Hello Christopher,
that's a nice explanation. I thought only the contents _under_
.../nfs-mounted/ would be server-side, not the mount-point itself. Well you
always learn more. no_root_squash is not an option, I will have a look as
how to manage that properly on our server side.
Mainly I just want to have the directory to have the correct permission
when it is not currently mounted.
Thanks & greetings,
Axel.
Am Mittwoch, 1. August 2012 00:24:21 UTC+2 schrieb Christopher Wood:
>
> (inline)
>
> On Tue, Jul 31, 2012 at 05:23:00AM -0700, Axel Bock wrote:
> > Hi group,
> >
> > I am managing an NFS mount with puppet. And it does not work, and
> > seriously I really don't see how this can work out nicely. First I
> make
> > sure with a file {} class that the directory I want to mount exists.
> Cause
> > it is used by the webserver it should belong to the wwwrun/www group
> on
> > the system. No prob.
>
> This is changing the directory inode on the nfs client.
>
> > Then I mount the NFS share on the dir. No prob.
>
> Now the inode that your nfs client sees is on the nfs server. It is not
> the same inode that you just managed with puppet.
>
> (I say inode, but depending on the nfs server it may not be a unix
> filesystem behind it.)
>
> > On the 2nd run of puppet though ... Error! The NFS mount point is
> > "changed" over to root:root with 775 permissions (or 777? I don't
> > remember). Puppet of course now wants to set the user:group of the
> dir ...
> > and naturally fails.
>
> This is dependent on your nfs server settings. You likely have root_squash
> set by default (see 'man exportfs'), so any activity as the root user on
> the nfs client is mapped to a "nobody" or "nfsnobody" (uid 65535 or
> similar) on the nfs server. Check /etc/exports on the nfs server.
>
> > So is there a way to keep this error from happening?
>
> You can set no_root_squash on the export and run 'exportfs -a' on the nfs
> server. Then you might have to remount on the client end.
>
> The broader issue is whether you should manage file permissions on the nfs
> client or the nfs server. I haven't decided myself, but if you do it on the
> server you won't have to reduce security by running no_root_squash. The
> mount will also arrive with the correct permissions.
>
> > Thanks in advance & greetings,
> > Axel.
> >
> > --
> > You received this message because you are subscribed to the Google
> Groups
> > "Puppet Users" group.
> > To view this discussion on the web visit
> > [1]https://groups.google.com/d/msg/puppet-users/-/tw1oa58dRhoJ.
> > To post to this group, send email to [email protected].
> > To unsubscribe from this group, send email to
> > [email protected].
> > For more options, visit this group at
> > http://groups.google.com/group/puppet-users?hl=en.
> >
> > References
> >
> > Visible links
> > 1. https://groups.google.com/d/msg/puppet-users/-/tw1oa58dRhoJ
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/Zv1eyP-mRrQJ.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
