Re: [nfs-discuss] how to get nfs work with zfs?

Tue, 06 Dec 2011 05:05:12 -0800 

2011/12/6 Jan Kryl <[email protected]>

> Hi,
>
> On 06/12/11 18:03 +0800, darkblue wrote:
> > I am going to share a dir and it's subdir through NFS to Virtual Host,
> > which include XEN(CentOS/netbsd) and ESXi,but failed, the following step
> is
> > what I did:
> >
> > solaris 11:
> >
> > > zfs create tank/iso
> > > zfs create tank/iso/linux
> > > zfs create tank/iso/windows
> > >
> > > share -F nfs -o rw,nosuid,root=VM-host1:VM-host2 /tank/iso
> > > chmod -R 777 /tank/iso
> > >
> >
> > centos:
> >
> > > mkdir /home/iso
> > > mount -t nfs -o rw,nosuid solaris11:/tank/iso /home/iso
> > >
> >
> > echo "newfile" > /home/iso/newfile.txt
> > success
> >
> > echo "newfile" > /home/iso/linux/newfile.txt
> > failed,and display: permission denied
> >
> > and the, check the dir on solaris11:
> >
> > > ls -al /tank/iso
> > >
> > >     drwxrwxrwx   5 root     root           8 Dec  5 13:04 .
> > >     drwxr-xr-x   4 root     root           4 Dec  2 22:45 ..
> > >     drwxrwxrwx   2 root     root           2 Dec  2 16:54 bsd
> > >     drwxrwxrwx   2 root     root           2 Dec  2 16:54 linux
> > >     -rw-r--r--   1 nobody   nobody         8 Dec  5 12:57 newfile.txt
> > >     drwxrwxrwx   2 root     root           2 Dec  2 16:54 windows
> > >
> >
> > check the dir on CentOS:
> >
> > > ls -al /home/iso
> > >
> > >     drwxr-xr-x+ 2 root      root               2 Dec  2 16:54 bsd
> > >     drwxr-xr-x+ 2 root      root               2 Dec  2 16:54 linux
> > >     -rw-r--r--+ 1 nfsnobody nfsnobody          8 Dec  5 12:57
> newfile.txt
> > >     drwxr-xr-x+ 2 root      root               2 Dec  2 16:54 windows
> > >
> >
> > I got couple questions:
> > 1、why the owner of newfile.txt is nfsnobody on CentOS, and on solaris,
> it's
> > nobody?
>
> Check that NFSv4 domain is the same on both machines. NFSv4
> doesn't use numerical IDs for users and groups. It uses a string
> form user@domain or group@domain, which is translated to appropriate
> numerical ID on the machine after the request/reponse is received.
> If the domains don't match than root@domain will not be recognized
> as root user.
>

I didn't enable NFSv4 on solaris

$ sharectl get nfs
servers=1024
lockd_listen_backlog=32
lockd_servers=1024
lockd_retransmit_timeout=5
grace_period=90
server_versmin=3
server_versmax=3
client_versmin=3
client_versmax=3
server_delegation=on
nfsmapid_domain=
max_connections=-1
protocol=ALL
listen_backlog=32
device=

> 2、why the subdir do not have write access, how to accomplish it;
> > 3、what does "+" mean?
>
> This means that the file has non-trivial ACLs (at least on Solaris,
> I assume that the meaning on Linux is the same). Try to print ACLs
> on both systems and compare them (on solaris you can print ACLs
> by "/usr/bin/ls -v".
>
> I see that you shared only /tank/iso, you didn't share /tank/iso/linux
> filesystem, which could be the reason why you cannot access it.
>
this is the result of ls -v
==== solaris 11 ====
solaris11$ ls -v /tank/VMs
total 14
-rw-r--r--   1 root     root           0 Dec  6 18:13 newfile
     0:owner@:read_data/write_data/append_data/read_xattr/write_xattr
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@
:read_data/read_xattr/read_attributes/read_acl/synchronize:allow
     2:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
         :allow
-rw-r--r--   1 nobody   nobody         8 Dec  5 12:52 newfile.txt
     0:owner@:read_data/write_data/append_data/read_xattr/write_xattr
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@
:read_data/read_xattr/read_attributes/read_acl/synchronize:allow
     2:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize
         :allow
drwxrwxrwx   2 root     root           2 Dec  2 16:55 oss-xen
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/read_acl
         /synchronize:allow
-rwxrwxrwx   1 root     root          16 Dec  5 12:42 test.txt
     0:owner@
:read_data/write_data/append_data/read_xattr/write_xattr/execute
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@
:read_data/write_data/append_data/read_xattr/write_xattr/execute
         /read_attributes/write_attributes/read_acl/synchronize:allow
     2:everyone@:read_data/write_data/append_data/read_xattr/write_xattr
         /execute/read_attributes/write_attributes/read_acl/synchronize
         :allow
drwxrwxrwx   2 root     root           2 Dec  2 16:54 VMware
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/read_acl
         /synchronize:allow
drwxrwxrwx   2 root     root           2 Dec  2 16:55 xensrv-xcp
     0:owner@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/write_acl/write_owner
         /synchronize:allow
     1:group@:list_directory/read_data/add_file/write_data/add_subdirectory
         /append_data/read_xattr/write_xattr/execute/delete_child
         /read_attributes/write_attributes/read_acl/synchronize:allow
     2:everyone@:list_directory/read_data/add_file/write_data
         /add_subdirectory/append_data/read_xattr/write_xattr/execute
         /delete_child/read_attributes/write_attributes/read_acl
         /synchronize:allow

this is the result of linux nfs client
=====  CentOS ======
[chenr@XenSrv-2 ~]$ mount -t nfs -o vers=3,rw,nosuid 192.168.55.1:/tank/VMs
/tmp/VMs
mount: only root can do that
[chenr@XenSrv-2 ~]$ su -
Password:
[root@XenSrv-2 ~]# mount -t nfs -o vers=3,rw,nosuid 192.168.55.1:/tank/VMs
/tmp/VMs
[root@XenSrv-2 ~]# ls -al /tmp/VMs
total 17
drwxrwxrwx   5 root      root         8 Dec  6 18:13 .
drwxrwxrwt  13 root      root      4096 Dec  6 20:46 ..
-rw-r--r--+  1 root      root         0 Dec  6 18:13 newfile
-rw-r--r--+  1 nfsnobody nfsnobody    8 Dec  5 12:52 newfile.txt
drwxr-xr-x+  2 root      root         2 Dec  2 16:55 oss-xen
-rwxrwxrwx   1 root      root        16 Dec  5 12:42 test.txt
drwxr-xr-x+  2 root      root         2 Dec  2 16:54 VMware
drwxr-xr-x+  2 root      root         2 Dec  2 16:55 xensrv-xcp

do I have to shared all the zfs filesystem and it's sub-filesystem
individual?
such as:
share -F nfs -o xxx /tank/VMs
share -F nfs -o xxx /tank/VMs/linux
share -F nfs -o xxx /tank/VMs/windows
...

any possible to accomplish that by a single command, and inherit the parent
filesystem's access right?


> > 4、do I need to remount a share dir after changing the file access on
> > solaris(NFS server)?
>
> this shouldn't be necessary
>
> cheers
> -jan
>
thanks jan
_______________________________________________
nfs-discuss mailing list
[email protected]

Reply via email to