Tuesday, May 8, 2007

在Mac OS X上使用automount

Using automount on Mac OS X

These notes have not yet been updated for Mac OS X 10.4 (Tiger).

Various methods are available on Mac OS X for mounting remote filesystems. This page documents several methods by which OS X can mount Network File System (NFS) shares: from the Finder, static mount entries, or by using automount. These methods have only been tested on 10.2; earlier releases may not support what is documented below. Automounting works in 10.3, but only from a file and not NetInfo.

NFS requires that the userid (and groupid) be identical on the client and server. On Mac OS X clients, create a generic admin account, then manually create the other accounts from the command line will allow the correct server userid to be set. Another option is to use a Directory Service which synchronizes the account and share information on all the systems involved. Or, update the NetInfo database and convert the existing files to the new user and group numbers.

Other resources of note include amd(8) of the Automount Utilities for mounting filesystems, or OpenAFS for an alternative to NFS.

Finder Mounting

Mounting NFS from the Finder requires the NFS server to be configured to allow connections from non-reserved ports (1024 and above), as Mac OS X does not use a reserved source port to connect. Enabling connections from non-reserved ports varies on the NFS server in question. See also the rpc.lockd and other tips detailed in Using NFS between Linux and Panther.

Another option is on the Mac OS client to use the -P option to mount_nfs or the resvport flag to use a reserved port number, as shown in the examples below.

  • FreeBSD: configure nfs_reserved_port_only.

    • This can be set at startup in the /etc/rc.conf configuration file, and on a running system by changing the vfs.nfs.nfs_privport sysctl(8) value to 0.

    # echo 'nfs_reserved_port_only="NO"' >> /etc/rc.conf
    # sysctl vfs.nfs.nfs_privport=0

    Using the -T to mount_nfs may be needed when connecting to FreeBSD; some NFS servers will support Transmission Control Protocol (TCP), others only User Datagram Protocol (UDP).

  • Linux: add the insecure option to the /etc/exports file entries for the shares in question, then restart the NFS service.

    • /share 192.0.2.0/255.255.255.0(rw,root_squash,insecure)

    Other options (userid squashing and so forth) may be required, depending on the situation in question. See exports(5) for more details.

    If running iptables on Linux, be sure to update the firewall configuration, /etc/services, and on RedHat based systems /etc/sysconfig/nfs with settings to bind NFS services to specified ports.

Once the NFS server allows connections from non-reserved ports, connecting from the Finder is simple.

  1. In the Finder, go to the Go menu, and select Connect to Server....
     
  2. In the resulting window, type in the URL-style path to the share on the NFS server, then hit return.

    3. nfs://nfs.example.org/share/

The share should mount automatically and be made available on the desktop (or under the /Volumes directory from the command line), which works well for temporary needs. However, the share will be unmounted should the user logout, or if the system restarts. The following methods keep the mount available at all times.

Static Mount

This method mounts the NFS share at startup, but always keeps the filesystem mounted. The automounting method, below, is a better option.

NFS mount tables on Mac OS X are stored in the NetInfo database instead of files or NIS. To mount a filesystem, run the NetInfo Manager and create a subdirectory under mounts with the following key/value pairs set.

opts -P
name server.example.org:/share
type nfs
dir /nfs/server/share

Also be sure to create the target /nfs/server/share directory path where the filesystem will be mounted at. Automounting, by contrast, creates the directory (e.g. /nfs) on the fly, which simplifies administration.

Do not soft mount read/write shares; the ability to survive the server not being available is likely not worth data corruption.

The /mountpoint/servername/sharename mount syntax is recommended as it allows common directory names (say, /home) to be mounted from two different servers without conflict. This is similar to how OpenAFS lays things out under /afs.

Automounting via NetInfo

Automount StartupItem | Backing up /mountmaps

Setting up automount is more complex, but allows inactive shares to be unmounted when not in use, which can prevent an unused hard NFS mount from stalling the client should the NFS server fail. NetInfo mount maps will need to be created, and automount configured to mount the custom definitions.

  • Mac OS X 10.3

    • Use the NetInfo mounts directory to setup mounts.

    name server:/shared/folder
    dir /local/mountpoint
    type nfs
    opts …

  • Mac OS X 10.2

    • On Mac OS X 10.2, automount can be configured to use NetInfo via /mountmaps definitions.

    1. Setup /mountmaps in NetInfo.

      2. Create a mountmaps directory at the top level of the NetInfo Database, then a nfs subdirectory therein. Under there, create a new subdirectory with the following properties. Use New Value in NetInfo Manager to create multiple opts keys.

      opts resvport
      intr
      name share
      fspec nfs.example.org:/share

      In the NetInfo Manager application, the setup looks something like the following.

    2. Run automount.

      3. The automount command will need to be run to mount the map in question.

      # automount -m /nfs nfs

      This will mount the mountmaps/nfs NetInfo mount entry (or entries) under the /nfs directory, /nfs/share in the above example. Softlinks can be created elsewhere on the filesystem to make the mount point available via a different path, if required.

Automount StartupItem

A special StartupItem will need to be setup to invoke automount on any maps created to make the shares available when the system starts up. This is required for 10.2; 10.3 systems using the /mounts NetInfo directory need no special StartupItem.

  1. The AUTOMOUNT entry will need to be set to -YES- in the /etc/hostconfig file.

    2. $ grep -i ^autom /etc/hostconfig
    AUTOMOUNT=-YES-

  2. Mount mountmap shares at startup.

    3. To run the automount command at startup, use the following Automount StartupItem, which will invoke automount with all entries listed under the mountmaps NetInfo path. Place the Automount directory under /Library/StartupItems.

    Currently, the Automount StartupItem runs automount for each subdirectory under mountmaps. In theory, a single call to automount with multiple mounts would work, and reduce the number of automount processes running. I have not had time yet to rewrite the script to do a single automount call.

Backing up /mountmaps

The nidump(8) utility creates a textual representation of NetInfo directory data, for backup or easy transfer to other systems. Use the niload(8) command to load the data back into NetInfo.

$ sudo nidump -r /mountmaps /
{
"name" = ( "mountmaps" );
CHILDREN = (
{
"name" = ( "nfs" );
CHILDREN = (
{
"name" = ( "share" );
"fspec" = ( "nfs.example.org:/share" );
"opts" = ( "intr", "resvport" );
}
)
}
)
}

Automount via File

An alternative to using NetInfo is to place the mounts into a static file, which is read by automount.

  1. Create /etc/auto.nfs.

    2. This file will contain mount entries that otherwise would have been stored in NetInfo.

    server-home -rw,bg,intr server.example.org:/home

  2. Test automount.

    3. $ sudo automount -m /nfs /etc/auto.nfs
    $ ls /nfs/server-home

  3. Configure automount to run at startup.

    4. Use an @reboot root cron(8) job, or adapt the above StartupItem to call the single automount for the file in question. For more information on @reboot, see crontab(5).

Automount via LDAP

Placing the maps in LDAP might be possible. An alternative is to read the mount information from LDAP with a script, and write out the mount information to a local file.

Debugging

NFS requires a variety of services to work, and may be blocked by firewall rules or tcp_wrapper configuration on either the client or server.

  • Disable (or enable logging) on any firewalls on or between the client and server.
     
  • Check portmap allowance in tcp_wrappers (see hosts_access(5) ) on client and server.

    • This is only relevant if portmap has been compiled against tcp_wrappers— RedHat Linux does this, while other systems may not— and if a deny rule in /etc/hosts.deny or /etc/hosts.allow blocks access to portmap. To allow Remote Procedure Call (RPC) services, try something like the following in /etc/hosts.allow (based on the FreeBSD example hosts.allow).

    portmap : 192.0.2.0/255.255.255.0 : allow
    portmap : ALL : deny

  • Check that portmap is enabled and running.

    • On Mac OS X, portmap should be started automatically if needed.

    $ grep -i rpcserver /etc/hostconfig
    RPCSERVER=-AUTOMATIC-

  • Review the system logs for permission or configuration problems.
     
  • See what rpcinfo(8) says about open services.

    • The following shows server.example.org running both the TCP and UDP methods for NFS versions 2 and 3. NFS version 3 via TCP should be used by default if possible, though older or incompatible servers may require the use of older protocol versions or the udp method.

    $ rpcinfo -p server.example.org | grep nfs
    100003 2 udp 2049 nfs
    100003 3 udp 2049 nfs
    100003 2 tcp 2049 nfs
    100003 3 tcp 2049 nfs

  • Debug the network traffic with tcpdump(1) or ethereal.
     
  • Managing NFS and NIS, 2nd Edition.

Utilities

Programs that configure shares and mounts on Mac OS X include:

  • AutomountMaker - "a donateware, OS X native, easy tool to mount filesystems of type AFP, FTP, http, NFS, and SMB".
     
  • NFSManager - configures NFS on Mac OS X.

posted by Shawn@TutorSky.Net @ 5:44 AM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home