From eaf6ebc81e0fc7b54fbbee5ba8d3483ade2add7d Mon Sep 17 00:00:00 2001 From: buchel_k Date: Thu, 7 Nov 2024 13:35:21 +0100 Subject: [PATCH] document automatic mounts --- _toc.yml | 5 ++ admin-guide/configuration/files.md | 2 +- admin-guide/configuration/files/afs.md | 41 ++++++++++++ admin-guide/configuration/files/autofs.md | 36 +++++++++++ .../files/central_storage_mount.md | 36 +++++++++++ admin-guide/configuration/files/mount.md | 64 +++---------------- .../files/windows_drives_in_home.md | 20 ++++++ user-guide/windows_drives_in_home.md | 5 ++ 8 files changed, 152 insertions(+), 57 deletions(-) create mode 100644 admin-guide/configuration/files/afs.md create mode 100644 admin-guide/configuration/files/autofs.md create mode 100644 admin-guide/configuration/files/central_storage_mount.md create mode 100644 admin-guide/configuration/files/windows_drives_in_home.md create mode 100644 user-guide/windows_drives_in_home.md diff --git a/_toc.yml b/_toc.yml index c24a5ce4..a5387cc4 100644 --- a/_toc.yml +++ b/_toc.yml @@ -11,6 +11,7 @@ chapters: sections: - file: user-guide/login_servers - file: user-guide/linux_terminalserver + - file: user-guide/windows_drives_in_home - file: user-guide/MFA - file: user-guide/ms_teams - file: user-guide/evolution_for_o365 @@ -77,6 +78,10 @@ chapters: - file: admin-guide/configuration/software/citrix_vda - file: admin-guide/configuration/files sections: + - file: admin-guide/configuration/files/windows_drives_in_home + - file: admin-guide/configuration/files/central_storage_mount + - file: admin-guide/configuration/files/autofs + - file: admin-guide/configuration/files/afs - file: admin-guide/configuration/files/mount - file: admin-guide/configuration/files/distribute_files - file: admin-guide/configuration/files/partitioning diff --git a/admin-guide/configuration/files.md b/admin-guide/configuration/files.md index 455de53e..c7ff6406 100644 --- a/admin-guide/configuration/files.md +++ b/admin-guide/configuration/files.md @@ -1,4 +1,4 @@ -# Files and Volumes +# Files, Volumes and Network Shares ```{tableofcontents} diff --git a/admin-guide/configuration/files/afs.md b/admin-guide/configuration/files/afs.md new file mode 100644 index 00000000..eaf0543a --- /dev/null +++ b/admin-guide/configuration/files/afs.md @@ -0,0 +1,41 @@ +# AFS + +**Deprecation Note** +We plan to migrate away from AFS. We do not support AFS for RHEL9. Please contact the Linux Core Group for migration options. + + +AFS is depending on the Puppet role already configured by default. Additionally it can be enabled or disabled in Hiera with `base::enable_afs`: +``` +base::enable_afs: true +``` +respectively to disable: +``` +base::enable_afs: false +``` + +Following details can be modified, but are usually not required: +- `afs_client::mountpoint` +- `afs_client::root_volume` +- `afs_client::enable_dynroot` +- `afs_client::min_cache_size` (e.g. `8G`) +- `afs_client::files` +- `afs_client::dcache` + +When disabling AFS the daemon is not automatically switched off. There is additional manual effort required on the host: + +``` +systemctl disable yfs-client.service +reboot +``` + +If you want to do it without reboot, first stop all processes using AFS. You might figure them out e.g. with `lsof | grep /afs`. + +Then do +``` +umount /afs +systemctl stop yfs-client.service +systemctl disable yfs-client.service +afsd -shutdown +``` + + diff --git a/admin-guide/configuration/files/autofs.md b/admin-guide/configuration/files/autofs.md new file mode 100644 index 00000000..7c83df07 --- /dev/null +++ b/admin-guide/configuration/files/autofs.md @@ -0,0 +1,36 @@ +# autofs + +How to configure the `autofs` daemon. + +## Daemon Configuration + +In Hiera `base::enable_autofs` controls the `autofs` daemon. Start it with: +``` +base::enable_autofs: true +``` +or to keep it shut down +``` +base::enable_autofs: false +``` +or to keep Puppet off +``` +base::enable_autofs: null +``` + +Note that `base::enable_central_storage_mount: true` always enables `autofs` and `base::enable_autofs` will be ignored. + + +## Automatic NFS on /net + +The automatic mount of exported shares of an NFS server below `/net/$SERVER` is controlled in Hiera with the `autofs::slash_net` flag. +On RHEL7 or RHEL8 this feature is by default enabled, on RHEL9 and later disabled. + +To have it always enabled do +``` +autofs::slash_net: true +``` + +## Configure own autofs Maps + +For own maps place the `auto.master` part of the configuration in `/etc/auto.master.d/` in an unique file with the `.autofs` suffix. From there you link your map files, which can be placed everywhere, often directly in `/etc`. To manage this via Puppet/Hiera you might check out the [Distribute Files Guide](../files/distribute_files). + diff --git a/admin-guide/configuration/files/central_storage_mount.md b/admin-guide/configuration/files/central_storage_mount.md new file mode 100644 index 00000000..2cba841d --- /dev/null +++ b/admin-guide/configuration/files/central_storage_mount.md @@ -0,0 +1,36 @@ +# Central Storage Mount (/psi.ch) + +Mounts `/psi.ch` which gives Kerberos protected access to all network shares (NFS or CIFS/SMB/Windows) which have been configured/opened