Re: [Users] Nfs version 3 or 4 when mounting predefined engine ISO?

[Keith Robertson]

Gianluca,

I can't grok all that you are asking but, here is the golden rule for 
oVirt NFS domains:
- You can export whatever you want from wherever you want so long as it 
is writable by UID=36 and GID=36 from an NFS 3/4 client. When in doubt 
test it by mounting from the Node and trying to create a file as user vdsm.


Here is my specific setup (notice that I don't pin a protocol version)
### /etc/exports
 cat /etc/exports
/virt/isodomain127.0.0.1(rw,sync)

I could have also done (and I highly recommend this when your storage 
*isn't* on oVirt Engine):
/virt/isodomain127.0.0.1(rw,sync,anonuid=some local UID 
that has write permissions to /virt/isodomain,anongid=some local GID 
that has write permissions to /virt/isodomain)


### IPtables:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 32803 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport 32769 -j ACCEPT


Cheers,
Keith

On 01/16/2013 09:57 AM, Gianluca Cecchi wrote:

Hello,
what should it be in 3.2 the version of NFS default ISO created on engine?
Can I change it afterwards
During engine setup I was only requested if I wanted it or not:

(f18 with ovirt-nightly repo and 3.2.0-1.20130113.gitc954518)
Configure NFS share on this server to be used as an ISO Domain? 
['yes'| 'no']  [yes] :

Local ISO domain path  [/var/lib/exports/iso] : /ISO

ok

Current situation on engine regarding iptables

[root@f18engine ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source   destination
ACCEPT all  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0icmptype 255
ACCEPT all  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate RELATED,ESTABLISHED
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:22
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:80
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:443
ACCEPT udp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW udp dpt:111
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:111
ACCEPT udp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW udp dpt:892
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:892
ACCEPT udp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW udp dpt:875
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:875
ACCEPT udp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW udp dpt:662
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:662
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:2049
ACCEPT tcp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW tcp dpt:32803
ACCEPT udp  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0ctstate NEW udp dpt:32769
REJECT all  -- 0.0.0.0/0 http://0.0.0.0/0 0.0.0.0/0 
http://0.0.0.0/0reject-with icmp-host-prohibited


Chain FORWARD (policy ACCEPT)
target prot opt source   destination

Chain OUTPUT (policy ACCEPT)
target prot opt source   destination


ANd regarding nfs:
[root@f18engine ~]# ps -ef|grep [n]fs
root  1134 2  0 Jan15 ?00:00:00 [nfsd4]
root  1135 2  0 Jan15 ?00:00:00 [nfsd4_callbacks]
root  1136 2  0 Jan15 ?00:00:00 [nfsd]
root  1137 2  0 Jan15 ?00:00:00 [nfsd]
root  1138 2  0 Jan15 ?00:00:00 [nfsd]
root  1139 2  0 Jan15 ?00:00:00 [nfsd]
root  1140 2  0 Jan15 ?00:00:00 [nfsd]
root  1141 2  0 Jan15 ?00:00:00 [nfsd]
root  1142 2  0 Jan15 ?00:00:00 [nfsd]
root  1143 2  0 Jan15 ?00:00:00 [nfsd]

[root@f18engine ~]# systemctl status rpcbind.service
rpcbind.service - RPC bind service
 Loaded: loaded 

Re: [Users] Nfs version 3 or 4 when mounting predefined engine ISO?

[Gianluca Cecchi]

On Wed, Jan 16, 2013 at 4:41 PM, Keith Robertson wrote:

 I can't grok all that you are asking but, here is the golden rule for
 oVirt NFS domains:
 - You can export whatever you want from wherever you want so long as it is
 writable by UID=36 and GID=36 from an NFS 3/4 client.  When in doubt test
 it by mounting from the Node and trying to create a file as user vdsm.


Yes,
my note was regarding a default setup that doesn't work ootb.
If it doesn't work, I think it is better not to setup it
Best would be to detect when installing a Fedora 18 node that it should
mount by default with version 4
Or enable on engine the possibility to export in version 3
Gianluca
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users