Broken NFS server (or client?)

Mitch Patenaude mrp at sonic.net
Thu Aug 9 17:33:48 PDT 2001 

Should you be exporting the server's root fs?  I occurs to me that 
unix/linux weren't designed with the idea that multiple machines banging 
on the same filesystem.   At the very least, the /var and /tmp
should be different for different clients.

When I've seen diskless client setups, each client usually has an 
individual /var mount (or /var is on a ramdisk, and created at boot).

I would create a single client root partition, and put that in something 
like /export/clientroot/ on the server and export that.  I'd also create 
a per-client /var partition, and have /tmp put on a ramdisk on the 
client side.

    -- Mitch


On Thursday, August 9, 2001, at 02:58 PM, Lincoln Peters wrote:

>> From: ME <dugan at passwall.com>
>> Reply-To: <talk at nblug.org>
>> To: talk at nblug.org
>> Subject: Re: Broken NFS server (or client?)
>> Date: Wed, 8 Aug 2001 21:50:37 -0700 (PDT)
>>
>> On Wed, 8 Aug 2001, Lincoln Peters wrote:
>> > >I assume the test client has a local HD since you have LILO being 
>> used for
>> > >the netboot testing. This is true?
>> >
>> > No, LILO is installed on the boot floppy.  There is no hard disk.
>> > (although since it's a VMWare virtual machine, I can add one with 
>> little
>> > difficulty)
>>
>> Might be an option, but check other things for now. :-)
>>
>> > >When you boot the client from the local disk, are you able to nfs 
>> mount
>> > >the exported volume and use it as you desire to use with a netbooted
>> > >system?
>> >
>> > When I tried to mount the root filesystem on another client (it is 
>> supposed
>> > to be mountable to any system that wants to mount it), I got a 
>> similar error
>> > message.
>>
>> Ahhhh. This is a good pointer. Lets have a look at the list of NFS
>> exports. Not sure if this is still going to be /etc/exports on your
>> NFS server, but it is a place to look. I really want to see what
>> rules/permissions you have for the export (who can look at it as well 
>> as
>> ro?rw?) also could you show the ls -l of the volume and make sure that 
>> all
>> of the dirs leading up to the volume share point are at the very 
>> least +x
>> for everyone and just for testing rwxr-xr-x (755).
>
> There is only one line in /etc/exports:
> / (rw)	# Root filesystem (for diskless clients)
>
>
>>
>> As the other poster wrote:
>> > From: Mark Street <jet at sonic.net>
>> > Do you have portmapper running?  Is it started before nfsutils?
>>
>> which is another very good point in this same direction.
>>
>> Also, related to the excellent point from Mark:
>> Do you have any firewall rules on the server that we should know about?
>>
>> Really, it gets to the direction of thought:
>> Can you do it with another non-NFSroot client? If you can't, then 
>> focus on
>> the server side. Once you can get a different disk based client to NFS
>> mount the export from the server, then we can look back at the client
>> side.
>>
>
> There is no firewalling set up on the NFS server (I use a different 
> computer as a firewall).  However, I tried mounting the NFS filesystem 
> on my other test client (the one with a hard disk), and got a 
> "Connection refused" error.
>
> Perhaps the server is malfunctioning rather than the client.
>
>> > >When you write about this error, are you saying that you can't even 
>> mount
>> > >your root filesystem via NFS from the client, or once you have the 
>> client
>> > >machine net-booted in Linux you get this error when you ry to start 
>> up the
>> > >vmware application?
>> >
>> > I can't mount the root filesystem via NFS.  I don't think that 
>> VMWare is
>> > causing any problems.
>>
>> I agree with your conclusion based on the data we have so far. :-)
>>
>> > >Does the client get a different IP address fron the network when it
>> > >netboots vs. when it is running from a local HD?
>> >
>> > It does not have a local HD, but since each system that I run with 
>> VMWare
>> > always seems to get the same IP address every time I run it (I'm not 
>> saying
>> > that they all share a single IP address), I can (hopefully) safely 
>> assume
>> > that the IP addresses are the same.
>>
>> This would be another point for testing. Fire up your test-NFS client 
>> (the
>> one with a disk) and bind the same IP address you will use for the 
>> client
>> that will be netbooting and mounting its root via NFS. This helps to 
>> make
