Configuring HA NFS export of home directories stored on ceph file storage and mounting on clients with automount within FreeIPA infrastructure


Recently i faced with task of creating HA NFS export of home directories of cephfs storage within FreeIPA infrastructure.

All devices joined to domen Network is Cephfs storage consists of 3 nodes with cephfs mounted /cephfs directory. All home directories of users are stored in /cephfs/home.

Home directories must be mount by using automount because all users have sudo permissions on their own PCs. All OSs are Centos 7.


This article will only focused on configuring of NFS HA and automount within an FreeIPA domain.

Configurating Temporary server

Configuring HA NFS export required to install temporary server with name (IP - Server must be joined to domain
The server that has been joined can be poweroff forever.

Configuring IPA server for automount

On directory server
Creating nfs service principal:

kinit admin #can be used any user with admin permissions
ipa service-add nfs/
ipa service-add nfs/ # must be created for every server or that will be used automount

Creating automount record:

ipa automountmap-add default auto.home
ipa automountkey-add default --key "/home" --info auto.home auto.master
ipa automountkey-add default --key "*" --info "-fstype=nfs4,rw,sec=krb5,soft,rsize=8192,wsize=8192" auto.home

Creating HA NFS export

For every of cephfs nodes.

yum install rpcbind nfs-utils -y

Configuring export:

echo "/cephfs/home  *(rw,sec=sys:krb5:krb5i:krb5p)" > /etc/exports

Edit /etc/sysconfig/nfs


Saving NFS and HOST principals:

kinit admin #can be used any user with admin permissions
ipa-getkeytab -s -p host/ -k /etc/krb5.keytab
ipa-getkeytab -s -p nfs/ -k /etc/krb5.keytab

Starting nfs server:

systemctl enable rpcbind nfs-server nfs-lock nfs-idmap
systemctl start rpcbind nfs-server nfs-lock nfs-idmap

Creating HA shared IP -
Instaling pcs cluster on all nodes:

yum install pacemaker corosync  resource-agents pcs -y

Configuring pcs cluster
Set the same passsword for hacluster user on all nodes:

passwd hacluster

Enable and start pcsd service:

systemctl enable pcsd.service
systemctl start pcsd.service

Configure cluster from any of node:

pcs cluster auth
pcs cluster setup --name nfs-ha --force
pcs cluster start --all


pcs status

Setup properties:

pcs property set stonith-enabled=false
pcs property set no-quorum-policy=stop 

Creating HA resource, configuring share IP address:

pcs resource create NFS_Shared_IP ocf:heartbeat:IPaddr2 ip= cidr_netmask=24 op monitor interval=30s

If check is ok, ha cluster was successfully created.

Configuring automount on clients

Saving NFS principal:

kinit admin #can be used any user with admin permissions
ipa-getkeytab -s -p nfs/ -k /etc/krb5.keytab

Installing , configuring and starting automount:

yum install autofs -y
ipa-client-automount --location=default
systemctl start autofs


About author

Profile of the author

en/jobs/ha_nfs_server_for_automount_in_ipa_infrastructure.txt · Last modified: 2016/01/27 18:31 by admin
Recent changes RSS feed Debian Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki