设置基于 Kerberos 的 HA NFS 共享

设置基于 Kerberos 的 HA NFS 共享

我正在尝试从 HA 集群设置 Kerberized NFS 共享。我已经从单个服务器成功设置了 krb 感知的 NFS 共享,我在集群上使用了几乎相同的配置。

从工作的单个服务器导出文件:

/nfs    *(rw,sec=krb5:krb5i:krb5p)

集群资源配置:

# pcs resource show nfs-export1
 Resource: nfs-export1 (class=ocf provider=heartbeat type=exportfs)
  Attributes: clientspec=10.1.0.0/255.255.255.0 directory=/nfsshare/exports/export1 fsid=1 options=rw,sec=krb5:krb5i:krb5p,sync,no_root_squash
  Operations: monitor interval=10 timeout=20 (nfs-export1-monitor-interval-10)
              start interval=0s timeout=40 (nfs-export1-start-interval-0s)
              stop interval=0s timeout=120 (nfs-export1-stop-interval-0s)

客户showmount端到工作的单个服务器:

# showmount -e ceserv
Export list for ceserv:
/nfs *

客户showmount端到浮动集群名称:

# showmount -e hafloat
Export list for hafloat:
/nfsshare/exports/export1 10.1.0.0/255.255.255.0
/nfsshare/exports         10.1.0.0/255.255.255.0

客户端内容/etc/fstab

ceserv:/nfs /mnt/nfs nfs4 sec=krb5i,rw,proto=tcp,port=2049
hafloat.ncphotography.lan:export1 /nfsmount nfs4 sec=krb5i,rw,proto=tcp,port=2049

命令结果mount -av

# mount -av
mount.nfs4: timeout set for Mon Dec  4 20:57:14 2017
mount.nfs4: trying text-based options 'sec=krb5i,proto=tcp,port=2049,vers=4.1,addr=10.1.0.24,clientaddr=10.1.0.23'
/mnt/nfs                 : successfully mounted
mount.nfs4: timeout set for Mon Dec  4 20:57:14 2017
mount.nfs4: trying text-based options 'sec=krb5i,proto=tcp,port=2049,vers=4.1,addr=10.1.0.29,clientaddr=10.1.0.23'
mount.nfs4: mount(2): Operation not permitted
mount.nfs4: Operation not permitted

所有防火墙均已禁用。所有名称都正确解析为 10.1.0.0/24 网络内的 IP 地址,并且所有 IP 地址都反向解析为正确的主机名。

相关内容