Scribd Logo
Upload

Welcome to Scribd!

  • Chapter 08 - Providing File-Based Storage

    Uploaded by

    Dimuthu Ruwan Bandara Daundasekara
    9 views3 pages
    RHCE NOTE

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    RHCE NOTE

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views3 pages

    Chapter 08 - Providing File-Based Storage

    Uploaded by

    Dimuthu Ruwan Bandara Daundasekara
    RHCE NOTE

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    INSTALL NFS PACKAGE:-

    [root@file-svr /]# yum install nfs-utils


    [root@file-svr /]# systemctl start nfs-server.service
    [root@file-svr /]# systemctl enable nfs-server.service
    CREATE NFS SHARE DIR:-
    [root@file-svr /]# mkdir /NFS_Share/
    [root@file-svr /]# vim /etc/exports
    /NFS_Share 192.168.110.0/24(no_root_squash,rw)
    Apply Changes:-
    [root@file-svr /]# exportfs -r
    FIREWALL CONFIGURATION:-
    [root@file-svr /]# firewall-cmd --permanent --add-service=nfs
    [root@file-svr /]# firewall-cmd --reload
    CLIENT SIDE CONFIG:-
    [root@cl1 /]# mkdir /NFS_EXPORT/
    [root@cl1 /]# chmod 777 /NFS_EXPORT/
    [root@cl1 /]# mount 192.168.110.25:/NFS_Share /NFS_EXPORT/
    [root@cl1 /]# vim /etc/fstab
    192.168.110.25:/NFS_Share/ /mnt/nfsexport nfs defaul
    ts 0 0

    ################### Kerberos-Enabled NFS Exports ######################


    SELinux Configuration:-
    [root@file-svr /]# semanage fcontext -a -t public_content_rw_t "/NFS_Share(/.*)?
    "
    [root@file-svr /]# restorecon -Rv /NFS_Share/
    restorecon reset /NFS_Share context unconfined_u:object_r:default_t:s0->unconfin
    ed_u:object_r:public_content_rw_t:s0
    restorecon reset /NFS_Share/A context system_u:object_r:default_t:s0->system_u:o
    bject_r:public_content_rw_t:s0

    [root@file-svr /]# setsebool -P nfs_export_all_rw on


    [root@file-svr /]# setsebool -P nfs_export_all_ro on

    CREATE NFS GROUP AND SHARE DIRECOTORY:-


    [root@file-svr /]# groupadd nfs
    [root@file-svr /]# usermod -a -G nfs nfsnobody
    [root@file-svr /]# chmod 0770 /NFS_Share/
    [root@file-svr /]# chgrp nfs /NFS_Share/

    CONFIGURE EXPORT:-
    [root@file-svr /]# vim /etc/exports
    /NFS_Share 192.168.110.30(rw,sec=krb5,anongid=1001)
    ReExport:-
    [root@file-svr /]# exportfs -arv
    exporting 192.168.110.30:/NFS_Share

    [root@file-svr ~]# systemctl status rpcbind nfs-server nfs-lock nfs-idmap


    [root@file-svr ~]# systemctl enable rpcbind nfs-server

    CONFIGURE NTP:-

    CONFIGURE KERBEROS (BOTH NFS CLIENT AND SERVER):-


    [root@file-svr ~]# yum install krb5-server krb5-workstation pam_krb5
    [root@cl1 /]# yum install krb5-server krb5-workstation pam_krb
    ENABLE SERVICES (BOTH NFS CLIENT AND SERVER):-
    [root@kdc ~]# firewall-cmd --permanent --add-service=kerberos
    [root@file-svr ~]# firewall-cmd --permanent --add-service=kerberos
    [root@cl1 /]# firewall-cmd --permanent --add-service=kerberos
    [root@file-svr ~]# systemctl start nfs-secure
    [root@cl1 /]# systemctl start nfs-secure
    ON KDC (Create Admin Principle):-
    [root@kdc ~]# kadmin.local
    Authenticating as principal root/admin@MAIN.COM with password.
    kadmin.local: addprinc root/admin
    WARNING: no policy specified for root/admin@MAIN.COM; defaulting to no policy
    Enter password for principal "root/admin@MAIN.COM":
    Re-enter password for principal "root/admin@MAIN.COM":
    add_principal: Principal or policy already exists while creating "root/admin@MAI
    N.COM".

    ON KDC (Add NFS server and client to the database):-


    kadmin.local: addprinc -randkey host/file-svr.main.com
    WARNING: no policy specified for host/file-svr.main.com@MAIN.COM; defaulting to
    no policy
    Principal "host/file-svr.main.com@MAIN.COM" created.
    kadmin.local: addprinc -randkey host/cl1.main.com
    WARNING: no policy specified for host/cl1.main.com@MAIN.COM; defaulting to no po
    licy
    add_principal: Principal or policy already exists while creating "host/cl1.main.
    com@MAIN.COM".
    ON KDC
    kadmin.local: addprinc -randkey nfs/file-svr.main.com
    WARNING: no policy specified for nfs/file-svr.main.com@MAIN.COM; defaulting to n
    o policy
    Principal "nfs/file-svr.main.com@MAIN.COM" created.
    kadmin.local: addprinc -randkey nfs/cl1.main.com
    WARNING: no policy specified for nfs/cl1.main.com@MAIN.COM; defaulting to no pol
    icy
    Principal "nfs/cl1.main.com@MAIN.COM" created.
    Then obtain and cache Kerberos ticket-granting ticket for root/admin:
    [root@kdc ~]# kinit root/admin
    Password for root/admin@MAIN.COM:
    ON KDC ( Storing into a keytab file) :-
    [root@kdc ~]# kadmin.local
    Authenticating as principal root/admin@MAIN.COM with password.
    kadmin.local: ktadd host/file-svr.main.com
    kadmin.local: ktadd nfs/file-svr.main.com
    kadmin.local: ktadd nfs/cl1.main.com

    You might also like