[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: "NFS Slave"??

Greetings and thank you for your reply,

Jorge L. deLyra wrote:

I have two Beowulf clusters on two subnets hanging off different machines. (Actually, one has six different subnets to make it a flat network topology on more machines than will fit on a single switch, but that's not important.) One head node (call it "head1") is my NIS/NFS server, so that cluster's config was easy. The other head node ("head2") is an NIS/NFS client.

I've set up an NIS slave on head2, which doesn't quite work (but I think I know why and haven't exhausted all of the possible things to do).
It does work, we used this here in the past.

Cool. Could I ask for some help then? I think that I've "tried everything" now, including purging and reinstalling NIS on head2, rebooting head1 and head2, reading all of the NIS documentation very carefully, etc., but it doesn't quite work.

I can use head2 as an NIS server just fine on the main network (e.g. machine3 on the same network as head1 and head2 can use head2 as NIS server), but not on the subnet hanging off head2. The subnet off head2 (10.0.0.*) is different from that off head1 (10.1.1.* and 10.2.2.*), but I have both in /etc/ypserv.securenets on head1, and all of the machines in /etc/hosts of head1 and head2. I also have entries for all of the machines in head1's ypserv.conf with lines like:*:none

But and the others can't use head2 as a server, /etc/init.d/nis start just prints "Starting NIS services: ypbind " then sits there and does nothing.

But is there such a thing as an NFS slave? I try to export /home from head2, which mounts it from head1, but when clients mount it from head2, /var/log/messages shows:
The solution to your problem is: put the 2.4 kernel on head2 and configure
it for masquerading (netfilter, NAT, etc). The 2.4 kernels are able to do
NFS masquerading. You export whatever from head1 to head2 and on the nodes
of head2 you just mount from head1, ignoring the fact that it is on the
external network, using of course head1's address on the Internet. Instead
of the ipchains of 2.2, you must install and use iptables.

I see.  This kind of seems like cheating, but if it works, that's cool. :-)

I can see why old kernels might not have supported it: getting multiple mount requests from the same physical machine would be kind of wierd.

This works very well, we use it here. In order do enable ftp to outside
you must install special modules by hand. Besides the support in the
kernel, you need a script to set it all up during the boot of the server.
Below is a copy of the "/etc/rc.boot/setipforward-masq" script we use to
do this. It is set up for both 2.2 and 2.4 kernels, but note that NFS
masquerading only works on 2.4. Note that is the IP of our
server, the one which plays the role of your head2.
   modprobe ip_nat_ftp
   modprobe ip_conntrack_ftp
   # Set up masquerading for the pmcnet.
   iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source
   iptables -A FORWARD -i ! eth0 -o eth0 -j ACCEPT
   iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
   iptables -P FORWARD DROP
   # Print out a message.
   echo "masquerading the private network on eth1"
   # Turn on IP forwarding.
   echo 1 > /proc/sys/net/ipv4/ip_forward

Ohmygod, it works! Look at that! The clients hang for a little while (~1-2 minutes) while mounting, but it's all there. Most excellent.

One question: what does "ftp" have to do with NFS? I don't need the machines to be able to use ftp, NFS is the only service we need from outside the subnet. Or does ftp mean nfs in some way?

Thank you very much! Now if I can just get NIS to work... How about via masquerading? Nope, that doesn't work. Oh well.

Thanks again,

-Adam P.

GPG fingerprint: D54D 1AEE B11C CE9B A02B  C5DD 526F 01E8 564E E4B6

Welcome to the best software in the world today cafe! <http://lyre.mit.edu/%7Epowell/The_Best_Stuff_In_The_World_Today_Cafe.ogg>

To UNSUBSCRIBE, email to debian-beowulf-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: