From: Benoît des Ligneris (benoit.des.ligneris_at_revolutionlinux.com)
Date: Mon 01 Aug 2005 - 13:09:48 BST
Hello,
We are using a lot NFS here on XTERM vservers and we have tried and
tested both solutions:
1) mount NFS somewhere on the /host then use mount --bind
2) mount NFS before directly on the /vserver directory
Both are working fine.
You can have locking with nfslock and, as Herbert mention previously,
this is as reliable as ... NFS ;-)
What is important is to "tweak" (well, if necessary) your startup
sequence so that all is fine on the host before starting any vserver
that depend on the NFS files. Also, you should use "v_portmap" instead
of portmap if you plan to do NFS inside a vserver (well, in our case, we
are using unfsd3 as this is only read-only partitions for the XTERM).
In that respect, we think that mounting directly NFS inside the vserver
is a bit more reliable than "mount --bind". When you are using mount
--bind, the directory will be binded, even if the NFS directory is not
mounted which can lead to serious problem, especially if you are using
pam_mkhomedir...
If you want to restore the "correct" behavior, you have to unmount the
directory then remount it once your NFS is present.
We don't have this kind of problems when mouting the NFS share directly
inside the vserver.
We are using TCP NFS for better reliability and performance (when the
server has some kind of load...)
Ben
Herbert Poetzl a écrit :
> On Mon, Aug 01, 2005 at 11:32:38AM +0200, Gebhardt Thomas wrote:
>
>>Hi,
>>
>>I'm trying to configure a VServer for interactive login, where users
>>can access their NFS mounted home directories and I was trying
>>to figure out, what is the "best practice" to do that.
>>
>>So, I have a few questions:
>>
>>1. We are still running 2.4.29-vs1.2.10 on our production servers;
>>do I need to upgrade to kernel 2.6.x and/or vs 2.0-rc-x ?
>
>
> well, NFS was not tested for 2.4/1.2.x so I just don't know
> what I know for sure is that xid tagging is not present there
> (over NFS)
>
>
>>2. If using vs2.0: What is the preferred XID tagging config
>>(all uids, gids < 65000)
>
>
> the default should be fine (UGID24)
>
>
>>3. Should I NFS mount the home directories on the master server (a)
>>or within the vserver (b)?
>
>
> actually you can do both, but if the mount is kind of static
> (i.e. only done once at bootup) I'd sugegst to do it on the
> host, right before you start the guests ...
>
>
>> if (a): mount directly into the vserver chroot or mount outside the
>> vserver filesystem and use bind mounts? Does the master server
>
>
> both should work fine, bind mounts might be more flexible
>
>
>> need to be aware about the users on the vserver (/etc/passwd, ...)?
>
>
> nope
>
>
>> if (b): which extra privileges/capabilities to grant the vserver?
>
>
> should work out of the box (with 2.6/2.0 that is)
>
>
>>4. Are there NFS locking issues? Can multiple vserver on the
>>same master mount the home directories simultaneously?
>
>
> well, there are the 'typical' nfs locking issues, but they
> are not really vserver related ...
>
>
>>5. Is it possible to get rpc.quota information on the vserver?
>
>
> hmm, actually never tried ... so no idea :)
>
>
>>6. A previous posting says that one should prefer tcp over
>>udp mounts. Can you elaborate, why? Is this a general advice
>>or meant especially for vservers?
>
>
> it's a general advice from the NFS folks who said: NFS over
> UDP is broken by design, and we do not care if it works or
> not (and it does not work reliably with newer hardware/kernels)
>
>
>>Thanks for your help / pointing me to the appropriate docs.
>
>
> you're welcome!
> Herbert
>
>
>>Cheers, Thomas
>>_______________________________________________
>>Vserver mailing list
>>Vserver_at_list.linux-vserver.org
>>http://list.linux-vserver.org/mailman/listinfo/vserver
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
-- Benoît des Ligneris Ph. D. Président / C.E.O. Revolution Linux http://www.revolutionlinux.com/Toutes les opinions et les prises de position exprimées dans ce courriel sont celles de son auteur et ne représentent pas nécessairement celles de Révolution Linux.
Any views and opinions expressed in this email are solely those of the author and do not necessarily represent those of Revolution Linux.
_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver