[lug] NFS install resolved, was: Re: CentOS 5.4 NFS Install Problems

[Maxwell Spangler]

> Maxwell Spangler wrote:
> > I'd still like to know whether the CentOS 5.4 install is trying to do
> > nfs3 vs nfs4 as there are definitely significant differences between the
> > two..

Mar 31 01:29:13 localhost mountd[24747]: authenticated mount request
from 192.168.2.128:884 for /exports/centosdvd (/exports/centosdvd)

Problem solved.  I'm sure most of you will recognize this as a variation
of what you've been through in the past.

About a week ago I started doing a few experiments and one was to
install CentOS 5.4 via nfs, ftp and http because I hadn't done it in a
while.  I figured it'd take 45 minutes.  Coincidentally, I ran into some
unexpected technical glitches and I was coming down with a fever and a
head cold while working on my project.

At some point during my efforts to make this work I shot myself in the
foot by editing /etc/sysconfig/nfs and uncommenting the line:

# Optional arguments passed to rpc.nfsd. See rpc.nfsd(8)
# Turn off v2 and v3 protocol support
#RPCNFSDARGS="-N 2 -N 3"

You know how it is, you're exhausted, fever coming on and despite the
comment above your line clearly stating "turn off v2 and v3 protocol
support" you stare at the line below it which looks similar to what
other programs might use to ENABLE support for v2 and v3.

So you uncomment it, fail for a while longer, then retire to your bed
for the next few days while recovering from that head cold.

It's only natural that when you return days later you've forgotten this
small but important change and spend many more hours failing to meet
your goal but learning an incredible amount in the process.  Mostly:

1) How to turn support for nfs2 and nfs3 back on. (It's that line above)

2) That nfs2 and nfs3 hate firewalls.  The mess that is nfsd, mountd and
portmapper were created in the days when internet security wasn't so
well recognized and their ports are all over the place.  Either disable
your firewall or jump through some hoops to make it work.  

The F12 firewall in place was the original cause of my problems.
Despite clearly allowing "NFS4" traffic through, I'd not recognized that
nfs2/3 traffic was being blocked.  Because of the complexity of allowing
nfs2/3 traffic through there is no simple checkbox in the
system-config-firewall Fedora/Redhat firewall GUI tool.  So be warned
that "nfs4" checkbox is exactly that: nfs4 only.

3) nfs4 is a much cleaner implementation of nfs that packs everything
you need into a single protocol on port 2049.  This has numerous
benefits primarily that it allows operation of nfs through firewalls
much, much easier to enable and maintain.

4) The /etc/exports format for nfs2/3 and nfs4 is very different and
there are some new tricks to learn if you're used to the old way that
worked for 20+ years.  You can setup /exports in either format, btw.

5) The mounting of nfs shares in nfs4 is very different from nfs2/3 as
well.  Little things can throw you off, so don't assume nfs4 is just a
minor upgrade to nfs3.

6) nfs4 appears to be a significant enhancement over nfs3:  Better state
handling, faster speed, support for jumbo frames, and *highly* enhanced
security options.

7) The ability to be patient yet determined to resolve these kinds of
problems with Linux using scattered resources all over the web often
consisting of poor quality, out of date and redundant documentation is a
highly developed skill in itself.  This is one I've been practicing
since kernel 0.97 and I still got it :-)

8) Stop working when you're sick, it always makes things worse.

Thanks to David Ahern for posting that my goal was possible and many
others for help along the way.  As always, I find LUGs to be vital
support in resolving Linux issues.

-- 
Maxwell Spangler
========================================================================
        Linux, Unix and Database Administration
        Currently: Boulder, Colorado
        LinkedIn: http://www.linkedin.com/in/maxwellspangler