Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

document multiuser CIFS mount

Browse Source
This commit is contained in:
buchel_k
2023-10-19 16:14:19 +02:00
parent 984207156e
commit 75b24583d3
1 changed files with 20 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin-guide/configuration/mount.md
+20 -5
View File
@@ -58,6 +58,25 @@ Ideally use NFSv4 (option `nfsvers=4.2`) and Kerberos authentication (option `se
## CIFS
### CIFS with Multiuser Option and Kerberos
Mounting a CIFS share with the `multiuser` option and Kerberos has the advantage that no password is needed and each user gets his personal access rights. But it needs to have, similar to AFS, an appropriate Kerberos ticket.
```
mounter::def::scratch:
ensure: 'mounted'
enable: 'true'
device: '//scratch01/scratch'
mountpoint: '/media/scratch'
type: 'cifs'
options: 'multiuser,sec=krb5'
mounter::mounts:
- 'scratch'
```
### CIFS with User and Password
Remote CIFS mountpoints can be defined as follows:
```
@@ -85,11 +104,7 @@ In the above example, we need to create a `credentials` file with `mounter::cifs
be called `cifs_mpc2375` and will be located in `/etc/cifs-utils` and will contain information about the
username and password allowed to mount it.
On the other hand, a mount `emf` is defined. You should specify in options the location of `credentials`.
Other optional parameters are used. `emf` is mounted with type `cifs`, which will automatically ensure that
proper `cifs-utils` package is installed.
Ideally this would also support Kerberos (option `multiuser,sec=krb5`) then we would not need to deal with a mount username and password. We got that once running, but only by chance when there was also a NFS mount with Kerberos authentication which would prepare the according Kerberos host tickets. For CIFS RedHat misses some upcall configuration to do the same. RedHat support said that this might be fixed for 8.8, but it did not happen. How to configure this upcall or to prepare the Kerberos ticket that manually outside (e.g. regulary with a timer) we have not figured out yet.
On the other hand, a mount `emf` with type `cifs` is defined. You should specify in options the location of `credentials` as well as optional parameters.
## AFS
AFS is depending on role already configured by default. Additionally it can be enabled or disabled in Hiera with `base::enable_afs`: