4,intr,ac,sec=krb5p
Accessing files work as expected:
$ ls /mnt
-bash: cd: /mnt: Permission denied
$ klist
klist: Credentials cache file '/tmp/krb5cc_XYZ' not found
$ kinit
Password for XYZ@XYZ:
$ klist
< ticket details >
$ ls /mnt
< directory content >
The difficult part is setting up kerberos correctly (keytab, id mapping
etc.). It took me some time to figure it out. You need a very recent
version of ganesha (I'm using 2.1.0). And you should test the setup
before trying to use the ceph fsal, e.g. with a local directory:
EXPORT
{
Export_ID = 3;
Path = "/opt";
Pseudo = "/test";
SecType = "krb5p";
FSAL {
Name = VFS;
}
CLIENT {
Clients = <test client IP>;
Access_Type = RW;
}
}
(different Export_ID and pseudo are mandatory!)
No tests with root squash so far, but at least the kerberos part is working.
Regards,
Burkhard
_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
