From f0125ae9a4cc1cabfd80240c9bb0a1bfed8c34a9 Mon Sep 17 00:00:00 2001 From: waldek Date: Mon, 20 Sep 2021 18:45:06 +0200 Subject: [PATCH] adds nfs start --- ...learning_centralized_account_management.md | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 modules/qualifying/learning_centralized_account_management.md diff --git a/modules/qualifying/learning_centralized_account_management.md b/modules/qualifying/learning_centralized_account_management.md new file mode 100644 index 0000000..ba368a3 --- /dev/null +++ b/modules/qualifying/learning_centralized_account_management.md @@ -0,0 +1,94 @@ +# Centralized account management + +Up until now most of the services and servers we installed did not need a lot of user accounts to be shared acrossed devices. +Once we venture into [NFS](https://en.wikipedia.org/wiki/Network_File_System) it will become quite essential to have some sort of shared *database* to manage users and permissions. +We'll dive into this from the bottom up so let's create a problem first! + +## The problem + +To create the problem you'll need at least **three** virtual machines. +They can be as minimal as you want but I would advise to install one with the tools you like, such as `vim-nox`, `htop`, `zsh` etc and make clones from that one. +We don't need a graphical environment for this exercise. +Put the hostnames as follows: + +* `nas` for the NFS server +* `client1` for the first client +* `client2` for the second client + +### The server + +Let's install an NFS server on the VM. +This is very easy to do on Debian. +The command below is enough have an NFS server up and running. + +```bash +➜ ~ sudo apt install nfs-kernel-server +Reading package lists... Done +Building dependency tree... Done +Reading state information... Done +nfs-kernel-server is already the newest version (1:1.3.4-6). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +➜ ~ +``` + +But we need to define *which* folders are shared on the network. +I created a folder `/home/shared` for all shared files and folders and `chown` it to my *main* user. + +```bash +➜ ~ ls -l /home +total 8 +drwxr-xr-x 2 waldek waldek 4096 Sep 15 16:21 shared +drwxr-xr-x 4 waldek waldek 4096 Sep 15 16:33 waldek +➜ ~ touch /home/shared/hello +➜ ~ cat /etc/exports +# /etc/exports: the access control list for filesystems which may be exported +# to NFS clients. See exports(5). +# +# Example for NFSv2 and NFSv3: +# /srv/homes hostname1(rw,sync,no_subtree_check) hostname2(ro,sync,no_subtree_check) +# +# Example for NFSv4: +# /srv/nfs4 gss/krb5i(rw,sync,fsid=0,crossmnt,no_subtree_check) +# /srv/nfs4/homes gss/krb5i(rw,sync,no_subtree_check) +# +/home/shared 192.168.122.0/24(rw,sync,no_subtree_check) +➜ ~ sudo exportfs -ar +➜ ~ +``` + +### The first client + +On the client we need to `mount` the network share. +This is done with `mount -t nfs` and a source and destination. +Let's observe the *out of the box* behavior. + +```bash +➜ ~ mkdir -p media/nfs +➜ ~ sudo mount -t nfs 192.168.122.100:/home/shared media/nfs +mount: /home/waldek/media/nfs: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount. helper program. +➜ ~ +``` + +The command is correct but we're missing the helper program to mount NFS shares. +This can be installed with the `nfs-common` package. + +```bash +➜ ~ sudo apt install nfs-common +Reading package lists... Done +Building dependency tree... Done +Reading state information... Done +nfs-common is already the newest version (1:1.3.4-6). +0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. +➜ ~ sudo mount -t nfs 192.168.122.100:/home/shared media/nfs +➜ ~ ls -l media/nfs +total 0 +-rw-r--r-- 1 waldek waldek 0 Sep 15 16:21 hello +``` + +Wonderful! +We can now copy files to this network share from all connected clients. +Now do the same for the second client. +It should all work as expected, nothing weird here. +But what happens when we add more users? + +### Creating the conflict