FedFS の管理 - Oracle Solaris 11.1 でのネットワークファイルシステムの管理
Features/FedFS - FedoraProject
FedFS Briefing - fedfs_fast10_bof.pdf
zone01(NSDBサーバ)
名前空間データベース(NSDB)の作成/etc/openldap/slapd.conf の設定
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /usr/lib/fs/nfs/fedfs-11.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/openldap/run/slapd.pid
argsfile /var/openldap/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/lib/openldap
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=nerv,dc=local"
rootdn "cn=Manager,dc=nerv,dc=local"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw {SSHA}dbeeLzcFhwyolAS9LenMxj4fvSN8bXzQ# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/openldap/openldap-data
# Indices to maintain
index objectClass eq
rootpw の生成には slappasswd を使用する
# slappasswd
# slappasswd
New password:
Re-enter new password:
{SSHA}dbeeLzcFhwyolAS9LenMxj4fvSN8bXzQ LDAP Server の起動
# ls -la /var/openldap
# ls -la /var/openldap
total 8
drwxr-xr-x 2 root bin 3 May 27 14:37 openldap-data
drwxr-xr-x 2 root bin 2 Sep 20 2012 run
# chown -R openldap:openldap /var/openldap
# svcadm enable svc:/network/ldap/server:openldap_24
# svcs -l svc:/network/ldap/server:openldap_24
fmri svc:/network/ldap/server:openldap_24
name slapd - OpenLDAP LDAP server
enabled true
state online
next_state none
state_time May 27, 2013 03:34:07 PM JST
logfile /var/svc/log/network-ldap-server:openldap_24.log
restarter svc:/system/svc/restarter:default
contract_id 128
manifest /lib/svc/manifest/network/ldap/ldap-olslapd.xml
dependency require_all/error svc:/milestone/network:default (online)
dependency require_all/none svc:/system/filesystem/local:default (online)
FedFS データの識別名を作成
# nsdb-update-nci -l localhost -r 389 -D cn=Manager -w solaris1 dc=nerv,dc=local
# nsdb-update-nci -l localhost -r 389 -D cn=Manager -w solaris1 dc=nerv,dc=local
adding new entry "dc=nerv,dc=local"
NCE entry created
# ldapsearch -h localhost -x -b 'dc=nerv,dc=local' -s base '(objectclass=*)' '*' '+'
version: 1
dn: dc=nerv,dc=local
objectClass: top
objectClass: organization
objectClass: dcObject
objectClass: fedfsNsdbContainerInfo
o: nerv
dc: nerv
fedfsNcePrefix:
structuralObjectClass: organization
entryUUID: a0e043b2-5c40-1032-8e7f-ddb22a4c152a
creatorsName: cn=Manager,dc=nerv,dc=local
createTimestamp: 20130529001535Z
entryCSN: 20130529001535.724696Z#000000#000#000000
modifiersName: cn=Manager,dc=nerv,dc=local
modifyTimestamp: 20130529001535Z
entryDN: dc=nerv,dc=local
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE
LDAP サーバーに定義された NSDB と NFS サーバーに定義された NSDB の間の接続エントリを作成
# nsdbparams update -D cn=Manager,dc=nerv,dc=local -w solaris1 zone01.nerv.local
# nsdbparams update -D cn=Manager,dc=nerv,dc=local -w solaris1 zone01.nerv.local
# nsdbparams list
# nsdbparams list
zone01.nerv.local:389
# nsdbparams show zone01.nerv.local
zone01.nerv.local:389
default bind DN: cn=Manager,dc=nerv,dc=local
default bind PW: solaris1
default NCE: dc=nerv,dc=local
sectype: FEDFS_SEC_NONE
# nsdbparams get
default nsdb: localhost
default port: 389
zone02(NFSサーバ)
