(inline)
On Tue, Jul 31, 2012 at 05:23:00AM -0700, Axel Bock wrote:
> Hi group,
>
> I am managing an NFS mount with puppet. And it does not work, and
> seriously I really don't see how this can work out nicely. First I make
> sure with a file {} class that the directory I want to mount exists. Cause
> it is used by the webserver it should belong to the wwwrun/www group on
> the system. No prob.
This is changing the directory inode on the nfs client.
> Then I mount the NFS share on the dir. No prob.
Now the inode that your nfs client sees is on the nfs server. It is not the
same inode that you just managed with puppet.
(I say inode, but depending on the nfs server it may not be a unix filesystem
behind it.)
> On the 2nd run of puppet though ... Error! The NFS mount point is
> "changed" over to root:root with 775 permissions (or 777? I don't
> remember). Puppet of course now wants to set the user:group of the dir ...
> and naturally fails.
This is dependent on your nfs server settings. You likely have root_squash set
by default (see 'man exportfs'), so any activity as the root user on the nfs
client is mapped to a "nobody" or "nfsnobody" (uid 65535 or similar) on the nfs
server. Check /etc/exports on the nfs server.
> So is there a way to keep this error from happening?
You can set no_root_squash on the export and run 'exportfs -a' on the nfs
server. Then you might have to remount on the client end.
The broader issue is whether you should manage file permissions on the nfs
client or the nfs server. I haven't decided myself, but if you do it on the
server you won't have to reduce security by running no_root_squash. The mount
will also arrive with the correct permissions.
> Thanks in advance & greetings,
> Axel.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To view this discussion on the web visit
> [1]https://groups.google.com/d/msg/puppet-users/-/tw1oa58dRhoJ.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
> References
>
> Visible links
> 1. https://groups.google.com/d/msg/puppet-users/-/tw1oa58dRhoJ
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