for this feature. + +## Configuration + +In Hiera enable it with +``` +base::enable_central_storage_mount: true +``` +or disable it with +``` +base::enable_central_storage_mount: false +``` + +On workstation type systems this is enabled by default starting with RHEL9 + +## Adding a Share + +For a new or exsting share find a suitable path below `/psi.ch/group` or `/psi.ch/project` and inform Peter Huesser or the [Linux Core Group](mailto:linux-eng@psi.ch) + + +## Debugging + +Is autofs running and fine? + + +``` +sudo systemctl status autofs +sudo journalctl -u autofs +``` + +Is the firewall blocking access to the file server? + +For NFS shares, are there network access restrictions on server side for the share? + diff --git a/admin-guide/configuration/files/mount.md b/admin-guide/configuration/files/mount.md index 321f00c1..72eccdfa 100644 --- a/admin-guide/configuration/files/mount.md +++ b/admin-guide/configuration/files/mount.md @@ -1,28 +1,12 @@ # Mounting Volumes -Managing mount points of local or network volumes can also be managed in Hiera. +Managing mount points of local or network volumes can also be done in Hiera. -First we show more generic features which mount a given set of network drives. -More below is documented how individual mounts can be created or removed. - - -## Access same Network Drives as Windows - -Linux can be made to mount a users usual network drives the same way as Windows. -The mountpoints can be found in `~/network-drives`. -The `U:`-drive is there named `home`, while the rest keeps their original share name. - - -This feature is controlled in Hiera with - -``` -user_session::mount_cifs_shares: true -``` - -These mounts are created on the first user session created and will end with the last session closed. -If for some reason they are not created (e.g. due to offline login), you might execute `/opt/pli/bin/create-network-drive-links` to bring them back in again. - -Note this does not work for RHEL7. +For more automatic network data setups please look at +- [Windows Drives in Home Directory](windows_drives_in_home) +- [Central Storage Mount](central_storage_mount) +- [autofs](autofs) +- [AFS](afs) ## Managing Mountpoints in Hiera @@ -154,41 +138,9 @@ username and password allowed to mount it. On the other hand, a mount `emf` with type `cifs` is defined. You should specify in options the location of `credentials` as well as optional parameters. -## AFS -AFS is depending on role already configured by default. Additionally it can be enabled or disabled in Hiera with `base::enable_afs`: -``` -base::enable_afs: true -``` -respectively to disable: -``` -base::enable_afs: false -``` - -Following details can be modified, but are usually not required: -- `afs_client::mountpoint` -- `afs_client::root_volume` -- `afs_client::enable_dynroot` -- `afs_client::min_cache_size` (e.g. `8G`) -- `afs_client::files` -- `afs_client::dcache` - -When disabling AFS the daemon is not automatically switched off. There is additional manual effort required on the host: - -``` -systemctl disable yfs-client.service -reboot -``` - -If you want to do it without reboot, first stop all processes using AFS. You might figure them out e.g. with `lsof | grep /afs`. - -Then do -``` -umount /afs -systemctl stop yfs-client.service -systemctl disable yfs-client.service -afsd -shutdown -``` +## Systemd Automount +Adding the options `noauto,x-systemd.automount` will make the mount not happen on startup, but will be automounted on the first use of the mountpoint. ## Bind Mounts Bind mounts can be defined as follows: diff --git a/admin-guide/configuration/files/windows_drives_in_home.md b/admin-guide/configuration/files/windows_drives_in_home.md new file mode 100644 index 00000000..7f4003f4 --- /dev/null +++ b/admin-guide/configuration/files/windows_drives_in_home.md @@ -0,0 +1,20 @@ +# Windows Drives in Home Directory + +The Windows shares which get automatically connected on a PSI Windows system can also be automatically mounted on login on RHEL system. + +The mountpoints can be found in `~/network-drives`. +The `U:` drive is there named `home`, while the rest keeps their original share name. + +This feature is enabled by default on workstation type systems. +It can be controlled in Hiera with: + +``` +user_session::mount_cifs_shares: true +``` + +These mounts are created with the first user session and will end with the last session closed. +If for some reason they are not created (e.g. due to offline login), you might execute `/opt/pli/bin/create-network-drive-links` to bring them back in again. + +Note this does not work for RHEL7. + + diff --git a/user-guide/windows_drives_in_home.md b/user-guide/windows_drives_in_home.md new file mode 100644 index 00000000..1daf3d9c --- /dev/null +++ b/user-guide/windows_drives_in_home.md @@ -0,0 +1,5 @@ +# Access same Network Drives as Windows + +In your home directory you find in `network-drives` the same Windows shares as on a PSI Windows system. Note that the `U:` drive is named `home`, the rest has their original share name. + +If it does not work, point your admin to the [configuration guide](../admin-guide/configuration/files/windows_drives_in_home).