nfs 共有設定(sol 11.1, zfs ver. 6)# zfs set share=name=zone02nfs,path=/export/docs,prot=nfs,sec=sys,rw=*,public rpool/export/docs
# zfs set share=name=zone02nfs,path=/export/docs,prot=nfs,sec=sys,rw=*,public rpool/export/docs
name=zone02nfs,path=/export/docs,prot=nfs,public=true,sec=sys,rw=*
# zfs set sharenfs=on rpool/export/docs
# share
zone02nfs /export/docs nfs public,sec=sys,rw
NSDB の接続エントリを作成
# nsdbparams update -D cn=Manager,dc=nerv,dc=local -w solaris1 zone01.nerv.local
# nsdbparams update -D cn=Manager,dc=nerv,dc=local -w solaris1 zone01.nerv.local
zone03(NFSサーバ)
nfs 共有設定(sol 11.1, zfs ver. 6)# zfs set share=name=zone03nfs,path=/export/share,prot=nfs,sec=sys,rw=*,public rpool/export/share
# zfs set share=name=zone03nfs,path=/export/share,prot=nfs,sec=sys,rw=*,public rpool/export/share
name=zone03nfs,path=/export/share,prot=nfs,public=true,sec=sys,rw=*
# zfs set sharenfs=on rpool/export/share
# share
zone03nfs /export/share nfs public,sec=sys,rw
NSDB の接続エントリを作成
# nsdbparams update -D cn=Manager,dc=nerv,dc=local -w solaris1 zone01.nerv.local
# nsdbparams update -D cn=Manager,dc=nerv,dc=local -w solaris1 zone01.nerv.local
NSDB の指定
# nsdbparams set zone01.nerv.local
# nsdbparams set zone01.nerv.local
再解析ポイントデーモンを起動する
# svcadm enable svc:/system/filesystem/reparse
# svcadm enable svc:/system/filesystem/reparse
# svcs -l reparse
fmri svc:/system/filesystem/reparse:default
name Reparse Point daemon
enabled true
state online
next_state none
state_time May 28, 2013 10:20:19 AM JST
logfile /var/svc/log/system-filesystem-reparse:default.log
restarter svc:/system/svc/restarter:default
contract_id 154
manifest /lib/svc/manifest/network/shares/reparsed.xml
dependency require_any/error svc:/milestone/network (online)
dependency require_all/refresh svc:/milestone/name-services (online)
dependency require_all/error svc:/system/filesystem/minimal (online)
zone02 の/export/docs を zone03 の/export/share/docs として配置する
# share
# share
zone03nfs /export/share nfs public,sec=sys,rw
# nfsref -t nfs-fedfs add /export/share/docs zone02.nerv.local:/export/docs
Created reparse point /export/share/docs
# ls -l /export/share
total 4
drwxr-xr-x 2 root root 3 6月 2日 03:13 data
lrwxrwxrwx 1 root root 81 5月 30日 11:05 docs -> @{REPARSE@{nfs-fedfs:zone01.nerv.local 389 58855610-c8cd-11e2-a758-820820bb17db}}
zone04(NFSクライアント)
nfs をマウントする(sol 11.1, zfs ver. 6)# mount -F nfs zone03.nerv.local:/export/share /mnt
# mount -F nfs zone03.nerv.local:/export/share /mnt
# ls -l /mnt
total 4
drwxr-xr-x 2 root root 3 6月 2日 03:13 data
dr-xr-xr-x 1 root root 1 6月 2日 03:22 docs
# cd /mnt/docs
# ls -l
total 7
-rw-r--r-- 1 root root 2750 5月 30日 10:16 file02
# nsdb-nces
# nsdb-nces
Host: zone01.nerv.local:389
namingContext 'dc=nerv,dc=local' is a FedFS NCE, DIT starts at ''
# nsdb-list
NSDB: zone01.nerv.local:389, dc=nerv,dc=local
FSN UUID: 58855610-c8cd-11e2-a758-820820bb17db
FSL UUID: 5889fdfa-c8cd-11e2-a759-020820bb17db = zone02.nerv.local:/export/docs
# nsdb-resolve-fsn 58855610-c8cd-11e2-a758-820820bb17db
For FSN UUID 58855610-c8cd-11e2-a758-820820bb17db
FSL UUID: 5889fdfa-c8cd-11e2-a759-020820bb17db
Location: zone02.nerv.local:/export/docs
0 件のコメント:
コメントを投稿