blog/data/2014-03-12-skolelinux-autofs.txt

   1 Title: How to add extra storage servers in Debian Edu / Skolelinux
   2 Tags: english, debian edu, ldap
   3 Date: 2014-03-12 12:50
   4
   5 <p>On larger sites, it is useful to use a dedicated storage server for
   6 storing user home directories and data.  The design for handling this
   7 in <a href="http://www.skolelinux.org/">Debian Edu / Skolelinux</a>, is
   8 to update the automount rules in LDAP and let the automount daemon on
   9 the clients take care of the rest.  I was reminded about the need to
  10 document this better when one of the customers of
  11 <a href="http://www.slxdrift.no/">Skolelinux Drift AS</a>, where I am
  12 on the board of directors, asked about how to do this.  The steps to
  13 get this working are the following:</p>
  14
  15 <p><ol>
  16
  17 <li>Add new storage server in DNS.  I use nas-server.intern as the
  18 example host here.</li>
  19
  20 <li>Add automoun LDAP information about this server in LDAP, to allow
  21 all clients to automatically mount it on reqeust.</li>
  22
  23 <li>Add the relevant entries in tjener.intern:/etc/fstab, because
  24 tjener.intern do not use automount to avoid mounting loops.</li>
  25
  26 </ol></p>
  27
  28 <p>DNS entries are added in GOsa², and not described here.  Follow the
  29 <a href="https://wiki.debian.org/DebianEdu/Documentation/Wheezy/GettingStarted">instructions
  30 in the manual</a> (Machine Management with GOsa² in section Getting
  31 started).</p>
  32
  33 <p>Ensure that the NFS export points on the server are exported to the
  34 relevant subnets or machines:</p>
  35
  36 <p><blockquote><pre>
  37 root@tjener:~# showmount -e nas-server
  38 Export list for nas-server:
  39 /storage         10.0.0.0/8
  40 root@tjener:~#
  41 </pre></blockquote></p>
  42
  43 <p>Here everything on the backbone network is granted access to the
  44 /storage export.  With NFSv3 it is slightly better to limit it to
  45 netgroup membership or single IP addresses to have some limits on the
  46 NFS access.</p>
  47
  48 <p>The next step is to update LDAP.  This can not be done using GOsa²,
  49 because it lack a module for automount.  Instead, use ldapvi and add
  50 the required LDAP objects using an editor.</p>
  51
  52 <p><blockquote><pre>
  53 ldapvi --ldap-conf -ZD '(cn=admin)' -b ou=automount,dc=skole,dc=skolelinux,dc=no
  54 </pre></blockquote></p>
  55
  56 <p>When the editor show up, add the following LDAP objects at the
  57 bottom of the document.  The "/&" part in the last LDAP object is a
  58 wild card matching everything the nas-server exports, removing the
  59 need to list individual mount points in LDAP.</p>
  60
  61 <p><blockquote><pre>
  62 add cn=nas-server,ou=auto.skole,ou=automount,dc=skole,dc=skolelinux,dc=no
  63 objectClass: automount
  64 cn: nas-server
  65 automountInformation: -fstype=autofs --timeout=60 ldap:ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
  66
  67 add ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
  68 objectClass: top
  69 objectClass: automountMap
  70 ou: auto.nas-server
  71
  72 add cn=/,ou=auto.nas-server,ou=automount,dc=skole,dc=skolelinux,dc=no
  73 objectClass: automount
  74 cn: /
  75 automountInformation: -fstype=nfs,tcp,rsize=32768,wsize=32768,rw,intr,hard,nodev,nosuid,noatime nas-server.intern:/&
  76 </pre></blockquote></p>
  77
  78 <p>The last step to remember is to mount the relevant mount points in
  79 tjener.intern by adding them to /etc/fstab, creating the mount
  80 directories using mkdir and running "mount -a" to mount them.</p>
  81
  82 <p>When this is done, your users should be able to access the files on
  83 the storage server directly by just visiting the
  84 /tjener/nas-server/storage/ directory using any application on any
  85 workstation, LTSP client or LTSP server.</p>