I also found this thread, after many searches. http://linux-nfs.org/pipermail/nfsv4/2009-April/010583.html As I read through it, there appears to be a patch for rpc.gssd which allows for the daemon to be started and associated with multiple hosts. I do not want to compile rpc.gssd and it appears the patch is from over two years ago. I would hope that RHEL6 would have rpc.gssd patched to meet this requirement, but no documentation appear to exist for how to use it. On Wed, 2011-04-06 at 20:23 -0400, Daniel R. Gore wrote: > Ian, > > Thanks for the info. > > My cluster is only a two node cluster. I have NFSv4 with Kerberos > working on both node separately. I went and created a virtual IP on > each node with the same IP to accommodate the floating IP. I associated > the virtual IP with a new DNS name (fserv) and ensured forward and > reverse look-up works. I create Kerberos host and nfs principals for > fserv and added the associated keys to /etc/krb5.keytab on each node. > > Unfortunately, it still does not work and I am sure one of the reasons > is because the "uname -n" comes up as the node name and not fserv. > > I also suspect that the nfs service that gets started through Redhat's > HA service does not use the /etc/exports file on the nodes. > > How did you manage to change the nodes name when the nfs server was > started? What worries me about that is then other services will like > fail. > > Any guidance is appreciated. > > Thanks. > > Dan > > On Wed, 2011-04-06 at 16:14 -0700, Ian Hayes wrote: > > I've done some work on clustering NFSv4 using Kerberos at a previous > > job.... I probably did this completely wrong, but I did get it > > working. The big gotcha that I had was that all cluster members need > > the same keytab for the NFS service. I also had to have the active > > node change its hostname to match the keytab before it started up NFS. > > There are the usual NFS4 specific stuff you need to do > > like /etc/exports and building the pseudo filesystem. I did a few bind > > mounts to get everything under the pseudo-fs. Obviously I'm assuming > > that you have NFS4 working on a single-node environment and therefore > > know what to do to get that working (ie, keytabs for the clients). > > > > The cluster I had built was hosting NFS4 and Samba, with a shared GFS > > filesystem on an iSCSI backend. It ran pretty decent for secondhand > > test equipment. I was actually able to benchmark the GFS performance > > while I tuned the GFS with a little script that wrote out randomly > > sized files. > > > > I did some extensive build documentation of how to build a Kerberized > > NFS4 cluster, but I doubt my old employer would be willing to release > > them. But like Henry Jones, Sr., I wrote them down so I wouldn't have > > to remember them. > > > > On Wed, Apr 6, 2011 at 3:42 PM, Daniel R. Gore > > <danielgore@xxxxxxxxxxx> wrote: > > I am trying to get Kerberos authenticated high available NFS > > service > > running. I have looked at the cookbook, but it does not cover > > this. > > > > Any ideas? > > > > Thank you > > > > Dan > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > -- > > Linux-cluster mailing list > > Linux-cluster@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/linux-cluster > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > -- > > Linux-cluster mailing list > > Linux-cluster@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/linux-cluster > > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
