[Novalug] NFS exort from Oracle Linux

James Ewing Cottrell 3rd JECottrell3@Comcast.NET
Fri May 6 01:43:52 EDT 2011


  OK, thanks for the info. But all I can say...is that I have never 
worried about most of that stuff...and I have been using NFS since the 
beginning. I assume that TCP vs UDP and Asunc vs Sync are easy enough to 
specify.

Buffer Sizes...Timeouts.....ICK! But Linux doesn't like Fragmented IP 
Packets, so isn't everything 1K anyway?

Or are Jumbograms more common these days?

I really hate Sun's UDP/RPC Experiment and have little love for NFS 
either. Things like the Lock and Status Daemons, not to mention the 
Mount Daemon aren't really all that well documented, and the PortMapper 
is Just Plain Stupid! I never liked Quotas, and now that Disks Are 
Cheap, why bother?

I consider NFS to have NO Security, so I only use it when I can tolerate 
that. And I tend to turn off iptables as soon as things stop working. 
The Horror!

I think that NFS has fallen out of favor in many places; I haven't had a 
common home directory in ages because many of the places I worked don't 
use NFS anymore.

Nice to see that the Port Numbers can be Locked down...but isn't there a 
Standard for doing that? And doesn't the init.d/nfs script open the 
needed holes in iptables and allow the appropriate SELinux settinngs?

Hmmm, maybe you are correct...you say that it is Complex....but I just 
Ignore the parts I don't like...so it Looks Simple to me.

JIM

On 5/5/2011 3:03 PM, Peter Larsen wrote:
> On Wed, 2011-05-04 at 13:41 -0400, James Ewing Cottrell 3rd wrote:
>
>
>>>> I have exported a file system from my Oracle Linux server (RHEL 6.0 under
>>>> the covers).
>>> Let's get that straight first. No it is not. Otherwise Oracle would have
>>> no problems supporting their stuff running on RHEL.
>> Good Point. I am certainly No Fan of Larrux...but I regard (naively? I
>> really have no info on the subject) what they did as mostly [1] Tuning,
>> [2] Making things Nice for Ms. Delphi, [3] Posturing.
> I guess when it comes to the motivation of Oracle to start their own
> distribution you'll have to ask them. I thought they had enough on their
> hands trying to make database and application software working.
>
>>>    Not only are there
>>> build differences, but Oracle also "tampered" with the kernel and other
>>> modules to make the two quite different in some aspects.
>> Yeah, but how much did they mess with the IP Stack?
> You'll have to ask Oracle. It's not signed by Red Hat so it's not "just
> Red Hat in a different wrapping". As I pointed out, Oracle is not
> willing to certify their software on RHEL anymore (at least for RHEL6)
> so we cannot use the notion of Oracle Linux = RHEL anymore. If Oracle
> really wants to tell their customers that they can only trust their
> distribution for patches and running of Oracle software I'm not sure
> what they're changing. But it must be something very nasty and something
> that only their closed source code will be aware of.
>
>> Still, perhaps another distro on the same box...maybe Oracle 5.5 or
>> CentOS 5.5 with (more or less) the same packages might prove enlightening.
> Pre RHEL6 it's a different story because Oracle supports and certifies
> their software on RHEL6. The same software that runs on OL runs on
> RHEL5. So we can assert that the two are pretty close. That same
> assertion can be done for CentOS - since there is no Centos 6 yet.
>
>>>> Although it appears OK, I'm unable to mount it anywhere, and
>>>> get different errors from each client.  Here's some detail from the server
>>>> and a linux client with identifying info edited out.  I'll save the
>>>> Solaris stuff for later.
>>> NFS can be a tough cookie to get working on today's systems.
>> This strikes me as Odd. Throughout their history, Sun has spent Lots of
>> time on NFS Connectathons, ironing out the bugs in NFS and Networking
>> Code. What's so Special about NFS...or "Today's Systems"???
> Have you looked at the number of services included in NFS3 and 4?? There
> are so many features and layers that setting up NFS requires quite an
> amount of work. Let's mention security mapping as just one such
> complication. With old NFS 2 this was simpler but it was also simpler to
> make things blow up as an admin. You need to lock the the version and
> wether you want to do TCP instead of default udp. SO many choices.
>
>>> Make sure your mount command has ALL the right options. You need to pass
>>> actual options such as the NFS version you wish to use. If you're going
>>> nfs v4 be prepared to cry ;) The mount and everything being relative
>>> makes things quite odd at first.
>> Default Mount Options generally work. I almost never tamper with them.
> Not for NFS3 and 4. At the very least you need to set async/sync or you
> get a nasty warning. For Oracle use of NFS it's even worse. There's
> buffer sizes and locking settings you need to tamper with to make things
> work.
>
>> Symlinks have been Relative for quite some time now...and almost always
>> *should* be.
> NFS4 goes there and far beyond. Be prepared to cry ;)
>
>> I think that NFS always uses 2049 (or whatever it is) anyway. I have
>> never had to touch /etc/sysconfig/nfs. Then again, maybe Peter is right,
>> and Oracle has "helped" you.
> You have at least 4 ports in play: lockd, mountd, statd and (maybe)
> rquotad. And we're just beginning. There's tcp versions, udp versions,
> ingoing and out going ports. And of course the notorious portmapper
> itself. What about the status daemon?? On top of that - the lockd,
> mountd, statd and rquotad port addresses can all CHANGE. Yup - that's
> right. That's where /etc/sysconfig/nfs comes in. For a server, you need
> to in and uncomment a few lines so you lock the port numbers down,
> allowing you to setup firewall rules for ALL the ports for NFS.
>
>
>
> _______________________________________________
> Novalug mailing list
> Novalug@calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.firemountain.net/pipermail/novalug/attachments/20110506/c99a50a5/attachment.htm>


More information about the Novalug mailing list