Hosting NFS shares from a Zone
I am currently trying to get my web development environment all set up. While I like using vi, I really do prefer TextMate on my Mac OS X to do the real heavy lifting and all of the editing.
As I was working on getting my homedir on my zone to be shared over NFS I was getting errors that NFS was not a valid protocol from sharemgr, the program that is used to add new shares to the system.
xistence@webdev.network.lan:~# sharemgr create -P nfs homedir Invalid protocol specified: nfs
A little bit of Googling brought me to a mailling list message saying that some server packages may be missing. This is entirely possible since my Zone was created with a minimal set of packages, so I log into the global host where NFS sharing does work and run the following:
xistence@Keyhole.network.lan:~# pkg list | grep nfs SUNWnfsc 0.5.11-0.101 installed ---- SUNWnfsckr 0.5.11-0.101 installed ---- SUNWnfss 0.5.11-0.101 installed ---- SUNWnfsskr 0.5.11-0.101 installed ----
Ah, so those are probably not installed in the zone, quick pkg install later:
xistence@webdev.network.lan:~# pkg install SUNWnfsc SUNWnfsckr SUNWnfss SUNWnfsskr DOWNLOAD PKGS FILES XFER (MB) Completed 3/3 17/17 0.28/0.28 PHASE ACTIONS Install Phase 55/55 PHASE ITEMS Reading Existing Index 9/9 Indexing Packages 3/3
Now, lets re-run the sharemgr command again and see if this time we do indeed get our group created:
xistence@webdev.network.lan:~# sharemgr create -P nfs homedir xistence@webdev.network.lan:~# sharemgr show -vp default nfs=() zfs homedir nfs=()
Yes, there we go. Now I can add a share to that group. Until more errors start showing up:
xistence@webdev.network.lan:~# sharemgr add-share -s /export/home/xistence/ homedir NFS: Cannot share remote filesystem: /export/home/xistence NFS: Service needs to be enabled by a privileged user Failed to enable share for "nfs": system error
This time Google does not help out, instead it gives me the option to search without quotes around the search terms which gives me absolutely nothing.
Well, lets see if the services are running in the first place:
xistence@webdev.network.lan:~# svcs -a | grep nfs disabled 22:19:04 svc:/network/nfs/client:default disabled 22:24:26 svc:/network/nfs/server:default online 22:24:20 svc:/network/nfs/rquota:default online 22:24:20 svc:/network/nfs/status:default online 22:24:20 svc:/network/nfs/mapid:default online 22:24:20 svc:/network/nfs/cbd:default online 22:24:21 svc:/network/nfs/nlockmgr:default
Nope, for some reason the nfs server keeps being disabled eventhough I did enable it using svcadmin.
Okay, lets take a look with svcs what is going on:
xistence@webdev.network.lan:/# svcs -l nfs/server fmri svc:/network/nfs/server:default name NFS server enabled false (temporary) state disabled next_state none state_time Fri Feb 20 22:25:26 2009 logfile /var/svc/log/network-nfs-server:default.log restarter svc:/system/svc/restarter:default contract_id dependency require_any/error svc:/milestone/network (online) dependency require_all/error svc:/network/nfs/nlockmgr (online) dependency optional_all/error svc:/network/nfs/mapid (online) dependency require_all/restart svc:/network/rpc/bind (online) dependency optional_all/none svc:/network/rpc/keyserv (disabled) dependency optional_all/none svc:/network/rpc/gss (absent) dependency optional_all/none svc:/network/shares/group (multiple) dependency require_all/error svc:/system/filesystem/local (online)
Ah, it has a log file, lets see what that log file says:
xistence@webdev.network.lan:/# cat /var/svc/log/network-nfs-server\:default.log [ Feb 20 22:11:07 Disabled. ] [ Feb 20 22:11:07 Rereading configuration. ] [ Feb 20 22:18:43 Enabled. ] [ Feb 20 22:19:04 Enabled. ] [ Feb 20 22:24:21 Executing start method ("/lib/svc/method/nfs-server start"). ] The NFS server is not supported in a local zone
Eh? What? That seems weird, but it is off course plausible. Zones are new to Solaris and thus not everything may be virtualised yet. Taking that query to google brings me to a web page asking the same question I am asking: Local zone as NFS server. Taking a look it brings me to a bug report and ultimately to: Bug ID: 4964859 RFE: Zones should be able to be NFS servers. Well, I guess that ends that little stunt. I will be sharing it from the global zone. While this is acceptable to me, I do not believe that it is acceptable to most other people using Zones, and while it is unfortunate but it does not look like there is a whole lot of activity on the bug, as apparently there are no resources available.
Well, I learned something new, and wasted a few minutes of my time attempting to set this up. While generally I don't post my failures I find it important as other people may run into the same errors and have the same issue with getting things up and running.
I ended up doing the following:
sharemgr create -P nfs webdev-homedir
Then I followed that up with some servers that should be allowed access, and others that should not:
sharemgr set -P nfs -S sys -p 'rw=10.10.10.226 none=*' webdev-homedir
And then finally I added the share I wanted to share all along:
sharemgr add-share -r "homedir" -d "xistence home dir" -s /storage/zones/dev-web/root/export/home/xistence webdev-homedir
This creates a long NFS share to type in, since the full path now becomes:
nfs://keyhole/storage/zones/dev-web/root/export/home/xistence
Which is not that big of a problem for me, especially since I just save it in my favourites in Mac OS X and everything is peachy. It works like a charm.