>> sure any IP based authentication or checks would otherwise pass when 
>> the
>> IP is moved to the real netbooting client.
>
> There are not supposed to be any IP-based authentication checks, at 
> least not yet.  Although I supopse if the server is misconfigured, it 
> might be trying to perform IP-based authentication using an empty list 
> of valid machines.
>
> BTW, I can't have my test client with a hard disk bind to the address 
> of the diskless test client because I don't know what the IP address 
> is.  I'm not even sure that the test client it is getting an IP address 
> because I can't see any DHCP activity on the DHCP server when the 
> client boots.
>
>>
>> > >Is the error logged from the server or the client or both?
>> >
>> > The error can't be logged by the client since it has nowhere to log 
>> to; it
>> > just gave me that "Error -101" message that I already described.  
>> And I
>> > cannot find any NFS logs on the server.
>>
>> So, the client just hangs in the middle of the kernel loading giving 
>> some
>> grand message like
>> "Kernel panic unable to mount /"
>> ?
>
> It gives me the NFS error I described earlier, then asks me to insert a 
> floppy disk with a root filesystem.
>
>>
>> > >"The client IP address is in the lilo configuration" how? is this an
>> > >"append=" statement? Often those are passed to scripts that do the 
>> actual
>> > >work of setting up your interfaces. Is it just getting its IP and 
>> nfs root
>> > >server/volume from bootp/dhcp?
>> >
>> > The appended lines are:
>> > root=/dev/nfs
>> > nfsroot=192.168.0.6:/
>>
>> This concerns me greatly. Are you really exporting your root "/" file
>> system from your server over NFS? Usually, you create a second system 
>> tree
>> in a new location off of the root file system like /usr/export/system1 
>> and
>> then have your nfsroot= entry on the client look like:
>> nfsroot=192.168.0.6:/usr/export/system1
>> and then have an entry in your /etc/exports on the server like:
>> /usr/export/system1	*.yourdomain.com(ro,insecure,all_squash)
>> or perhaps
>> /usr/export/system1	*.yourdomain.com(ro,all_squash)
>>
>> and then make sure that either:
>> all of the ip addresses of client that will connect to NFS have valid
>> entires in the server's /etc/host file with FQDN (Fully Qualified 
>> Domain
>> Names) *or* a DNS server that will provide zone support for reverse 
>> lookup
>> of the IPs and make the *.yourdomain.com check for the incoming IP 
>> address
>> work.
>>
>> (There are other ways, but this is the most common I think.)
>>
>> One big issue with exporting your server's root over NFS is that even 
>> if
>> is is ro, you may not have all_squash and an evil user may be able to 
>> see
>> files they should not= from a client machine. Perhaps password files, 
>> etc.
>
> This server probably does not have enough disk space to hold two 
> operating system as you described.  I see why it would be a good idea 
> to use a different filesystem than the root filesystem, but I doubt 
> that any of the users of this system would know anything about cracking 
> Linux (although I recognize the possibility).
>
> Since nobody else is using either the client or the server at the 
> moment, I'll worry about security once I have them working in some 
> manner.
>
>>
>> > It is configured to get its network configuration from a DHCP server.
>> > However, I did notice that there is no entry in the DHCP log that 
>> looks like
>> > my test client.  The problem still appeared on the test client as an 
>> NFS
>> > error, though.
>>
>> This part confuses me:
>> > The problem still appeared on the test client as an NFS error, 
>> though.
>>
>> So the problem and error appear on the screen of the test client, or 
>> the
>> symptoms appear on the test client? The Server does still log the error
>> message in a server log file too, eh?
>
> The error I described appeared on the client's monitor.  I could not 
> find any records that refer to the test client on the DHCP server or 
> the NFS server.  Although I would expect that if neither was working, 
> the DHCP error would stop the system before the NFS error would come up.
>
>>
>> Mark Street <jet at sonic.net> has some good thoughts on troubleshooting
>> too. I'd go through his suggestions and look at his questions as well.
>>
>> -ME
>>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at 
> http://explorer.msn.com/intl.asp
>

More information about the talk mailing list