Gianluca,
I can't grok all that you are asking but, here is the golden rule for
oVirt NFS domains:
- You can export whatever you want from wherever you want so long as it
is writable by UID=36 and GID=36 from an NFS 3/4 client. When in doubt
test it by mounting from the Node and trying to create a file as user vdsm.
Here is my specific setup (notice that I don't pin a protocol version)
### /etc/exports
cat /etc/exports
/virt/isodomain127.0.0.1(rw,sync)
I could have also done (and I highly recommend this when your storage
*isn't* on oVirt Engine):
/virt/isodomain127.0.0.1(rw,sync,anonuid=some local UID
that has write permissions to /virt/isodomain,anongid=some local GID
that has write permissions to /virt/isodomain)
### IPtables:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT
Cheers,
Keith
On 01/16/2013 09:57 AM, Gianluca Cecchi wrote:
Hello,
what should it be in 3.2 the version of NFS default ISO created on engine?
Can I change it afterwards
During engine setup I was only requested if I wanted it or not:
(f18 with ovirt-nightly repo and 3.2.0-1.20130113.gitc954518)
Configure NFS share on this server to be used as an ISO Domain?
['yes'| 'no'] [yes] :
Local ISO domain path [/var/lib/exports/iso] : /ISO
ok
Current situation on engine regarding iptables
[root@f18engine ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0icmptype 255
ACCEPT all -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:443
ACCEPT udp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW udp dpt:111
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:111
ACCEPT udp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW udp dpt:892
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:892
ACCEPT udp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW udp dpt:875
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:875
ACCEPT udp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW udp dpt:662
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:662
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:2049
ACCEPT tcp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW tcp dpt:32803
ACCEPT udp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0ctstate NEW udp dpt:32769
REJECT all -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0
http://0.0.0.0/0reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ANd regarding nfs:
[root@f18engine ~]# ps -ef|grep [n]fs
root 1134 2 0 Jan15 ?00:00:00 [nfsd4]
root 1135 2 0 Jan15 ?00:00:00 [nfsd4_callbacks]
root 1136 2 0 Jan15 ?00:00:00 [nfsd]
root 1137 2 0 Jan15 ?00:00:00 [nfsd]
root 1138 2 0 Jan15 ?00:00:00 [nfsd]
root 1139 2 0 Jan15 ?00:00:00 [nfsd]
root 1140 2 0 Jan15 ?00:00:00 [nfsd]
root 1141 2 0 Jan15 ?00:00:00 [nfsd]
root 1142 2 0 Jan15 ?00:00:00 [nfsd]
root 1143 2 0 Jan15 ?00:00:00 [nfsd]
[root@f18engine ~]# systemctl status rpcbind.service
rpcbind.service - RPC bind service
Loaded: loaded