我正在尝试从 HA 集群设置 Kerberized NFS 共享。我已经从单个服务器成功设置了 krb 感知的 NFS 共享,我在集群上使用了几乎相同的配置。
从工作的单个服务器导出文件:
/nfs *(rw,sec=krb5:krb5i:krb5p)
集群资源配置:
# pcs resource show nfs-export1
Resource: nfs-export1 (class=ocf provider=heartbeat type=exportfs)
Attributes: clientspec=10.1.0.0/255.255.255.0 directory=/nfsshare/exports/export1 fsid=1 options=rw,sec=krb5:krb5i:krb5p,sync,no_root_squash
Operations: monitor interval=10 timeout=20 (nfs-export1-monitor-interval-10)
start interval=0s timeout=40 (nfs-export1-start-interval-0s)
stop interval=0s timeout=120 (nfs-export1-stop-interval-0s)
客户showmount端到工作的单个服务器:
# showmount -e ceserv
Export list for ceserv:
/nfs *
客户showmount端到浮动集群名称:
# showmount -e hafloat
Export list for hafloat:
/nfsshare/exports/export1 10.1.0.0/255.255.255.0
/nfsshare/exports 10.1.0.0/255.255.255.0
客户端内容/etc/fstab:
ceserv:/nfs /mnt/nfs nfs4 sec=krb5i,rw,proto=tcp,port=2049
hafloat.ncphotography.lan:export1 /nfsmount nfs4 sec=krb5i,rw,proto=tcp,port=2049
命令结果mount -av:
# mount -av
mount.nfs4: timeout set for Mon Dec 4 20:57:14 2017
mount.nfs4: trying text-based options 'sec=krb5i,proto=tcp,port=2049,vers=4.1,addr=10.1.0.24,clientaddr=10.1.0.23'
/mnt/nfs : successfully mounted
mount.nfs4: timeout set for Mon Dec 4 20:57:14 2017
mount.nfs4: trying text-based options 'sec=krb5i,proto=tcp,port=2049,vers=4.1,addr=10.1.0.29,clientaddr=10.1.0.23'
mount.nfs4: mount(2): Operation not permitted
mount.nfs4: Operation not permitted
所有防火墙均已禁用。所有名称都正确解析为 10.1.0.0/24 网络内的 IP 地址,并且所有 IP 地址都反向解析为正确的主机名。