blog/data/2014-03-12-skolelinux-autofs.txt

   1 Title: How to add extra storage servers in Debian Edu / Skolelinux
   2 Tags: english, debian edu, ldap
   3 Date: 2014-03-14 12:50
   4
   5 <p>On larger sites, it is useful to use a dedicated storage server for
   6 storing user home directories and data.  The design for handling this
   7 in Debian Edu / Skolelinux, is to update the automount rules in LDAP
   8 and let the automount daemon on the clients take care of the rest.  I
   9 was reminded about the need to document this better when one of the
  10 customers of <a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>,
  11 where I am on the board of directors, asked about how to do this.  The
  12 steps to get this working are the following:</p>
  13
  14 <p><ol>
  15
  16 <li>Add new storage server in DNS.  I use nas-server.intern as the
  17 example host here.</li>
  18
  19 <li>Add automoun LDAP information about this server in LDAP, to allow
  20 all clients to automatically mount it on reqeust.</li>
  21
  22 <li>Add the relevant entries in tjener.intern:/etc/fstab, because
  23 tjener.intern do not use automount to avoid mounting loops.</li>
  24
  25 </ol></p>
  26
  27 <p>DNS entries are added in GOsa², and not described here.  Follow the
  28 <a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions
  29 in the manual</a> (Machine Management with GOsa² in section etting
  30 started).</p>
  31
  32 <p>Ensure that the NFS export points on the server are exported to the
  33 relevant subnets or machines:</p>
  34
  35 <p><blockquote><pre>
  36 root@tjener:~# showmount -e nas-server
  37 Export list for nas-server:
  38 /storage         10.0.0.0/8
  39 root@tjener:~#
  40 </pre></blockquote></p>
  41
  42 <p>Here everything on the backbone network is granted access to the
  43 /storage export.  With NFSv3 it is slightly better to limit it to
  44 netgroup membership or single IP addresses to have some limits on the
  45 NFS access.</p>
  46
  47 <p>The next step is to update LDAP.  This can not be done using GOsa²,
  48 because it lack a module for automount.  Instead, use ldapvi and add
  49 the required LDAP objects using an editor.</p>
  50
  51 <p><blockquote><pre>
  52 ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
  53 </pre></blockquote></p>
  54
  55 <p>When the editor show up, add the following LDAP objects at the
  56 bottom of the document.  The "/&" part in the last LDAP object is a
  57 wild card matching everything the nas-server exports, removing the
  58 need to list individual mount points in LDAP.</p>
  59
  60 <p><blockquote><pre>
  61 add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
  62 objectClass: automount
  63 cn: nas-server
  64 automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
  65
  66 add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
  67 objectClass: top
  68 objectClass: automountMap
  69 ou: auto.nas-server
  70
  71 add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
  72 objectClass: automount
  73 cn: /
  74 automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
  75 </pre></blockquote></p>
  76
  77 <p>The last step to remember is to mount the relevant mount points in
  78 tjener.intern by adding them to /etc/fstab, creating the mount
  79 directories using mkdir and running "mount -a" to mount them.</p>
  80
  81 <p>When this is done, your users should be able to access the files on
  82 the storage server directly by just visiting the
  83 /tjener/nas-server/storage/ directory using any application on any
  84 workstation, LTSP client or LTSP server.</p>