Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
01ac0b8b60156455e5bb6bfa19ea223fa1dfc6c9
gitea-pages/admin-guide/configuration/mount.md
Konrad Bucheli 1014211fc8 add AFS documentation
2023-09-12 09:30:36 +02:00

127 lines
4.2 KiB
Markdown
Raw Blame History

# Mounting Volumes
Managing mount points of local or network volumes can also be managed in Hiera.
## Managing Mountpoints in Hiera
The configuration in Hiera is done with two parts:
1. the definition of a mountpoint (`mounter::def::$NAME`)
2. the list of mount points actually configured on a system (`mounter::mounts`)
Due to this the mountpoints can be prepared once on a high scope (e.g. for all systems in an environment), but then the individual systems pick out whatever is required for them.
Example:
```
mounter::def::scratch:
ensure: 'mounted'
mountpoint: '/scratch'
device: '/dev/vg_data/lv_scratch'
type: 'xfs'
mounter::mounts:
- 'scratch'
```
The directory of the mountpoint is automatically created when missing.
For auto-mounts, add another option to the mountpoint definition:
```
auto: true
```
## NFS
Remote NFS mountpoints can be defined as in following example:
```
mounter::def::controls:
'ensure': 'mounted'
'device': 'sls-hafs:/export/sls/controls'
'mountpoint': '/gfa/.mounts/sls_controls'
'type': 'nfs'
mounter::def::data1:
'ensure': 'mounted'
'device': 'x01dc-fs-1:/export/X01DC/Data1'
'mountpoint': '/sls/X01DC/Data1'
'type': 'nfs'
'options': 'soft,nfsvers=4,tcp,bg'
mounter::mounts:
- 'controls'
- 'data1'
```
Ideally use NFSv4 (option `nfsvers=4.2`) and Kerberos authentication (option `sec=krb5`) is used. For Kerberos please contact the Linux Core Group for support. We managed to get it running experimentally, but it might not run yet automatically from Puppet. And of course also the NetApp side needs to be prepared accordingly.
## CIFS
Remote CIFS mountpoints can be defined as follows:
```
mounter::cifs::def::cifs_mpc2375:
ensure: 'present'
path: '/etc/cifs-utils'
cifs_username: 'allowedWindowsUser'
cifs_password: 'ENC[PKCS7,MIIBeQYJKoZIhvc...]'
mounter::cifs::files:
- 'cifs_mpc2375'
mounter::def::emf:
ensure: 'mounted'
device: '//172.23.75.16/Users'
mountpoint: '/emf/jeol2200fs/k2'
type: 'cifs'
options: 'credentials=/etc/cifs-utils/cifs_mpc2375,uid=35667,gid=35270,forcegid,file_mode=0660,dir_mode=0770'
mounter::mounts:
- 'emf'
```
In the above example, we need to create a `credentials` file with `mounter::cifs::def::$NAME`_. This file will
be called `cifs_mpc2375` and will be located in `/etc/cifs-utils` and will contain information about the
username and password allowed to mount it.
On the other hand, a mount `emf` is defined. You should specify in options the location of `credentials`.
Other optional parameters are used. `emf` is mounted with type `cifs`, which will automatically ensure that
proper `cifs-utils` package is installed.
Ideally this would also support Kerberos (option `multiuser,sec=krb5`) then we would not need to deal with a mount username and password. We got that once running, but only by chance when there was also a NFS mount with Kerberos authentication which would prepare the according Kerberos host tickets. For CIFS RedHat misses some upcall configuration to do the same. RedHat support said that this might be fixed for 8.8, but it did not happen. How to configure this upcall or to prepare the Kerberos ticket that manually outside (e.g. regulary with a timer) we have not figured out yet.
## AFS
AFS is depending on role already configured by default. Additionally it can be enabled or disabled in Hiera with `base::enable_afs`:
```
base::enable_afs: true
```
respectively to disable:
```
base::enable_afs: false
```
Following details can be modified, but are usually not required:
- `afs_client::mountpoint`
- `afs_client::root_volume`
- `afs_client::enable_dynroot`
- `afs_client::min_cache_size` (e.g. `8G`)
- `afs_client::files`
- `afs_client::dcache`
## Bind Mounts
Bind mounts can be defined as follows:
```
mounter::def::e10550:
'ensure': 'mounted'
'device': '/gpfs/perf/MX/Data10-pro/e10550'
'mountpoint': '/sls/MX/Data10/e10550'
'type': 'none'
'options': 'bind,_netdev,x-systemd.requires-mounts-for=/gpfs/perf/MX/Data10-pro'
```
Note that beside the mandatory `bind` option there is
- `_netdev` to be set when the directory to bind (`device`) is on a network volume
- `x-systemd.requires-mounts-for=$OTHER_MOUNTPOINT` ensures that systemd prepares the bind mount after the volume on which the directory to bind (`device`) is located
View Git Blame Copy Permalink